Hi, Here is an update to draft-hu-ipsecme-pqt-hybrid-auth, review and comments are appreciated
What's changed in v04: * align to draft-ietf-lamps-pq-composite-sigs-14 * add text to clarify two setup types * add text to describe the example exchange in section 5 * clarify using of pre-hash alg * clarify sign operation in type-2 * ietf-lamps-cert-binding-for-multi-auth is now RFC9763 * ietf-lamps-dilithium-certificates is now RFC9881 * editorial changes -----Original Message----- From: [email protected] <[email protected]> Sent: Friday, February 27, 2026 11:20 AM To: Guilin WANG <[email protected]>; Guilin Wang <[email protected]>; Jun Hu (Nokia) <[email protected]>; Yasufumi Morioka (森岡 康史) <[email protected]> Subject: New Version Notification for draft-hu-ipsecme-pqt-hybrid-auth-04.txt CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. A new version of Internet-Draft draft-hu-ipsecme-pqt-hybrid-auth-04.txt has been successfully submitted by Jun Hu and posted to the IETF repository. Name: draft-hu-ipsecme-pqt-hybrid-auth Revision: 04 Title: Post-Quantum Traditional (PQ/T) Hybrid PKI Authentication in the Internet Key Exchange Version 2 (IKEv2) Date: 2026-02-27 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/archive/id/draft-hu-ipsecme-pqt-hybrid-auth-04.txt Status: https://datatracker.ietf.org/doc/draft-hu-ipsecme-pqt-hybrid-auth/ HTML: https://www.ietf.org/archive/id/draft-hu-ipsecme-pqt-hybrid-auth-04.html HTMLized: https://datatracker.ietf.org/doc/html/draft-hu-ipsecme-pqt-hybrid-auth Diff: https://author-tools.ietf.org/iddiff?url2=draft-hu-ipsecme-pqt-hybrid-auth-04 Abstract: One IPsec area that would be impacted by Cryptographically Relevant Quantum Computer (CRQC) is IKEv2 authentication based on traditional asymmetric cryptographic algorithms: e.g RSA, ECDSA, which are widely deployed authentication options of IKEv2. There are new Post-Quantum Cryptographic (PQC) algorithms for digital signature like NIST [ML-DSA], However, it takes time for new cryptographic algorithms to mature, There is security risk to use only the new algorithm before it is field proven. This document describes a hybrid PKI authentication scheme for IKEv2 that incorporates both traditional and PQC digital signature algorithms, so that authentication is secure as long as one algorithm in the hybrid scheme is secure. The IETF Secretariat _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
