Re: [CFRG] Please review draft-ietf-drip-rid

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 17 September 2021 21:28 UTC

Return-Path: <prvs=5894ae5b75=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A58743A16FE for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 14:28:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.895
X-Spam-Level:
X-Spam-Status: No, score=-0.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MAY_BE_FORGED=1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATHNhtlLSrIK for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 14:28:54 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC9E3A16FF for <cfrg@ietf.org>; Fri, 17 Sep 2021 14:28:53 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (lle2k16-hybrid01.llan.ll.mit.edu [172.25.5.112] (may be forged)) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 18HLSpGn111208 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 17 Sep 2021 17:28:51 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=MGnzUdHHPMPmlpqnqJWPqQVMOvW9VjI0towM4osP14RHqH+7VoPJ0HqwaAeQPlCyZBQwhKMcuTp5a2DxoD5EbWpr0cAwoDVlIxvQS+IdlytQETWzecN+4YkPrmct9gByeGAwHO5q1oL8evkusIDKByRGdLM85I/y40QhRj1m4YehwfmVUp43lVHAlEzkwiR3nWLTdNo/2x1C0WUsaTLbKLLm7hA7bxqE9i5h+ZpEH5sZGV+B2cdOpfoZa2A5a+lQglttMuGdvblT+a/i81pySNKbv6M64X+nh7SznoOi9MA17S03XkFnRpzBSgOL0cKqSKbyuDOXj3wUdcAPgzpvuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MPpXtAdkgbEkVCdP5ON4QkwaSWwo4y4YipZBZ0LxqU8=; b=hrR9mVxnYfyBtCqg1SRlrxhBJfjoe3jpOYlzUaaxxKTVomhlRIJ2QxsDaIcOYe/qv7Yw+5X10bIysH9ogZLdyKg2mI+ea6qIsLG6KJdvwwiHBLirNvjfIdueonVD4eey/6cwns+AekeY8kryhUWoNBeB3rlAia2r3NAe/wLnCi7ra0Ixw/oCwPm9ZbfC7xJIutP2cTfD8WJNlBmHBDAouU/2Y2d/nMBMtzd7+UKTgY0lRBHdDSSqdXI2ITZ4LYoskIW+1LapSrQ+DG0i2ltS3Gc5NxUke6FsLNXxWSBtp6vuCHDzm9CNV+vZCmSWbXT6DLB89YURgpU0iyYcWXRtng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [CFRG] Please review draft-ietf-drip-rid
Thread-Index: AQHXqabNt36YLY7DJUewIlymAShOI6uoROUA///DNACAAFe/gP//wtEAgABxOAD//8U+AAAMItiA///FbAA=
Date: Fri, 17 Sep 2021 21:28:47 +0000
Message-ID: <FB2EE825-E7A8-4073-A273-D4B7496B812E@ll.mit.edu>
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com> <00DA2E69-D80A-4CA7-B744-97B30F237501@ll.mit.edu> <20210917184114.4gnz7g4dl7euf5po@kaon.local> <A3231C7A-6DA6-47A9-96B7-0A90339EFB7F@ll.mit.edu> <47B60608-2C57-4C18-AC07-33ED063B5E1C@vpnc.org>
In-Reply-To: <47B60608-2C57-4C18-AC07-33ED063B5E1C@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: vpnc.org; dkim=none (message not signed) header.d=none;vpnc.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6a968125-e759-4c25-adbc-08d97a2222a5
