Thanks, Tiru. Previously, I misunderstood that Jun’s draft has not covered instantiations.
So, yes, my new draft largely overlaps with Jun’s. So, now, we are discussing if some of points in my draft could be merged to Jun’s draft. Then, my draft will be given up. Guilin From: tirumal reddy <kond...@gmail.com> Sent: Saturday, 8 March 2025 1:28 pm To: Wang Guilin <Wang.Guilin=40huawei....@dmarc.ietf.org> Cc: Scott Fluhrer (sfluhrer) <sfluhrer=40cisco....@dmarc.ietf.org>; ipsec <ipsec@ietf.org>; Wang Guilin <wang.gui...@huawei.com> Subject: Re: [IPsec] Re: [IPSec] FW: New Version Notification for draft-wang-ipsecme-composite-mldsa-auth-ikev2-00.txt Composite ML-DSA is already discussed in https://datatracker.ietf.org/doc/draft-hu-ipsecme-pqt-hybrid-auth/ -Tiru On Sat, 8 Mar 2025 at 07:07, Wang Guilin <Wang.Guilin=40huawei....@dmarc.ietf.org<mailto:40huawei....@dmarc.ietf.org>> wrote: Hi, Scott, Both of new drafts are in datatracker (submitted before the deadline). Guess URLs too long and got broken in previous email. Here is the complete info: Composite ML-DSA Authentication in the IKEv2 draft-wang-ipsecme-composite-mldsa-auth-ikev2-00 https://datatracker.ietf.org/doc/draft-wang-ipsecme-composite-mldsa-auth-ikev2/ KEM based Authentication for the IKEv2 with Post-quantum Security draft-wang-ipsecme-kem-auth-ikev2-00 https://datatracker.ietf.org/doc/draft-wang-ipsecme-kem-auth-ikev2/ Cheers, Guilin From:Scott Fluhrer (sfluhrer) <sfluhrer=40cisco....@dmarc.ietf.org<mailto:sfluhrer=40cisco....@dmarc.ietf.org>> To:Wang Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>>;ipsec <ipsec@ietf.org<mailto:ipsec@ietf.org>> Cc:Wang Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>> Date:2025-03-07 22:56:14 Subject:RE: [IPSec] FW: New Version Notification for draft-wang-ipsecme-composite-mldsa-auth-ikev2-00.txt I don't see the new draft in datatracker. Did you try to submit it after the quiet period started? If so, we should see it when the quiet period ends (on the 15th) > -----Original Message----- > From: Wang Guilin > <Wang.Guilin=40huawei....@dmarc.ietf.org<mailto:40huawei....@dmarc.ietf.org>> > Sent: Friday, March 7, 2025 8:32 AM > To: ipsec@ietf.org<mailto:ipsec@ietf.org> > Cc: Wang Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>> > Subject: [IPsec] [IPSec] FW: New Version Notification for draft-wang-ipsecme- > composite-mldsa-auth-ikev2-00.txt > > Dear all, > > I have submitted another new draft, called Composite ML-DSA Authentication > in the IKEv2. > > The basic idea is to collectively introduce a category of hybrid signatures in > the IKEv2, by following the 27 variants of composite ML-DSA signatured > specified in [draft-ietf-lamps-pq-composite-sigs]. Again, this is also > achieve by > employing the SUPPORTED_AUTH_METHODS Notify defined in RFC 9539, via > adding a new value (15) (TBD) for composite ML-DSA Authentication, as the > authentication method in the " IKEv2 Authentication Method" registry, > maintained by IANA. > > It seems better to not directly defining separate authentication methods for > all these composite ML-DSA, I think. In this way, the " IKEv2 Authentication > Method" registry looks simpler and all of these concrete algorithms will > belong to the same category of authentication method. This may help > authentication negation in the IKEv2 as well. > > [draft-ietf-lamps-pq-composite-sigs] > M. Ounsworth, M., Gray, J., Pala, M., J. Klaussner, J., and S. S. Fluhrer > Composite ML-DSA For use in X.509 Public Key Infrastructure and CMS > https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/. > > Welcome to comment! > > Guilin > > -----Original Message----- > From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> > <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> > Sent: Tuesday, 4 March 2025 6:40 am > To: Wang Guilin <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>>; Wang > Guilin > <wang.gui...@huawei.com<mailto:wang.gui...@huawei.com>> > Subject: New Version Notification for draft-wang-ipsecme-composite-mldsa- > auth-ikev2-00.txt > > A new version of Internet-Draft > draft-wang-ipsecme-composite-mldsa-auth-ikev2-00.txt has been successfully > submitted by Guilin Wang and posted to the IETF repository. > > Name: draft-wang-ipsecme-composite-mldsa-auth-ikev2 > Revision: 00 > Title: Composite ML-DSA Authentication in the IKEv2 > Date: 2025-03-03 > Group: Individual Submission > Pages: 12 > URL: https://www.ietf.org/archive/id/draft-wang-ipsecme-composite- > mldsa-auth-ikev2-00.txt > Status: https://datatracker.ietf.org/doc/draft-wang-ipsecme-composite- > mldsa-auth-ikev2/ > HTML: https://www.ietf.org/archive/id/draft-wang-ipsecme-composite- > mldsa-auth-ikev2-00.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-ipsecme- > composite-mldsa-auth-ikev2 > > > Abstract: > > This draft specifies composite ML-DSA authentication in the Internet > Key Exchange Protocol Version 2 (IKEv2) [RFC7296]. Namely, the > authenticaiton in the IKEv2 is completed by using a compiste > signature of ML-DSA [FIPS203], the newly post-quantum digital > singature standard, and one of the following traditional singature > algorithms, SA-PKCS#1v1.5, RSA-PSS, ECDSA, Ed25519, and Ed448. These > concrete composite algorithm specifications follow [OGPKF24]. > Composite ML-DSA authenticatio is achieved by asking to add a new > value in the "IKEv2 Authentication Method" registry [IANA-IKEv2], > mantained by IANA. After that, two peers MUST send the > SUPPORTED_AUTH_METHODS Notify, defined in [RFC9593], to negotiate the > specific composite ML-DSA algoithms. > > [EDNOTE: Code points for composite ML-DSA authentication may need to > be assigned in the "IKEv2 Authentication Method" registry, maintained > by IANA] > > > > The IETF Secretariat > > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org<mailto:ipsec@ietf.org> > To unsubscribe send an email to > ipsec-le...@ietf.org<mailto:ipsec-le...@ietf.org> _______________________________________________ IPsec mailing list -- ipsec@ietf.org<mailto:ipsec@ietf.org> To unsubscribe send an email to ipsec-le...@ietf.org<mailto:ipsec-le...@ietf.org>
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
