Composite ML-DSA is already discussed in https://datatracker.ietf.org/doc/draft-hu-ipsecme-pqt-hybrid-auth/
-Tiru On Sat, 8 Mar 2025 at 07:07, Wang Guilin <Wang.Guilin= 40huawei....@dmarc.ietf.org> wrote: > Hi, Scott, > > Both of new drafts are in datatracker (submitted before the deadline). > Guess URLs too long and got broken in previous email. > > Here is the complete info: > > Composite ML-DSA Authentication in the IKEv2 > draft-wang-ipsecme-composite-mldsa-auth-ikev2-00 > > https://datatracker.ietf.org/doc/draft-wang-ipsecme-composite-mldsa-auth-ikev2/ > > > KEM based Authentication for the IKEv2 with Post-quantum Security > draft-wang-ipsecme-kem-auth-ikev2-00 > https://datatracker.ietf.org/doc/draft-wang-ipsecme-kem-auth-ikev2/ > > Cheers, > > Guilin > > *From:*Scott Fluhrer (sfluhrer) <sfluhrer=40cisco....@dmarc.ietf.org> > *To:*Wang Guilin <wang.gui...@huawei.com>;ipsec <ipsec@ietf.org> > *Cc:*Wang Guilin <wang.gui...@huawei.com> > *Date:*2025-03-07 22:56:14 > *Subject:*RE: [IPSec] FW: New Version Notification for > draft-wang-ipsecme-composite-mldsa-auth-ikev2-00.txt > > I don't see the new draft in datatracker. > > Did you try to submit it after the quiet period started? If so, we should > see it when the quiet period ends (on the 15th) > > > -----Original Message----- > > From: Wang Guilin <Wang.Guilin=40huawei....@dmarc.ietf.org> > > Sent: Friday, March 7, 2025 8:32 AM > > To: ipsec@ietf.org > > Cc: Wang Guilin <wang.gui...@huawei.com> > > Subject: [IPsec] [IPSec] FW: New Version Notification for > draft-wang-ipsecme- > > composite-mldsa-auth-ikev2-00.txt > > > > Dear all, > > > > I have submitted another new draft, called Composite ML-DSA > Authentication > > in the IKEv2. > > > > The basic idea is to collectively introduce a category of hybrid > signatures in > > the IKEv2, by following the 27 variants of composite ML-DSA signatured > > specified in [draft-ietf-lamps-pq-composite-sigs]. Again, this is also > achieve by > > employing the SUPPORTED_AUTH_METHODS Notify defined in RFC 9539, via > > adding a new value (15) (TBD) for composite ML-DSA Authentication, as the > > authentication method in the " IKEv2 Authentication Method" registry, > > maintained by IANA. > > > > It seems better to not directly defining separate authentication methods > for > > all these composite ML-DSA, I think. In this way, the " IKEv2 > Authentication > > Method" registry looks simpler and all of these concrete algorithms will > > belong to the same category of authentication method. This may help > > authentication negation in the IKEv2 as well. > > > > [draft-ietf-lamps-pq-composite-sigs] > > M. Ounsworth, M., Gray, J., Pala, M., J. Klaussner, J., and S. S. Fluhrer > > Composite ML-DSA For use in X.509 Public Key Infrastructure and CMS > > https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/. > > > > Welcome to comment! > > > > Guilin > > > > -----Original Message----- > > From: internet-dra...@ietf.org <internet-dra...@ietf.org> > > Sent: Tuesday, 4 March 2025 6:40 am > > To: Wang Guilin <wang.gui...@huawei.com>; Wang Guilin > > <wang.gui...@huawei.com> > > Subject: New Version Notification for draft-wang-ipsecme-composite-mldsa- > > auth-ikev2-00.txt > > > > A new version of Internet-Draft > > draft-wang-ipsecme-composite-mldsa-auth-ikev2-00.txt has been > successfully > > submitted by Guilin Wang and posted to the IETF repository. > > > > Name: draft-wang-ipsecme-composite-mldsa-auth-ikev2 > > Revision: 00 > > Title: Composite ML-DSA Authentication in the IKEv2 > > Date: 2025-03-03 > > Group: Individual Submission > > Pages: 12 > > URL: https://www.ietf.org/archive/id/draft-wang-ipsecme-composite- > > mldsa-auth-ikev2-00.txt > > Status: https://datatracker.ietf.org/doc/draft-wang-ipsecme-composite- > > mldsa-auth-ikev2/ > > HTML: https://www.ietf.org/archive/id/draft-wang-ipsecme-composite- > > mldsa-auth-ikev2-00.html > > HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-ipsecme- > > composite-mldsa-auth-ikev2 > > > > > > Abstract: > > > > This draft specifies composite ML-DSA authentication in the Internet > > Key Exchange Protocol Version 2 (IKEv2) [RFC7296]. Namely, the > > authenticaiton in the IKEv2 is completed by using a compiste > > signature of ML-DSA [FIPS203], the newly post-quantum digital > > singature standard, and one of the following traditional singature > > algorithms, SA-PKCS#1v1.5, RSA-PSS, ECDSA, Ed25519, and Ed448. These > > concrete composite algorithm specifications follow [OGPKF24]. > > Composite ML-DSA authenticatio is achieved by asking to add a new > > value in the "IKEv2 Authentication Method" registry [IANA-IKEv2], > > mantained by IANA. After that, two peers MUST send the > > SUPPORTED_AUTH_METHODS Notify, defined in [RFC9593], to negotiate the > > specific composite ML-DSA algoithms. > > > > [EDNOTE: Code points for composite ML-DSA authentication may need to > > be assigned in the "IKEv2 Authentication Method" registry, maintained > > by IANA] > > > > > > > > The IETF Secretariat > > > > > > _______________________________________________ > > IPsec mailing list -- ipsec@ietf.org > > To unsubscribe send an email to ipsec-le...@ietf.org > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org > To unsubscribe send an email to ipsec-le...@ietf.org >
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
