On Fri, 31 Jan 2025, Scott Fluhrer (sfluhrer) wrote: [ speaking as indidivual ]
I just noticed that IKE was missing a draft to how to support pure (ML-DSA only) PQ authentication, so I threw this together. Any comments are fine (and I expect them to range from "this is completely stupid" to "this is mostly stupid, but it might be salvageable")
I think there are some very PQ generic parts of this document, and very little ML-DSA specific. I would prefer a generic document on how to do PQ AUTH. But also, ... I am not sure what this document is documenting that is not already obvious from the existing RFCs? a PRF. I am not sure why SUPPORTED_AUTH_METHODS is mandatory. If sending a CERTREQ hash of the PQ Root CA, wouldn't all cipher information already been known if the peer accepts the same PQ Root CA? The normal case for IKE X.509 based authentication assumes the CA and EE algorithms are the same. So while you can use SUPPORTED_AUTH_METHODS to indicate something different (eg ML-DSA-44 for EE certs when CA uses ML-DSA-87?) this seems unlikely in practise (and I wouldn't mind making it impossible to do) I see that RFC 7427 kind of assumes flexibility of using SIGNATURE_HASH_ALGORITHMS instead of deducing it based on the SPKI. Do we need a new entry for Pseudorandom Function Transform IDs for SHA3 to be able to signal using it with ML-DSA? Paul
-----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Friday, January 31, 2025 2:01 PM To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> Subject: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt A new version of Internet-Draft draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt has been successfully submitted by Scott Fluhrer and posted to the IETF repository. Name: draft-sfluhrer-ipsecme-ikev2-mldsa Revision: 00 Title: IKEv2 Support of ML-DSA Date: 2025-01-31 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt Status: https://datatracker.ietf.org/doc/draft-sfluhrer-ipsecme-ikev2-mldsa/ HTML: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-sfluhrer-ipsecme-ikev2-mldsa Abstract: One IPsec area that would be impacted by Cryptographically Relevant Quantum Computer (CRQC) is IKEv2 authentication based on traditional asymmetric cryptograph algorithms: e.g RSA, ECDSA; which are widely deployed authentication options of IKEv2. NIST has recently standardized ML-DSA, which is a signature algorithm believed to be secure against Quantum Computers. This document describes how to use ML-DSA with IKEv2 as an auhentication scheme. The IETF Secretariat _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
