Session Date/Time: 24 Jul 2025 12:30

ipsecme

Summary

The ipsecme working group meeting covered a variety of topics including document status updates, presentations on ongoing work, and discussions around adoption calls. Key areas of focus included enhanced ESP (EESP), optimized IKEv2 rekeying, ESP ping extensions, downgrade protection in IKEv2, the adoption of SHA-3 and KMAC, hybrid authentication methods for post-quantum cryptography, stateless encryption for IPsec, and minimalistic authenticated key exchange.

Key Discussion Points

Document Status: Review of RFC publication progress, working group last call status, and documents ready for adoption calls.
EESP: Presentation and discussion of the updated EESP packet format, focusing on differentiating it from ESP, versioning, and option handling. The question of EESP replacing ESP was discussed with the consensus that it would be coexisting and the decision is left to future.
Optimized IKEv2 Rekeying: Presentation and discussion of the optimized rekeying mechanism, interaction with QRL, and handling of initial child SA negotiation. Focus on solving the problem caused by the PFS policy and KEMs not negotiated.
ESP Ping: Discussion of merging unencrypted and encrypted ESP ping drafts into a single document with a common format. Update on implementation strategies.
IKEv2 Beat Mode: Defining IKEv2 negotiation for beat mode and proposal to create a packet format RFC.
IKEv2 Downgrade Protection: Presentation of a potential downgrade attack in IKEv2 and discussion of possible mitigations at the protocol level. A key point of debate was whether the described scenarios warranted additional protocol complexity given existing configuration best practices to avoid weak algorithms. Concerns regarding key reuse and attack models were raised.
SHA-3 and KMAC Adoption: Proposal to adopt SHA-3 and KMAC as PRF and integrity algorithms within IKE/IPsec. Discussion around HMAX-R-3 removal, PRF+ length extensions, the generic draft defining the mechanism, and the usage of customization strings (domain separators). Concerns over FIPS compliance in the use of shake were discussed.
Hybrid Authentication: Discussion and concerns surrounding hybrid authentication methods, certificate formats, and key reuse in the context of post-quantum cryptography.
Stateless Encryption: Requirements and use cases for stateless encryption in IPsec were discussed, including a minimal security state approach.
Minimalistic Authenticated Key Exchange: An alternative authentication method without reliance on signatures was presented, focusing on formal proofs, compactness, and applicability to constrained environments.

Decisions and Action Items

Issue Adoption Calls: Issue adoption calls for Reliable Transport, Big Payload, SHA-3/KMAC, and Entrue IKEv2 drafts.
Address Downgrade Protection Concerns: Authors to update the downgrade protection draft to include the attack scenario without key compromise.
Continue Downgrade Protection Discussion: Continue discussion of IKEv2 downgrade protection draft and adoption decision on the mailing list.
Merge ESP Ping Drafts: Merge the unencrypted and encrypted ESP ping drafts into a single document.
Update EESPI Q2 Document: Authors to update the EESPI Q2 document
Consider Shake Implementation: Group to consider protocol design based on shake alone for SHA-3/KMAC.

Next Steps

Authors of various drafts to incorporate feedback from the meeting and mailing list.
Chairs to schedule adoption calls for identified drafts.
Continue discussions on the mailing list regarding specific technical issues.