Re: [IPsec] Quantum Resistant IKEv2

Scott: >> During the discussion, two items were raised, and I would like to hear how >> the wider WG feels about these two items: >> >> - The first item is “how exactly do we stir in the preshared key >> (PPK) into the keying material”. By my count, three options were on the >>

Re: [IPsec] Quantum Resistant IKEv2

From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Russ Housley Sent: Thursday, December 08, 2016 12:03 PM To: Scott Fluhrer (sfluhrer) Cc: IETF IPsec Subject: Re: [IPsec] Quantum Resistant IKEv2 Scott: In the WG meeting in Seoul, we discussed the Quantum Resistant proposal for IKEv2,

Re: [IPsec] Quantum Resistant IKEv2

Scott: > In the WG meeting in Seoul, we discussed the Quantum Resistant proposal for > IKEv2, and decided to make the current draft (draft-fluhrer-qr-ikev2-03) as > work item. > > During the discussion, two items were raised, and I would like to hear how > the wider WG feels about these two

[IPsec] RFC 8031 on Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement

A new Request for Comments is now available in online RFC libraries. RFC 8031 Title: Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement Author: Y. Nir, S. Josefsson

Re: [IPsec] Quantum Resistant IKEv2

Tero Kivinen wrote: > This all is done in the server, i.e. instead of using the ID sent over > the wire, the server uses the ID sent over wire as handle to the > table, and fetches the real ID to be used for policy decisions and > authentication from the that

Re: [IPsec] Quantum Resistant IKEv2

Hi Tero, > > CREATE_CHILD_SA exchange and rekey the IKE SA using PPK. But > > CREATE_CHILD_SA doesn’t allow to exchange identities. So, if > > pseudonyms were used in IKE_AUTH, how are you going to exchange real > > identities? > > Real IDs are never exchanged over wire. The server sees

Re: [IPsec] Quantum Resistant IKEv2

Valery Smyslov writes: > CREATE_CHILD_SA exchange and rekey the IKE SA using PPK. But > CREATE_CHILD_SA doesn’t allow to exchange identities. So, if > pseudonyms were used in IKE_AUTH, how are you going to exchange real > identities? Real IDs are never exchanged over wire. The server sees

Re: [IPsec] Quantum Resistant IKEv2

Michael Richardson writes: > > o Valery Smyslov gave a suggestion that we instead stir in the PPK > > into the initial SK_d; as all keying material is generated based on > > that, this would also mean that IPsec SAs and any child IKE SAs are > > also protected. This also means that

Re: [IPsec] draft-ietf-ipsecme-tcp-encaps-04.txt

Hi Tommy, I think the new text substantially simplifies implementations. Thank you, Valery. > Hello all, > > I've updated the TCP Encapsulation draft with new recommendations around > handling the mapping > between IKE SAs and TCP Connections based on the conversation at the Seoul >

Re: [IPsec] RFC4301, rfc7321bis and Manual keys

Paul Wouters writes: > >> If we assume rfc7431bis can be used with manual keys too, we need to add > >> some more text saying these ciphers cannot be used with manual keys. > > >> Anyways, I think it should be time to mark manual keys as SHOULD NOT. > > While I agree, I don't think 7321bis

Re: [IPsec] Quantum Resistant IKEv2

Hi, o Valery Smyslov gave a suggestion that we instead stir in the PPK into the initial SK_d; as all keying material is generated based on that, this would also mean that IPsec SAs and any child IKE SAs are also protected. This also means that an implementation would not need to remember the