Re: [IPsec] [Last-Call] Last Call: (Postquantum Preshared Keys for IKEv2) to Proposed Standard
On Wed, 11 Dec 2019, Salz, Rich wrote: A much better title would be "Mixing Preshared Keys in IKEv2 for Postquantum Resistance". That's better. I misunderstood the document as both you and David Mcgrew kindly explained. I withdraw my concerns and hope the title is changed. I am fine with the title change (and publication). We have long ago implemented this and performed a number of interop tests. Paul ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] [Last-Call] Last Call: (Postquantum Preshared Keys for IKEv2) to Proposed Standard
Hi, Paul > On 11 Dec 2019, at 20:03, Paul Hoffman wrote: > > On 11 Dec 2019, at 8:23, Salz, Rich wrote: > >> We are seeing a flurry of these kind of “post quantum protection” things. > > This is the only one I have seen that is a method, not a new key exchange > algorithm. It is understandable that you could have missed this from the > title which misstates the topic. A much better title would be "Mixing > Preshared Keys in IKEv2 for Postquantum Resistance". Should we consider this a last call comment? Yoav ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] [Last-Call] Last Call: (Postquantum Preshared Keys for IKEv2) to Proposed Standard
> A much better title would be "Mixing Preshared Keys in IKEv2 for Postquantum Resistance". That's better. I misunderstood the document as both you and David Mcgrew kindly explained. I withdraw my concerns and hope the title is changed. ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] [Last-Call] Last Call: (Postquantum Preshared Keys for IKEv2) to Proposed Standard
On 11 Dec 2019, at 8:23, Salz, Rich wrote: We are seeing a flurry of these kind of “post quantum protection” things. This is the only one I have seen that is a method, not a new key exchange algorithm. It is understandable that you could have missed this from the title which misstates the topic. A much better title would be "Mixing Preshared Keys in IKEv2 for Postquantum Resistance". This is premature. Disagree. The method described in the document has been well-discussed in the IPsecME for years, getting good cryptographic review. The co-chair of the CFRG, Kenny Paterson, said so awhile back. I don't think that's what he said in the slides you posted, but I've Cc'd him so he can reply. The slides are about picking new post-quantum algorithms; what is described in the draft is a method for mixing in preshared secrets with current algorithms. --Paul Hoffman ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec