I wonder if this should be worded more generically. This is really about an external key agreement mechanism. QKD is one such mechanism, but it isn’t clear to me that the machinery depends on this. Suppose, for example, that you distributed copies of one-time pad CDROMs to both locations, and used the key ID as offset in the one-time-pad data. This is a completely different key agreement scheme but it would seem to fit just as well. The important point is that there is an external source of key material, which has the (assumed) property that the key material is known to the two endpoints of the IKE exchange, and to no other parties.
paul On Oct 27, 2014, at 2:13 PM, Rodney Van Meter <r...@sfc.wide.ad.jp<mailto:r...@sfc.wide.ad.jp>> wrote: ... * We have just uploaded an -01 of the I-D we wrote, incorporating feedback from several people, including Sean Turner, Sheila Frankel and Alan Mink. http://datatracker.ietf.org/doc/draft-nagayama-ipsecme-ipsec-with-qkd/?include_text=1
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
