Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
draft-smyslov-ipsecme-ikev2-qr-alt-04
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Expired & archived
|
|
---|---|---|---|
Author | Valery Smyslov | ||
Last updated | 2022-02-03 (Latest revision 2021-08-02) | ||
RFC stream | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
An IKEv2 extension defined in [RFC8784] allows IPsec traffic to be protected against someone storing VPN communications today and decrypting it later, when (and if) quantum computers are available. However, this protection doesn't cover an initial IKEv2 SA, which might be unacceptable in some scenarios. This specification defines an alternative way get the same protection against quantum computers, but unlike the [RFC8784] solution it covers the initial IKEv2 SA too.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)