I raised a PR to address the issue https://github.com/tireddy2/ikev2-pqc-auth/pull/25.
On Thu, 25 Sept 2025 at 04:53, Wang Guilin <Wang.Guilin= [email protected]> wrote: > > Also agree that using "Identity" hash approach seems the best, which can > be simply regarded as not using hash function at all. > > Hope that IKEv2 has no limit on the size of output of ("identity") hash > function. > > Guilin > > > *发件人:*Tobias Brunner <[email protected]> > *收件人:*Scott Fluhrer (sfluhrer) <[email protected]>;John > Mattsson <[email protected]>;Dang, Quynh H. > (Fed) <[email protected]>;ipsec <[email protected]> > *时 间:*2025-09-23 22:56:11 > *主 题:*[IPsec] Re: [EXTERNAL] draft-ietf-ipsecme-ikev2-pqc-auth > > Hi Scott, > > > The EdDSA approach certainly has its upsides (such as being simpler and > > removing the 'you need to document that the IKE hash function needs to > > be as strong' objection that Quynh raised). > > > > My concern would be the short-term implementation difficulty. Could we > > have some implementors chime in (either that they already support RFC > > 8420 or that it wouldn't be difficult to add)? > > strongSwan supports RFC 8420 and we currently already use the same > "Identity" hash approach for ML-DSA in our prototypical implementation. > Since X.509 uses pure ML-DSA as well it would be nice to not have to > implement anything different for IKEv2. > > Regards, > Tobias > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
