Also agree that using "Identity" hash approach seems the best, which can be
simply regarded as not using hash function at all.
Hope that IKEv2 has no limit on the size of output of ("identity") hash
function.
Guilin
发件人:Tobias Brunner <[email protected]<mailto:[email protected]>>
收件人:Scott Fluhrer (sfluhrer)
<[email protected]<mailto:[email protected]>>;John
Mattsson
<[email protected]<mailto:[email protected]>>;Dang,
Quynh H. (Fed) <[email protected]<mailto:[email protected]>>;ipsec
<[email protected]<mailto:[email protected]>>
时 间:2025-09-23 22:56:11
主 题:[IPsec] Re: [EXTERNAL] draft-ietf-ipsecme-ikev2-pqc-auth
Hi Scott,
> The EdDSA approach certainly has its upsides (such as being simpler and
> removing the 'you need to document that the IKE hash function needs to
> be as strong' objection that Quynh raised).
>
> My concern would be the short-term implementation difficulty. Could we
> have some implementors chime in (either that they already support RFC
> 8420 or that it wouldn't be difficult to add)?
strongSwan supports RFC 8420 and we currently already use the same
"Identity" hash approach for ML-DSA in our prototypical implementation.
Since X.509 uses pure ML-DSA as well it would be nice to not have to
implement anything different for IKEv2.
Regards,
Tobias
_______________________________________________
IPsec mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to
[email protected]<mailto:[email protected]>
_______________________________________________
IPsec mailing list -- [email protected]
To unsubscribe send an email to [email protected]
