Hi, We have submitted the following draft on multi-authentication in IKEv2. It enables the two peers in IKEv2 to negotiate and run flexible combinations of multiple authentication methods existing in IKEv2. Such combinations can be one traditional signature+one PQ signature, MAC+one PQ signature, PPK+one PQ signature, or ...
In addition, the combinations for two directional authentication can be the same or different. Comments and reviews are the most appreciated. Thanks, William & Guilin 发件人:[email protected] <[email protected]<mailto:[email protected]>> 收件人:Wang Guilin <[email protected]<mailto:[email protected]>>;Wang Guilin <[email protected]<mailto:[email protected]>>;Panwei (William) <[email protected]<mailto:[email protected]>> 时 间:2026-03-03 07:55:13 主 题:New Version Notification for draft-wang-ipsecme-multi-auth-ikev2-pq-00.txt A new version of Internet-Draft draft-wang-ipsecme-multi-auth-ikev2-pq-00.txt has been successfully submitted by Guilin Wang and posted to the IETF repository. Name: draft-wang-ipsecme-multi-auth-ikev2-pq Revision: 00 Title: Multi-Authentication in IKEv2 with Post-quantum Security Date: 2026-03-02 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-wang-ipsecme-multi-auth-ikev2-pq-00.txt Status: https://datatracker.ietf.org/doc/draft-wang-ipsecme-multi-auth-ikev2-pq/ HTML: https://www.ietf.org/archive/id/draft-wang-ipsecme-multi-auth-ikev2-pq-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-wang-ipsecme-multi-auth-ikev2-pq Abstract: Motivated to mitigate security threats again quantum computers, this draft specifies a general authentication mechanism in the Internet Key Exchange Protocol Version 2 (IKEv2) [RFC7296], called Multi- Authentication. Namely, two peers can negotiate two or more authentication methods to authenticate each other. The authentication methods selected do not necessarily belong to the same category. This mechanism is achieved by adding a new value (17) (TBD) in the "IKEv2 Authentication Method" registry [IANA-IKEv2], maintained by IANA. To run Multiple Authentication, two peers send the SUPPORTED_AUTH_METHODS Notify, defined in [RFC9593], to negotiate two or more authentication methods for authenticaion in IKEv2. [EDNOTE: Code points for Multi-Authentication may need to be assigned in the "IKEv2 Authentication Method" registry [IANA-IKEv2], maintained by IANA] The IETF Secretariat
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
