We have written an I-D on the protocol modifications necessary, and are here in Hiroshima to discuss it.
https://datatracker.ietf.org/drafts/draft-nagayama-ipsecme-ipsec-with-qkd/
For those who are interested, we have created a mailing list, which you can join:
https://aqua.sfc.wide.ad.jp/mailman/listinfo/ipsecwithqkdProducts for QKD already exist, and various experiments are underway, including a large one called SECOQC in Europe; the Japanese and U.S. governments also have sunk a lot of money into QKD. The European effort, in particular, is committed to standardizing many parts of QKD through the ITU.
Although the existing products do not yet support IKE/IPsec (to the best of my knowledge, though things change), at least two implementations already exist, ours and BBN's (as described in Chip Elliott's SIGCOMM 2003 paper), as well as a recent paper by Sheila Frankel and collaborators at NIST. Now seems to be the time to create at least an experimental RFC on the topic, to minimize confusion and incompatibility; IETF, rather than ITU, would definitely be the place to standardize the changes to IKE. Although our protocol is unfortunately incompatible with BBN's, Chip has encouraged us to pursue an RFC.
At a protocol level, the changes are actually minimal; essentially, the addition of two types of Payload Headers. There may still be some corners in the contents of messages and assumptions required to guarantee security; we look forward to hashing some of those out in person.
Please, track us down here in Hiroshima; Shota and I will both be here until after the IPSECME meeting on Thursday.
--Rod
Rodney Van Meter
assistant professor, Faculty of Environment and Information Studies,
Keio University, Japan
r...@sfc.wide.ad.jp http://web.sfc.keio.ac.jp/~rdv/ http://www.sfc.wide.ad.jp/IRL/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
