Last Call Review of draft-ietf-ipsecme-ikev2-multiple-ke-07
review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10-10-00
Request | Review of | draft-ietf-ipsecme-ikev2-multiple-ke |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | DNS Directorate (dnsdir) | |
Deadline | 2022-10-24 | |
Requested | 2022-10-10 | |
Authors | C. Tjhai , M. Tomlinson , G. Bartlett , Scott Fluhrer , Daniel Van Geest , Oscar Garcia-Morchon , Valery Smyslov | |
I-D last updated | 2022-10-10 | |
Completed reviews |
Dnsdir Last Call review of -07
by Geoff Huston
(diff)
Genart Last Call review of -07 by Russ Housley (diff) Artart Last Call review of -08 by Russ Housley (diff) Secdir Telechat review of -10 by Sean Turner (diff) |
|
Assignment | Reviewer | Geoff Huston |
State | Completed | |
Request | Last Call review on draft-ietf-ipsecme-ikev2-multiple-ke by DNS Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/dnsdir/EU3IxD2yIXD0g90OVI4AfY_44Yk | |
Reviewed revision | 07 (document currently at 12) | |
Result | Ready | |
Completed | 2022-10-10 |
review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10-10-00
This specification for Multiple Key Exchanges in IKEv2 relates to the considerations of the forcoming requirement for incorporation of post-quantum cryptography into IKEv2. For me the summary description of the draft is in section 1.2, second paragraph. The proposed process increases the number of round trips to securely establish a session key, which many impact on the assumptions made by applications regarding the speed and/or overhead of using IKEv2 extension The document is clearly motivated, and the description of the proposed mechanism is clearly expressed. The reviewer found no nits, nor has any major comments to make as to the content of the draft. I should add that the reviewer is not overly familiar with this topic and would probably not be in a qualified position to make detailed informed comment on the key exchnage protocol in any case! The document contains no direct or indirecdt reference to the DNS per se.