I just noticed that IKE was missing a draft to how to support pure (ML-DSA only) PQ authentication, so I threw this together.
Any comments are fine (and I expect them to range from "this is completely stupid" to "this is mostly stupid, but it might be salvageable") -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Friday, January 31, 2025 2:01 PM To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> Subject: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt A new version of Internet-Draft draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt has been successfully submitted by Scott Fluhrer and posted to the IETF repository. Name: draft-sfluhrer-ipsecme-ikev2-mldsa Revision: 00 Title: IKEv2 Support of ML-DSA Date: 2025-01-31 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt Status: https://datatracker.ietf.org/doc/draft-sfluhrer-ipsecme-ikev2-mldsa/ HTML: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-sfluhrer-ipsecme-ikev2-mldsa Abstract: One IPsec area that would be impacted by Cryptographically Relevant Quantum Computer (CRQC) is IKEv2 authentication based on traditional asymmetric cryptograph algorithms: e.g RSA, ECDSA; which are widely deployed authentication options of IKEv2. NIST has recently standardized ML-DSA, which is a signature algorithm believed to be secure against Quantum Computers. This document describes how to use ML-DSA with IKEv2 as an auhentication scheme. The IETF Secretariat _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
