Markdown Version | Session Recording

Session Date/Time: 18 Mar 2025 06:00

ipsecme

Summary

The ipsecme working group meeting covered several topics, including the charter status, adoption calls, and presentations on various drafts. Discussions included a new ESP proposal (EESP), IKEv2 negotiation for EESP, optimized rekeying in IKEv2, post-quantum cryptography in IKEv2, and a security approach for multi-segment SD-WAN. Several drafts are being considered for working group adoption.

Key Discussion Points

• Charter Status: The working group has been re-chartered since February.
• EESP (Enhanced ESP):
  • Discussed the need for a new ESP due to limitations in the original protocol.
  • Highlighted requirements such as performance in hardware and software, parallel processing, and co-existence with ESP.
  • Hardware implementers provided feedback on TLV structures and the need for a common base protocol.
  • Debate on whether EESP duplicated functionality already existing in ESP.
• IKEv2 Negotiation for EESP:
  • Framework for negotiating EESP features (versioning, sub-SAs, sequence numbers) in IKEv2.
  • Defined a new security protocol in IKEv2 for each version of EESP.
  • Discussion around KDFs used for sub-SA key derivation.
• PECC (Post-quantum Elliptic Curve Cryptography) Updates:
  • Proposed a method for using variable-length output PRFs (like KMAC) in IKEv2.
  • Suggestion to rename the "PRF" registry to "KDF" to better reflect usage.
• Optimized Rekeying in IKEv2:
  • Discussion on handling PFS and key methods for the initial child SA.
  • Several options were presented, including regular rekeying, guessing based on configuration, and partial configuration detection.
  • Concerns raised about incompatibility with multiple key exchanges.
• Child PFS Info:
  • Discussed a draft adding the KE payload in a notify message to convey initial child information
  • Presented a structure to define KE type, KE algorithm, and whether it is required for the child
• Delete Info:
  • A delete info notify message is sent to indicate why an SA is being deleted.
  • Controversy around including the text field and downtime timer.
• Post-Quantum KEM for IKEv2:
  • Presented results of experiments using FrodoKEM.
  • Concerns were raised about the large number of code points requested and whether all variants were necessary.
• KEM-Based Authentication for IKEv2:
  • Proposed a new authentication method using KEM (Key Encapsulation Mechanism) for IKEv2.
  • Discussion on potential security considerations and complexity compared to signature-based authentication.
• ML-KEM (Module Lattice-based KEM) for IKEv2:
  • Draft proposing ML-KEM as a key exchange mechanism in IKEv2.
  • Addresses the final step of post-quantum key exchange
  • It was noted that IANA code points have been assigned and ready for adoption
• Likely Egress Selection Method for Encapsulated Network Segments:
  • Proposed the likely egress selection method for encapsulated network segments
  • Key management for the mechanism was discussed including h-mac and key establishment.
  • Considered the use of shorter Edge MAC values

Decisions and Action Items

• EESP: Working group adoption call will be scheduled after further review. Discussions on specific features and potential simplifications will continue on the mailing list.
• IKEv2 Negotiation for EESP: Working group adoption call will be scheduled.
• PECC (Post-quantum Elliptic Curve Cryptography) Updates: Working group adoption call will be scheduled.
• Optimized Rekeying in IKEv2: The authors will revisit the draft and consider simplifying it, recommending fallback to regular rekeying if optimized rekeying fails.
• Delete Info: The author will take the discussion to the mailing list for further feedback, particularly regarding the text field and downtime timer.
• Post-Quantum KEM for IKEv2: The authors will consider reducing the number of code points requested. Working group adoption call will be scheduled.
• ML-KEM for IKEv2: Working group adoption call will be scheduled.
• Likely Egress Selection Method for Encapsulated Network Segments: Author will explore key generation based on IPSEC keys

Next Steps

• Schedule adoption calls for EESP, IKEv2 Negotiation for EESP, PECC, ML-KEM based on the completion of other outstanding adoption calls.
• Continue discussions on the mailing list for all presented drafts, focusing on open issues and potential simplifications.
• Authors to update drafts based on meeting feedback and prepare them for working group adoption.