An Alternative Approach for Postquantum Preshared Keys in IKEv2
draft-smyslov-ipsecme-ikev2-qr-alt-00

Document Type Active Internet-Draft (individual)
Last updated 2019-10-17
Stream (None)
Intended RFC status (None)
Formats plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
On Agenda ipsecme at IETF-106
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         V. Smyslov
Internet-Draft                                                ELVIS-PLUS
Intended status: Standards Track                        October 17, 2019
Expires: April 19, 2020

    An Alternative Approach for Postquantum Preshared Keys in IKEv2
                 draft-smyslov-ipsecme-ikev2-qr-alt-00

Abstract

   An IKEv2 extension defined in [I-D.ietf-ipsecme-qr-ikev2] allows
   IPsec traffic to be protected against someone storing VPN
   communications today and decrypting it later, when (and if) Quantum
   Computers are available.  However, this protection doesn't cover an
   initial IKEv2 SA, which might be unacceptable in some scenarios.
   This specification defines an alternative way get the same protection
   against Quantum Computers, which allows to extend it on the initial
   IKEv2 SA.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 19, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must

Smyslov                  Expires April 19, 2020                 [Page 1]
Internet-Draft          Alternative PPK for IKEv2           October 2019

   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology and Notation  . . . . . . . . . . . . . . . . . .   3
   3.  Alternative Approach Description  . . . . . . . . . . . . . .   3
   4.  Computing IKE SA Keys . . . . . . . . . . . . . . . . . . . .   5
   5.  Comparison of the Conventional and the Alternative Approaches   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   The Internet Key Exchange Protocol version 2, defined in [RFC7296],
   is used in the IPsec architecture to perform authenticated key
   exchange.  [I-D.ietf-ipsecme-qr-ikev2] defines an extension of IKEv2
   for protecting today's VPN traffic against future Quantum Computers.
   At the time this extension was being developed, it was a consensus in
   the IPSECME WG that only IPsec traffic needs to have such a
   protection.  It was believed that no sensitive information is
   transferred over IKE SA and extending the protection to also cover
   IKE SA traffic would require serious modifications to core IKEv2
   protocol, that contradicted to one of the goals to minimize such
   changes.  For the cases when this protection is needed it was
   suggested to immediately rekey IKE SA once it is created.

   In some situations it is desirable to have this protection for IKE SA
   from the very beginning, when an initial IKE SA is created.  An
   example of such situation is Group Key Management protocol using
   IKEv2, defined in [I-D.yeung-g-ikev2].  In this protocol session keys
   are transferred from Group Controller / Key Server (GCKS) to Group
   Members (GM) immediately once an initial IKE SA is created.  While it
   is possible to postpone transfer of the keys until the IKE SA is
   rekeyed (and [I-D.yeung-g-ikev2] specifies how to do it), the needed
   sequence of actions introduces an additional delay and adds
   unnecessary complexity to the protocol.

   Since [I-D.ietf-ipsecme-qr-ikev2] was written, a new IKE_INTERMEDIATE
   exchange for IKEv2 was defined in
   [I-D.ietf-ipsecme-ikev2-intermediate].  While the primary motivation
Show full document text