UNCLASSIFIED / NON CLASSIFIÉ I have reviewed and support this document proceeding to publication. I have a suggestions below to address a few minor issues.
The introduction sentence of 3.2.1, "For integrating PQC... the approach used in [RFC8420] is followed" can be omitted. The approach is coherently outlined in the following paragraphs, and this brief sentence is potentially confusing until explained further in the fourth paragraph. In Section 4, it would be helpful to include the DER encoding of an AlgorithmIdentifier object for each of the three security levels to be used in the multi-octet format of SUPPORTED_AUTH_METHODS (RFC 9593). Similarly for the combinations in Section 5. In Section 5, it should be made clear that the selection of the hash function for the parameters is not via SIGNATURE_HASH_ALGORITHMS. This could be fixed with "For hash function selection, the algorithm uses SHA-256 ([FIPS180]) for security level 1 and both SHA-256 and SHA-512 ([FIPS180]) for security levels 3 and 5. Alternatively, SHAKE256 ([FIPS202]) can be used across all security levels. Those hash function selections are internal to SLH-DSA implementations, and are not to be confused with those in the SIGNATURE_HASH_ALGORITHMS notification payload." Best regards, Jonathan -- Canadian Centre for Cyber Security (http://cyber.gc.ca/en), Communications Security Establishment, Government of Canada -----Original Message----- From: Tero Kivinen via Datatracker <[email protected]> Sent: October 8, 2025 3:45 AM To: [email protected]; [email protected]; [email protected] Subject: [IPsec] WG Last Call: draft-ietf-ipsecme-ikev2-pqc-auth-04 (Ends 2025-10-22) Subject: WG Last Call: draft-ietf-ipsecme-ikev2-pqc-auth-04 (Ends 2025-10-22) This message starts a 2-week WG Last Call for this document. Abstract: Signature-based authentication methods are utilized in IKEv2 [RFC7296]. The current version of the Internet Key Exchange Version 2 (IKEv2) protocol supports traditional digital signatures. This document specifies a generic mechanism for integrating post- quantum cryptographic (PQC) digital signature algorithms into the IKEv2 protocol. The approach allows for seamless inclusion of any PQC signature scheme within the existing authentication framework of IKEv2. Additionally, it outlines how Module-Lattice-Based Digital Signatures (ML-DSA) and Stateless Hash-Based Digital Signatures (SLH- DSA), can be employed as authentication methods within the IKEv2 protocol, as they have been standardized by NIST. File can be retrieved from: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-pqc-auth/ Please review and indicate your support or objection to proceed with the publication of this document by replying to this email keeping [email protected] in copy. Objections should be motivated and suggestions to resolve them are highly appreciated. Authors, and WG participants in general, are reminded again of the Intellectual Property Rights (IPR) disclosure obligations described in BCP 79 [1]. Appropriate IPR disclosures required for full conformance with the provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions available for application to violators of IETF IPR Policy can be found at [3]. Thank you. [1] https://datatracker.ietf.org/doc/bcp78/ [2] https://datatracker.ietf.org/doc/bcp79/ [3] https://datatracker.ietf.org/doc/rfc6701/ _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
