Skip to main content

Last Call Review of draft-ietf-ipsecme-ikev2-multiple-ke-07
review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10-10-00

Request Review of draft-ietf-ipsecme-ikev2-multiple-ke
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team DNS Directorate (dnsdir)
Deadline 2022-10-24
Requested 2022-10-10
Authors C. Tjhai , M. Tomlinson , G. Bartlett , Scott Fluhrer , Daniel Van Geest , Oscar Garcia-Morchon , Valery Smyslov
I-D last updated 2022-10-10
Completed reviews Dnsdir Last Call review of -07 by Geoff Huston (diff)
Genart Last Call review of -07 by Russ Housley (diff)
Artart Last Call review of -08 by Russ Housley (diff)
Secdir Telechat review of -10 by Sean Turner (diff)
Assignment Reviewer Geoff Huston
State Completed
Request Last Call review on draft-ietf-ipsecme-ikev2-multiple-ke by DNS Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/dnsdir/EU3IxD2yIXD0g90OVI4AfY_44Yk
Reviewed revision 07 (document currently at 12)
Result Ready
Completed 2022-10-10
review-ietf-ipsecme-ikev2-multiple-ke-07-dnsdir-lc-huston-2022-10-10-00
This specification for Multiple Key Exchanges in IKEv2 relates to the
considerations of the forcoming requirement for incorporation of post-quantum
cryptography into IKEv2. For me the summary description of the draft is in
section 1.2, second paragraph. The proposed process increases the number of
round trips to securely establish a session key, which many impact on the
assumptions made by applications regarding the speed and/or overhead of using
IKEv2 extension

The document is clearly motivated, and the description of the proposed
mechanism is clearly expressed. The reviewer found no nits, nor has any major
comments to make as to the content of the draft. I should add that the reviewer
is not overly familiar with this topic and would probably not be in a qualified
position to make detailed informed comment on the key exchnage protocol in any
case!

The document contains no direct or indirecdt reference to the DNS per se.