Markdown Version | Transcript | Session Recording | Session Materials

Session Date/Time: 19 Mar 2026 03:30

IPSECME - IETF 125 Meeting Minutes

Summary

The IPSECME Working Group met at IETF 125 to discuss the status of active drafts and several new proposals, primarily focusing on post-quantum cryptography (PQC) integration, large message handling, and protocol optimizations. Three new RFCs were published since the last meeting. Significant discussion occurred regarding the alignment of PQC drafts, the efficiency of IKEv2 fragmentation for large payloads, and the introduction of KEM-based authentication.

Key Discussion Points

Working Group Status

• Published RFCs: Renaming ESN (RFC 9611), Group Key Management (RFC 9621), and Mixed PSKs (RFC 9631).
• Drafts moving to publication: draft-ietf-ipsecme-ikev2-pqc-auth and draft-ietf-ipsecme-ikev2-mlkem.
• Last Call Done: draft-ietf-ipsecme-ikev2-downgrade-prevention, draft-ietf-ipsecme-diet-esp, and draft-ietf-ipsecme-ikev2-diet-esp-extension.
• Tirumaleswar Reddy requested acceleration of the shepherd write-up for draft-ietf-ipsecme-ikev2-pqc-auth.

Post-Quantum Key Exchange

• FrodoKEM for IKEv2

  • Presenter: Guilin Han
  • Discussion: The draft draft-ietf-ipsecme-hybrid-kem-ikev2-frodo was adopted in February. Updates include pure FrodoKEM support, PPK integration, and security alignment with the ML-KEM draft.
  • Technical Issue: The draft currently has a normative reference to an unadopted CFRG draft. Tero Kivinen and Deb Cooley noted that normative references must be stable and accessible. Tero Kivinen suggested aligning the structure and naming of this draft with the ML-KEM draft.

• KEM-based Authentication for IKEv2 with Post-quantum Security

  • Presenter: Valery Smyslov
  • Discussion: Proposed using KEMs for authentication to leverage smaller sizes and better performance compared to PQC signatures. Version 03 introduces an "Encrypted Certificate" (ESERT) payload to protect initiator identities against active attackers.
  • Feedback: Scott Fluhrer questioned whether the complexity is justified by the performance gains. Valery Smyslov noted that it also provides privacy benefits (responder reveals identity first) and repudiation properties.

Large Message Handling and Transport

• Use of IKE Fragmentation for Large Messages

  • Presenter: Valery Smyslov
  • Discussion: Very large PQC keys (e.g., McEliece) result in thousands of UDP fragments. Current IKEv2 fragmentation is inefficient because it retransmits the entire message if one fragment is lost. Two proposals (one from Valery Smyslov, one from Antony Antony/Tobias Heider) suggest a status receipt notification to allow selective retransmission of fragments.
  • Transport Choice: Yuan-hu suggested TCP as the solution. Antony Antony argued that UDP-based solutions are necessary for environments with NATs or hardware constraints where maintaining dual TCP/UDP sockets is costly.

• PQ/T Hybrid Composite Key Exchange & Reliable Transport for IKEv2

  • Presenter: Valery Smyslov
  • Discussion: Discussed draft-ietf-ipsecme-ikev2-reliable-transport for running IKE over TCP while keeping ESP over UDP. This allows larger payloads in IKE_SA_INIT.
  • Feedback: Scott Fluhrer questioned the need for multiple competing ways to handle large payloads (Composite vs. Multiple Key Exchanges).

ESP Extensions and New Proposals

• Encapsulating IPsec ESP in UDP for Load-balancing

  • Presenter: Xiao Hu
  • Discussion: Proposal to use the UDP source port as an entropy field for RSS/load balancing in multi-core gateways.
  • Feedback: Valery Smyslov argued that existing UDP encapsulation for NAT-T could already achieve this by randomizing the source port, questioning the need for a new dedicated port.

• Multi-Path Secret Sharing for QKD Key Relay in IP Networks

  • Presenter: Jianming
  • Discussion: Proposed a threshold secret sharing scheme across disjoint paths to mitigate the risk of compromised relay nodes in Quantum Key Distribution (QKD) networks.
  • Feedback: Tero Kivinen expressed doubt regarding whether this proposal falls within the current IPSECME charter.

• Multi-Authentication in IKEv2

  • Presenter: Guilin Han
  • Discussion: A proposal for flexible negotiation of multiple authentication methods (e.g., PSK + PQC Signature) using a set-based selection mechanism.

Decisions and Action Items

• Adoption Call: Tero Kivinen to issue an adoption call for the large payload (big payload) draft mentioned by Valery Smyslov.
• Shepherd Write-ups: Tero Kivinen to complete the write-up for draft-ietf-ipsecme-ikev2-pqc-auth.
• Coordination: Chairs to discuss the status of the FrodoKEM algorithm draft with the CFRG chairs to determine the path forward for draft-ietf-ipsecme-hybrid-kem-ikev2-frodo.

Next Steps

• Draft Alignment: Authors of draft-ietf-ipsecme-hybrid-kem-ikev2-frodo will work to align the document structure with draft-ietf-ipsecme-ikev2-mlkem.
• Mailing List Discussion:
  • Evaluation of the performance vs. complexity trade-offs for KEM-based authentication.
  • Comparison of the two selective retransmission proposals for IKE fragmentation.
  • Review of the QKD draft for charter relevance.
  • Discussion on the necessity of a new UDP port for ESP load balancing.

Related Documents

draft-ietf-ipsecme-diet-esp, draft-ietf-ipsecme-hybrid-kem-ikev2-frodo, draft-ietf-ipsecme-ikev2-diet-esp-extension, draft-ietf-ipsecme-ikev2-downgrade-prevention, draft-ietf-ipsecme-ikev2-mlkem, draft-ietf-ipsecme-ikev2-pqc-auth, draft-ietf-ipsecme-ikev2-reliable-transport