**Session Date/Time:** 04 Nov 2024 09:30

# ipsecme

## Summary

The ipsecme working group meeting at IETF 121 covered document status, presentations on several draft proposals, and discussions regarding their potential adoption and future direction. The presentations included topics such as anti-replay status notification, a new ESP protocol, SHA-3 usage in IKE and IPSEC, FreeDo KEM in IKEv2, IPSEC diagnostics, and post-quantum authentication.

## Key Discussion Points

*   **Document Status:**
    *   IKEv2 GRI draft is nearing publication.
    *   QR-alt draft needs more reviews. Concerns exist about the key generation method used.
    *   Diet ESP and Diet IKE Extension drafts are targeted for working group last call. Daniel to publish a new version of the Diet IKE extension.
    *   TS Payloads draft has seen little recent activity.

*   **Anti-Replay Status Notification:**
    *   The presenter proposed a mechanism for notifying peers about replay protection status and support for ESN without anti-replay.
    *   Debate on whether ESN can be separated from replay protection.
    *   Discussion on whether sequence number wrap-around should be allowed.
    *   Concern regarding security implications of disabling anti-replay. Suggestion that replay protection should always be on unless a thorough security analysis has been conducted.
    *   Implementation challenges of supporting ESN and replay protection separately were discussed.

*   **Announced ESP Draft:**
    *   The draft proposes a new ESP protocol with a version number, more flexible header options, and hardware offload friendliness.
    *   Discussion on the overhead introduced by the new protocol, particularly regarding the 4-byte savings with the optimized packet format vs. the 64-bit sequence number.
    *   The working group's input was requested regarding the optimized packet format and the use of TLVs.
    *   Discussion on referencing or copying text from existing ESP specifications. Copying was generally favored.
    *   Question raised about whether the document needed to be separated to multiple drafts
    *   The need for rechartering the working group to include this new ESP proposal was noted.

*   **SHA-3 in IKE and IPSEC:**
    *   The draft proposes using SHA-3 (and KMAC) for PRFs, integrity algorithms, and digital signature authentication methods.
    *   Reasons for using SHA-3 included protection against future SHA-2 weaknesses and smaller cryptographic footprint for post-quantum implementations.
    *   Debate on whether to include HMAC-SHA-3 or only KMAC. Concerns that HMAC-SHA-3 lacks a strong cryptographic basis.
    *   Concern about the compatibility and negotiation of PRF+.
    *   Suggestion to experiment with code points and registries before committing to an RFC.

*   **FreeDo KEM in IKEv2:**
    *   The draft proposes using FreeDo KEM for IKEv2 key exchange, providing a post-quantum alternative.
    *   Compared FreeDo to ML-KEM, noting the difference in key sizes and security assumptions.
    *   Performance experiment showed increased handshake delay with FreeDo KEM, especially with packet loss.
    *   It was pointed out, one fragment lost equals retransmission

*   **IPSEC Diagnostics:**
    *   The draft proposes a diagnostic protocol for detecting IPSEC issues, such as MTU misconfiguration.
    *   Question about the relationship between this protocol and DPD.
    *   Concerns about non-encrypted DSP ping

*   **Post Quantum Authentication**
    *   Using MLDS and SLH DSA
    *   Use of RFC 747 for post-quantum authentication digital signatures

*   **Hybrid Authentication**
    *   Combines post quantum authentication with a traditional authentication
    *   Concerns over Lamps context string API

*   **Header Authentication**
    *   The draft added authentication method for a new encapsulation header
    *   End-to-end encryption for the payload
    *   Discussion on the threat model and the need for hop-by-hop authentication.
    *   Suggestion that the proposal may overlap with the NASA working group.

## Decisions and Action Items

*   **Daniel:** Publish a new version of the Diet IKE Extension draft.
*   **Tero:** Start working group last call for Diet ESP and Diet IKE Extension drafts after Daniel's update.
*   **Authors of all drafts:** Send emails to the ipsecme mailing list requesting working group adoption, and prompting feedback and discussion.
*   **Anthony:** Check rechartering the working group to include this new ESP proposal
*   **Tero:** Talk to ADs to check the charter

## Next Steps

*   Discuss SHA-3 (and KMAC) usage further on the mailing list.
*   Authors to consider feedback on their drafts and revise accordingly.
*   The working group will discuss potential working group adoption for the drafts, in the mailing list.
*   Determine the appropriate venue (mailing list/working group) for discussing the encapsulation header authentication proposal, looking into the NATO list.