Valery Smyslov writes: > Hi Tero, > > thank you for the initial proposal for the charter. It looks good. > > That said I think that not all current charter items are fulfilled. > While we define how to use PQ KEMs in IKEv2, the issues > with large keys (beyond 64 Kbytes) are not addressed.
I was thinking that, but I have not seen any push for those either. > As far as I know, some EU security authorities (and not only in EU) > prefer using conservative algorithms, like Classic McEliece. > If we want to ever support them, then at least two issues should be addressed: > 1. Limited IKEv2 payload size (can be addressed with > draft-nir-ipsecme-big-payload) > 2. Transport issues with transferring large keys maintaining ESP performance > (can be addressed with draft-smyslov-ipsecme-ikev2-reliable-transport) True, but what I have seen currently is that implementations are working on the algorithms that uses smaller keys, and not with Classic McEliece. Both of those are something we can work in IPsecME anyways, as I do think they are minor extensions, but we can add: This work item may also include solutions for transport issues because of larger payload and message sizes. to the postquantum authentication work item to make it more explict. -- kivi...@iki.fi _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
