[IPsec] I-D Action: draft-ietf-ipsecme-ikev2-qr-alt-08.txt

Sat, 05 Apr 2025 10:40:37 -0700 

Internet-Draft draft-ietf-ipsecme-ikev2-qr-alt-08.txt is now available. It is
a work item of the IP Security Maintenance and Extensions (IPSECME) WG of the
IETF.

   Title:   Mixing Preshared Keys in the IKE_INTERMEDIATE and in the 
CREATE_CHILD_SA Exchanges of IKEv2 for Post-quantum Security
   Author:  Valery Smyslov
   Name:    draft-ietf-ipsecme-ikev2-qr-alt-08.txt
   Pages:   14
   Dates:   2025-04-02

Abstract:

   An Internet Key Exchange protocol version 2 (IKEv2) extension defined
   in RFC8784 allows IPsec traffic to be protected against someone
   storing VPN communications today and decrypting them later, when (and
   if) cryptographically relevant quantum computers are available.  The
   protection is achieved by means of a Post-quantum Preshared Key (PPK)
   which is mixed into the session keys calculation.  However, this
   protection does not cover an initial IKEv2 Security Association (SA),
   which might be unacceptable in some scenarios.  This specification
   defines an alternative way to get protection against quantum
   computers, which is similar to the solution defined in RFC8784, but
   protects the initial IKEv2 SA too.

   RFC8784 assumes that PPKs are static and thus they are only used when
   an initial IKEv2 SA is created.  If a fresh PPK is available before
   the IKE SA expired, then the only way to use it is to delete the
   current IKE SA and create a new one from scratch, which is
   inefficient.  This specification defines a way to use PPKs in active
   IKEv2 SAs for creating additional IPsec SAs and rekey operations.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-qr-alt/

There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev2-qr-alt-08

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-ikev2-qr-alt-08

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org

Reply via email to