Internet-Draft draft-ietf-ipsecme-ikev2-qr-alt-03.txt is now available. It is
a work item of the IP Security Maintenance and Extensions (IPSECME) WG of the
IETF.
Title: Mixing Preshared Keys in the IKE_INTERMEDIATE and in the
CREATE_CHILD_SA Exchanges of IKEv2 for Post-quantum Security
Au
> > > This is not really correct. At the time it was seen that doing
> > > IKEv2 rekey immediately after IKE SA is created will solve this
> > > problem and it is already standardized how it can be done, so there
> > > was no need to make special case for those users who happen to use
> > > IKEv2 s
Hi,
this version contains more changes as a result of discussion with Tero.
Regards,
Valery.
> -Original Message-
> From: internet-dra...@ietf.org
> Sent: Friday, July 26, 2024 5:00 PM
> To: i-d-annou...@ietf.org
> Cc: ipsec@ietf.org
> Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ike
As someone who implemented both RFC8784 and the new alternative approach, I
want to say I agree with Valery in the point below:
1. The code logic is simpler, and easier to follow and verify, with having
this separate notification type (the PPK code logic is already quite
complicated).
2. My intuit
Valery Smyslov writes:
> > > In this case additional checks should be performed to make sure that
> > > only PPK_ID formats with confirmation are used for this extension.
> > > It's easier to check this based on the Notify Type, than on PPK_ID
> > > format. The latter is usually performed much deep
This will start two week WGLC for the draft-ietf-ipsecme-ikev2-qr-alt
[1]. This last call will end at 2024-08-11. If you have any comments
about the draft send them to the WG list.
This current draft uses different method of mixing the secret data to
the IKE SA state than the Multiple Key Exchange
