thanks, this make sense. It would be nice to document the clarification
somewhere, maybe either go into 9370bis(if there gona be one) or
draft-kampanakis-ml-kem-ikev2 (if it gets adopted) ?
From: Valery Smyslov
Sent: Thursday, September 19, 2024 1:01 AM
To: Jun Hu (Nokia)
Cc: ipsec@ietf.org
Su
Hi Jun,
RFC8784 and RFC9370 are not interdependent, thus the can be used together.
Among the options you listed, only b) is feasible.
You cannot use PPK unless you know its identity, which is sent in the
IKE_AUTH request.
Thus, all IKE_INTERMEDIATE exchanges are performed as defined in 9370
