Hi, I reviewed draft-ietf-ipsecme-ikev2-mlkem-05 from an implementer and operational-readability perspective. I support publication as Proposed Standard.
The draft is clear about how ML-KEM public keys and ciphertexts are carried in IKEv2 Key Exchange payloads, the need to follow the FIPS 203 recipient tests, and the PMTU/reliable-transport considerations for ML-KEM-768 and ML-KEM-1024 in IKE_SA_INIT. Two very small editorial nits, if a -06 is already being prepared: - Section 1.1, Encaps bullet: s/intiator/initiator/ - Section 2, opening paragraph: s/where the the initiator’s/where the initiator’s/ Neither affects publication readiness. Best, Songbo Bu On Mon, 01 Jun 2026 10:14:14 -0700, The IESG [email protected] wrote: The IESG has received a request from the IP Security Maintenance and Extensions WG (ipsecme) to consider the following document: - ‘Post-quantum Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2)’ as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2026-06-15. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract NIST standardized ML-KEM, a new key encapsulation mechanism, which can be used for quantum-resistant key establishment. This draft specifies how to use ML-KEM by itself or as an additional key exchange in IKEv2 along with a traditional key exchange. These options allow for negotiating IKE and Child SA keys which are safe against cryptographically relevant quantum computers. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/ The following IPR Declarations may be related to this I-D: https://datatracker.ietf.org/ipr/7227/ IPsec mailing list – [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
