Interesting comments! Thanks, Thom. My replies inlines.
Guilin 发件人:Thom Wiggers <[email protected]<mailto:[email protected]>> 收件人:Wang Guilin <[email protected]<mailto:[email protected]>> 抄 送:[email protected] <[email protected]<mailto:[email protected]>>;Valery Smyslov <[email protected]<mailto:[email protected]>>;Wang Guilin <[email protected]<mailto:[email protected]>> 时 间:2026-04-08 19:50:31 主 题:Re: [IPsec] [IPsec]: New Version Notification for draft-wang-ipsecme-kem-auth-ikev2-03.txt Hi Guilin and Valery, Op 7 apr 2026, om 11:12 heeft Wang Guilin <[email protected]<mailto:[email protected]>> het volgende geschreven: In addition, beside using ML-KEM to replace ML-DSA for authentication in IKEv2, we also noticed that some other KEMs could be good candidates as well. For example, Classic McEliece has public key sizes from 260KB to 1.36 MB, which is huge compared to ML-KEM. However, the ciphertext sizes are just 96-208 bytes, very short. Therefore, in the case two entities need to authentication with each other frequently, Classic McEliece could be a good choice to save communication overhead, by assuming that each side can store public key or certificate of the other side. If a few MB storage is not an issue, using Classic McEliece as KEM based authentication may be even practical for IoT devices with constrained capability, but only communicating with fixed parties. Table 6 in [1] gives the exact sizes of Classic McEliece variants. > I think that the use of Classic McEliece to avoid transmission suits IKEv2 > well, since it supports some “Certificate” formats such as the hash-and-url > scheme that very naturally work for this out-of-band distribution of public > keys. [Reply from Guilin] Yes, this sounds naturally working. We can intergrate this approach expilictly in the draft, I think. > Of course this mechanism will also be useful for UOV-style schemes that have > very large public keys but small signatures. [Reply from Guilin] Hope more PQ KEMs with shorter ciphertext can be standardized in the near future. Cheers, Thom
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
