Hi,
Not necessary. In particular, the current draft allows to detect
OOB key mismatch and to act gracefully in this situation.
And I don't think it is far too complicated.
Current draft does, but there has been other proposals which did not.
The current draft is also very costly and allows v
; Subject: Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
> WG document
>
> [chair hat off]
>
> Valery Smyslov writes:
> > I think it is a bit early to discuss particular approaches, before the
> > WG makes a decision to adopt the document.
>
[chair hat off]
Valery Smyslov writes:
> I think it is a bit early to discuss particular approaches,
> before the WG makes a decision to adopt the document.
Yes and no.
It is too early to think about actual protocol decisions, but we need
to know whether current draft is suitable for protocol se
To: p...@nohats.ca; David McGrew
Cc: Waltermire, David A. (Fed) ; IPsecME WG
; Panos Kampanakis (pkampana)
Subject: RE: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
WG document
> -Original Message-
> From: Paul Wouters [mailto:p...@nohats.ca]
> Sent: Friday, June 24
Hi Tero,
I think it is a bit early to discuss particular approaches,
before the WG makes a decision to adopt the document.
However, just for the record (see below).
Earlier I have proposed very simple method where the IKE_SA_INIT
contains just some kind of notification messages identifying the
[This replies to emails other people also sent to list, but I just
picked the last email to list some points, and I am talking here as an
implementor not as a chair].
David McGrew writes:
> Yes; that draft is a good starting point. The goal should be to
> develop an RFC that updates RFC 7383 and
>
>> -Original Message-
>> From: Scott Fluhrer (sfluhrer) [mailto:sfluh...@cisco.com]
>> Sent: Friday, June 24, 2016 11:26 AM
>> To: p...@nohats.ca; David McGrew
>> Cc: Waltermire, David A. (Fed) ; IPsecME WG
>> ; Panos Kampanakis (pkampana)
>&
os
> Kampanakis (pkampana)
> Subject: Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
> WG document
>
> On Fri, 24 Jun 2016, David McGrew wrote:
>
> Hi David,
>
> > Because QKD is not a practical system for Internet security. It has
> > ser
> On Jun 30, 2016, at 6:17 PM, Paul Wouters wrote:
>
> On Thu, 30 Jun 2016, Rodney Van Meter wrote:
>
>> Neither Shota nor I have sat down and reviewed this in detail, so I can’t
>> really comment yet, but I’m happy to support whatever results in the best
>> standard, whether it’s starting fr
On Thu, 30 Jun 2016, Rodney Van Meter wrote:
I think it’s pretty clear that a mechanism for using keys created in some
out-of-band fashion for keying symmetric encryption methods, such as AES, is
valuable.
Yes.
Neither Shota nor I have sat down and reviewed this in detail, so I can’t
real
> On Jun 29, 2016, at 3:12 AM, Waltermire, David A. (Fed)
> wrote:
>
> This has been a good discussion so far. There is work to be done to address
> the issues raised.
>
> Getting back to the call for adoption, I'd like to see feedback on the
> following questions to better understand where
kampana)
> Subject: RE: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
> WG document
>
>
> > -Original Message-
> > From: Paul Wouters [mailto:p...@nohats.ca]
> > Sent: Friday, June 24, 2016 9:43 AM
> > To: David McGrew (mcgrew)
&g
> On Jun 24, 2016, at 7:06 PM, David McGrew wrote:
>
>
> Because QKD is not a practical system for Internet security. It has serious
> security issues/challenges and operational limitations on bitrate, range, and
> physical media. It requires a point to point optical link, which is
> typ
for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
> WG document
>
> On Fri, 24 Jun 2016, David McGrew wrote:
>
> Hi David,
>
> > Because QKD is not a practical system for Internet security. It has
> > serious
> security issues/challenges and operational lim
Comments below.
> > In contrast, QR-IKEv2 can be used to add postquantum security between
> any two points on the globe, without requiring dedicated fiber, and without
> requiring physical layer security assumptions. It has *fewer* security
> assumptions than draft-nagayama-ipsecme-ipsec-with-qk
Hi Paul,
> On Jun 24, 2016, at 9:43 AM, Paul Wouters wrote:
>
> On Fri, 24 Jun 2016, David McGrew wrote:
>
> Hi David,
>
>> Because QKD is not a practical system for Internet security. It has
>> serious security issues/challenges and operational limitations on bitrate,
>> range, and physic
On Fri, 24 Jun 2016, Rodney Van Meter wrote:
We were encouraged by the ADs and a few others to rework the draft to focus
more on generic uses of out-of-band generated key material,
but we haven’t managed to put together the right set of hours to get it done.
At least one person said, “It may b
On Fri, 24 Jun 2016, David McGrew wrote:
Hi David,
Because QKD is not a practical system for Internet security. It has serious
security issues/challenges and operational limitations on bitrate, range, and
physical media. It requires a point to point optical link, which is typically
dedic
> On Jun 24, 2016, at 7:06 PM, David McGrew wrote:
>
> Hi Paul,
>
>> On Jun 23, 2016, at 6:55 PM, Panos Kampanakis (pkampana)
>> wrote:
>>
>> Introducing quantum computer resistance in IKEv2 helps to avoid the
>> implications of having sec admins that want to have quantum computer
>> resis
ickly and in a backwards compatible way to IKEv2.
>
> Panos
>
>
> -Original Message-
> From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Wouters
> Sent: Wednesday, June 22, 2016 3:33 PM
> To: Waltermire, David A. (Fed)
> Cc: IPsecME WG
> Subject:
On Thu, 23 Jun 2016, Panos Kampanakis (pkampana) wrote:
The draft adds quantum resistance using todays infrastructure.
So did the old draft?
The qkd draft introduced a way to add quantum resistance, but it came with many
different challenges of how practical it is and how costly it would be
Wouters
Sent: Wednesday, June 22, 2016 3:33 PM
To: Waltermire, David A. (Fed)
Cc: IPsecME WG
Subject: Re: [IPsec] Call for adoption on draft-fluhrer-qr-ikev2 as an IPSecME
WG document
On Wed, 22 Jun 2016, Waltermire, David A. (Fed) wrote:
> At IETF 95 the chairs took an action to issue a c
On Wed, 22 Jun 2016, Waltermire, David A. (Fed) wrote:
At IETF 95 the chairs took an action to issue a call for adoption on
draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the
draft. This call is long overdue.
This is the official call for adoption of
https://datat
At IETF 95 the chairs took an action to issue a call for adoption on
draft-fluhrer-qr-ikev2-01 based on WG interest in the concept described by the
draft. This call is long overdue.
This is the official call for adoption of
https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/ as an IPSecME
24 matches
Mail list logo
