Hi Scott, > The EdDSA approach certainly has its upsides (such as being simpler and > removing the 'you need to document that the IKE hash function needs to > be as strong' objection that Quynh raised). > > My concern would be the short-term implementation difficulty. Could we > have some implementors chime in (either that they already support RFC > 8420 or that it wouldn't be difficult to add)?
strongSwan supports RFC 8420 and we currently already use the same "Identity" hash approach for ML-DSA in our prototypical implementation. Since X.509 uses pure ML-DSA as well it would be nice to not have to implement anything different for IKEv2. Regards, Tobias _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
