First, I support the adoption as it's an useful document.
Second, I agree with Paul's opinion that the document should be split into two
parts and adopting both.
The PQC algorithms, such as ML-DSA and SLH-DSA, don't perfectly fit with the
original IKEv2 authentication architecture. For example, this is discussed in
Section 5.2 of the document. So, we need to consider how to process with this
situation, whether we need to expand the architecture. This part is 1) of
Paul's email. And I agree that this general considerations should be a separate
draft. Although currently ML-DSA and SLH-DSA are the only standardized
signature algorithms, there will be more algorithms being standardized in the
future. We need to have the consideration for the general mechanism now, rather
than designing one by one.
As a practical manner, I suggest adopting the current draft as is, and then
discussing (splitting) the general mechanism part later by considering other
possible PQC signature algorithms.
Other comments:
Section 2:
1. Nit: "elliptic curve discrete logarithms" appeared twice in the definition
of "Asymmetric Traditional Cryptographic Algorithm".
2. Suggest changing "Post-Quantum Algorithm" to " Post-Quantum Asymmetric
Cryptographic Algorithm", as this is used in the terms definition in
draft-ietf-pquip-pqt-hybrid-terminology.
Section 7:
1. Suggest changing the title to "Mechanisms for Signaling Supported Signature
Algorithms", using "key pair types" to refer to ML-DSA and SLH-DSA may be
implicit as the whole document uses "algorithms".
2. Suggest setting the method of leveraging RFC 9593 to be the main (or the
only) one. I think RFC 9593 will be an important function for PQC
authentication, especially when used in hybrid authentication. The current
first method in the draft is an implicit way and can cover the situation where
two peers use different signature algorithms.
Regards & Thanks!
Wei PAN (潘伟)
> -----Original Message-----
> From: Paul Wouters <p...@nohats.ca>
> Sent: Tuesday, February 18, 2025 4:05 AM
> To: Tero Kivinen <kivi...@iki.fi>
> Cc: ipsec@ietf.org
> Subject: [IPsec] Re: WG Adoption call of
> draft-reddy-ipsecme-ikev2-pqc-auth
>
> On Mon, 17 Feb 2025, Tero Kivinen wrote:
>
> [ speaking as individual contributor ]
>
> > This email will start two week working group adoption call for
> > draft-reddy-ipsecme-ikev2-pqc-auth document. If you are in favor of
> > adopting this document for the initial work document for the PQC auth
> > work item, reply this email. And especially if you have any objections
> > adopting this document as base document, reply this email by
> > explaining your objections.
>
> The document's title and body are widely different. The title claims
> "Signature Authentication using PQC" but the body shows it is only
> talking about ML-DSA and SLH-DSA.
>
> 1) I am in favour of a document that explains Signature Authentication
> using PQC in general.
>
> 2) I am in favour of a document describing ML-DSA and SLH-DSA.
>
> 3) I am also in favour of a document describing one or two non-NIST
> Signature Algorithms.
>
> This draft seems to be 2) but named to appear to be 1)
>
> I would be in favour of splitting the document, and adopting both parts.
> And hope that someone also submits a draft for 3)
>
> Paul
>
> _______________________________________________
> IPsec mailing list -- ipsec@ietf.org
> To unsubscribe send an email to ipsec-le...@ietf.org
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org
