Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Mon, 4 Jul 2016, Scott Fluhrer (sfluhrer) wrote: Actually, the draft is a bolt-on to existing authentication methods; You might object "how is this different from a having a possibly global authentication key"; Because of this, it wouldn't appear to be advisable to wait for the full

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Scott Fluhrer (sfluhrer)
> -Original Message- > From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Wouters > Sent: Monday, July 04, 2016 5:44 AM > To: Yoav Nir > Cc: ipsec@ietf.org; Mark McFadden > Subject: Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME > WG document > > On Sun,

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Valery Smyslov
The draft provides postquantum protection to any SA, regardless of the authentication methods used. In other words, PPKs (as specified in the draft) don't replace preshred keys authentication in IKEv2, they augment any authentication method to provide postquantum security. The original title

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Mon, 4 Jul 2016, Valery Smyslov wrote: > Isn't this kinda off-topic for the thread? I though we were first > considering "create an IKEv2 extension that mixes in the PSK" as the > simplest way to get around the "go back to IKEv1" guidance. So that was not entire clear to me from the

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Valery Smyslov
Hi Paul, Isn't this kinda off-topic for the thread? I though we were first considering "create an IKEv2 extension that mixes in the PSK" as the simplest way to get around the "go back to IKEv1" guidance. So that was not entire clear to me from the title, but it seems you are right. Perhaps

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Yoav Nir
On 4 Jul 2016, at 12:44 PM, Paul Wouters wrote: > On Sun, 3 Jul 2016, Yoav Nir wrote: > >>> 3) The Internet Draft Currently under consideration is not the best >>> starting point as it assumes that post-quantum pre-shared keys are the >>> preferred solution for quantum

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Sun, 3 Jul 2016, Paul Hoffman wrote: On 3 Jul 2016, at 11:32, Paul Wouters wrote: > On Jul 3, 2016, at 21:08, Mark McFadden wrote: > > A number of quantum-resistant asymmetric public key algorithms have been > proposed, e.g. NTRU, NewHope, McEliece,

Re: [IPsec] Further thoughts on draft-flutter-qr-ikev2 as an IPsecME WG document

2016-07-04 Thread Paul Wouters
On Sun, 3 Jul 2016, Yoav Nir wrote: 3) The Internet Draft Currently under consideration is not the best starting point as it assumes that post-quantum pre-shared keys are the preferred solution for quantum resistance. This is not obviously the case; there are a number of drawbacks with the