I’ve already pulled in the changes into draft-reddy-ipsecme-ikev2-pqc-auth (at least, the one in github – that update will be published Real Soon Now).
Except, one of my coauthors preferred the RFC8420 approach and no one else (including me) had an opinion, so that’s what we’ll be doing for now… From: Daniel Van Geest <daniel.vangeest=40cryptonext-security....@dmarc.ietf.org> Sent: Monday, February 10, 2025 11:09 AM To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com>; ipsec@ietf.org Subject: Re: [IPsec] FW: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt I support this work, but there is already a draft specifying both ML-DSA and SLH-DSA in IKEv2: https://datatracker.ietf.org/doc/draft-reddy-ipsecme-ikev2-pqc-auth/ Scott, as you're an author on both you'll have no problem reconciling the two drafts :) Regards, Daniel On 2025-01-31 7:40 p.m., Scott Fluhrer (sfluhrer) wrote: I just noticed that IKE was missing a draft to how to support pure (ML-DSA only) PQ authentication, so I threw this together. Any comments are fine (and I expect them to range from "this is completely stupid" to "this is mostly stupid, but it might be salvageable") -----Original Message----- From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> <internet-dra...@ietf.org><mailto:internet-dra...@ietf.org> Sent: Friday, January 31, 2025 2:01 PM To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com><mailto:sfluh...@cisco.com> Subject: New Version Notification for draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt A new version of Internet-Draft draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt has been successfully submitted by Scott Fluhrer and posted to the IETF repository. Name: draft-sfluhrer-ipsecme-ikev2-mldsa Revision: 00 Title: IKEv2 Support of ML-DSA Date: 2025-01-31 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.txt Status: https://datatracker.ietf.org/doc/draft-sfluhrer-ipsecme-ikev2-mldsa/ HTML: https://www.ietf.org/archive/id/draft-sfluhrer-ipsecme-ikev2-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-sfluhrer-ipsecme-ikev2-mldsa Abstract: One IPsec area that would be impacted by Cryptographically Relevant Quantum Computer (CRQC) is IKEv2 authentication based on traditional asymmetric cryptograph algorithms: e.g RSA, ECDSA; which are widely deployed authentication options of IKEv2. NIST has recently standardized ML-DSA, which is a signature algorithm believed to be secure against Quantum Computers. This document describes how to use ML-DSA with IKEv2 as an auhentication scheme. The IETF Secretariat _______________________________________________ IPsec mailing list -- ipsec@ietf.org<mailto:ipsec@ietf.org> To unsubscribe send an email to ipsec-le...@ietf.org<mailto:ipsec-le...@ietf.org>
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
