hi wg,
We have just posted a new draft for draft-li-ipsecme-qkd-multipath-secret-sharing-01. This draft proposes a method for implementing quantum key multipath distribution by leveraging the programmable characteristics of SRv6 forwarding paths. Specifically, the completed key is split into multiple subkeys, and the ability of SRv6 to specify forwarding paths is utilized to reduce the security risks exposed by relay nodes in the QKD (Quantum Key Distribution) network. We have noted that the IPSecme Working Group has previously released drafts related to QKD. Therefore, we have submitted this document to the IPSecme Working Group for review and discussion. We sincerely welcome all colleagues to read the draft and share your valuable opinions and suggestions. Your feedback will be of great help to us in improving the document, and we would be very grateful for your support. Thank you very much! Best Regards Jinming 2026年2月27日 15:55,[email protected] 写道: A new version of Internet-Draft draft-li-ipsecme-qkd-multipath-secret-sharing-01.txt has been successfully submitted by Jinming Li and posted to the IETF repository. Name: draft-li-ipsecme-qkd-multipath-secret-sharing Revision: 01 Title: Multi-Path Secret Sharing for QKD Key Relay in IP Networks Date: 2026-02-27 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-li-ipsecme-qkd-multipath-secret-sharing-01.txt Status: https://datatracker.ietf.org/doc/draft-li-ipsecme-qkd-multipath-secret-sharing/ HTMLized: https://datatracker.ietf.org/doc/html/draft-li-ipsecme-qkd-multipath-secret-sharing Diff: https://author-tools.ietf.org/iddiff?url2=draft-li-ipsecme-qkd-multipath-secret-sharing-01 Abstract: Trusted relay is currently the most practical deployment model for Quantum Key Distribution (QKD) networks. However, trusted relay nodes pose inherent security vulnerabilities, as intermediate nodes can access the plaintext random number used to derive the end-to-end QKD key, leading to complete key exposure if any single relay node is compromised. To mitigate this risk, this document proposes a Multi- Path Secret Sharing (MPSS) mechanism for QKD key relay. The core idea is to split the random number into multiple shares using a threshold secret sharing scheme, distribute each share through independent QKD relay paths planned by the Key Management Plane (KMP), and reconstruct the complete random number only at the destination node. This mechanism transforms the security model from "all-or-nothing" to "threshold security". Notably, this mechanism leverages an extended IPv6 Destination Option Header (DOH) to carry key share-related metadata and utilizes Segment Routing over IPv6 (SRv6) to enforce strict path isolation. The IETF Secretariat
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
