Dear all, I have submitted a new draft on Monday, called KEM based Authentication for the IKEv2 with Post-quantum Security. It is motived by the fact that ML-KEM has about half of public key+ciphertext size vs that of pk+signature of ML-DSA, and ML-KEM is about 5 times faster than ML-DSA.
Currently, the draft is a general solution with ML-KEM as an instantiation, by considering that some new KEMs could be instantiated later. The basic idea is to use the SUPPORTED_AUTH_METHODS Notify defined in RFC 9539, by adding a new value (15) (TBD) for KEM based Authentication, as the authentication method in the " IKEv2 Authentication Method" registry, maintained by IANA. Welcome to comment! Guilin -----Original Message----- From: internet-dra...@ietf.org <internet-dra...@ietf.org> Sent: Monday, 3 March 2025 11:57 pm To: Wang Guilin <wang.gui...@huawei.com>; Wang Guilin <wang.gui...@huawei.com> Subject: New Version Notification for draft-wang-ipsecme-kem-auth-ikev2-00.txt A new version of Internet-Draft draft-wang-ipsecme-kem-auth-ikev2-00.txt has been successfully submitted by Guilin Wang and posted to the IETF repository. Name: draft-wang-ipsecme-kem-auth-ikev2 Revision: 00 Title: KEM based Authentication for the IKEv2 with Post-quantum Security Date: 2025-03-03 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/archive/id/draft-wang-ipsecme-kem-auth-ikev2-00.txt Status: https://datatracker.ietf.org/doc/draft-wang-ipsecme-kem-auth-ikev2/ HTML: https://www.ietf.org/archive/id/draft-wang-ipsecme-kem-auth-ikev2-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-ipsecme-kem-auth-ikev2 Abstract: This draft specifies a new authentication mechanism, called KEM based authentication, for the Internet Key Exchange Protocol Version 2 (IKEv2) [RFC7296]. This is motivated by the fact that ML-KEM is much more efficient that ML-DSA, which are the post-quantum algoirhtms for mitigating the pontential security threats again quantum computers. The KEM based authenticationth for the IKV2 is achieved via introduing a new value of the IKEv2 Authentication Method registry mantained by IANA. For using the new authentication method, two peers MUST send the SUPPORTED_AUTH_METHODS Notify, defined by [RFC9593],to negotiate the supported KEM algorithms. After that, the correponding KEM certificates and cipthertext are exchanged via the INTERMEDIATE Exchange. Finally,the IKE messages are authenticated via the shared secret encapsulated between the two peers. This documents also specifies the instantiation with ML-KEM for this new general authenticaiton method for the IKEv2. [EDNOTE: Code points for KEM-based authentication may need to be assigned in the IKEv2 Authenticaion Method registry, maintained by IANA] The IETF Secretariat _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
