On Thu, 1 Jan 2026, Wang Guilin wrote:
Dear Meiling and Paul,
Thanks the input text. Yes, absolutely, the support of IKE_INTERMEDIATE and
IKEV2_FRAG should be indicated by the both peers before exchange the public key
and ciphertext of FrodoKEM.
We will update our draft soon to make this clear.
That does not answer the question I raised though. In IKE_SA_INIT there is
no fragmentation support. You first need to send and receive IKE_SA_INIT
to get to know the peer supports fragmentation. But in IKE_SA_INIT
you already need to send a KE payload, and this KE payload can thus
not be fragmented. The simple way out is to use a classic KE payload
for IKE_SA_INIT and then negotiate a hybrid with classic and frodokem,
eg 25519-frodokem. If you want a "pure frodokem" that would need some
kind of protocol change to allow this to happen.
But I now see that you are only defining the hybrid, so this is not an
issue for you then :)
Paul
_______________________________________________
IPsec mailing list -- [email protected]
To unsubscribe send an email to [email protected]