x-ms-traffictypediagnostic: CY1P110MB0944:
x-microsoft-antispam-prvs: <CY1P110MB0944067E20A9AD5EDD691E6B90DD9@CY1P110MB0944.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uvIPLy4BT1YFqKxyi6J28nyQmg6mfJQbSWpSn+pu8EUYDXg2C8dMfdqCX9D8Od57UqwS3WjjRECTPoOd/VAkbZPzLkPwj/95Ok+676o2+vMAVHEFssCiuV3BsraUM3yHDeKwCjtlkgKqgV2HOVlv+ccczg3dMcGlJEokGFN4gR2PKwAMeOkD17Zz3IADRwXPU7ZlDUCoOzMeJmT6/LwSRN9GB7hWeSqrmkfyZTFkYjtQk1Vo9/6CVsmUHf/i2scWECYCr9VFGj2nipvEV/0zGd+z1e7JCn7aBPleMB203Rn/7tIu5+okG9nDOAAP1M32nMxc/2M3ig7HZ8lBMpywVL7RmgS/ngIFnKDllwiL767QCKYOt/lHwKwjTu3768/xLIhJcD09BFGwM36M9H5FCpbFdfRgiulArWEQ44l35O/XEEPPW9IypE8hL5aeYTeghf/kADc56ULcc2vwyLcm7k4VjRGxQ68wlF8Pmd/rA1UPMMS9+shouTKo1fcMnBO/maWsDEEL0HhWi/Q//Gh8/M6J3xTnC9CbFpqPvxJqcNeBYNbe65xTevpui7E9JKkI6LOqs0v+gnB5sIReJew8l7qH0PLubaK/ZSNRzYTfYJ+PLF38zPCAeckfHJT1Nqc36QhYVjp6W7viPFte84t/x+npeKrq8uy1oymshf5WEYYFzj0Qz6xV9juvONQ8LFoPFvDSL17SkUiAvKj5ovW+Xw+4TFqORM1N4a3pBlE1h9Nb5U9gIGfzbFde/VCrYU0i
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY1P110MB0712.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(6486002)(8676002)(498600001)(4326008)(99936003)(38100700002)(966005)(5660300002)(122000001)(8936002)(75432002)(2906002)(83380400001)(186003)(26005)(33656002)(38070700005)(66556008)(86362001)(71200400001)(76116006)(53546011)(6506007)(6512007)(66946007)(2616005)(66446008)(64756008)(6916009)(66476007)(66616009)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OsgPjEqWk/YNEXYxs0vPxSWqrmC2Vknuwp3te1/r5I4H4YH7AnGHtGuswyYIskTAUvrAqNnhIh9ihkATwPXL0jfqaxZ4sHdyKOXdshHHZgtYfp16wFp0vfk/I/cGwnoPsaeRU9a3GtTSjWdMZuihxACKbwRNaX6x/2wfVFYn7OA+/dEXSSb+slm+9jOjgjXsxton8sv3uw565sdBU2hlaauGpc3d13QxvzC1ikC4M5Z6izr4QC9e2SxxDuRhkUXEtgS6w8tYcf0oTE41dNQ9FVkk2V65TqvhjEbvc3YBAyaWSD7drlMNcTh+mjDiv/e378hPvoK/YgjC2fDUjN3xobBEQeJnUFhmU36V6sjuUvNzn4tHQRfDKdLAoE0UAZOAKlKNLix+8wJ9TLx9UYmCU2r8WWYvBlYqvaPIBVv7l9JU3vknS18BedfUGVdHLxFxc8p5Vq7NjSYYzS5wVKXXcMAMI2sSUaTofZMZhflCUiatZil0U+yu9zFw//SBJJ4uUL6PkK/+3HEP9+y5e6qJyJ5LOyR1NBt/csQHjQ+kkcjWZJ57VSYbhgO+7qS0g+WJFu32sfFSW13g0W2ENXBodzSHyMQYjYqZhuJ1I3m+h5eQnYE6AwtBqGXNXjoG9dflpAfS+ABmU0Y7t02yEtDgmo9xJ6FB2BjbpX1Rb+tqeJ6XyYuIndDq1NJFXOfwYy9ifZ30SezJJ1clYeS3YF/pzA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3714744527_563682041"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY1P110MB0712.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a968125-e759-4c25-adbc-08d97a2222a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2021 21:28:47.7026 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1P110MB0944
X-Proofpoint-GUID: jIDBd3l-TW_v2ohTDhpnGBOm-0AuU1n9
X-Proofpoint-ORIG-GUID: jIDBd3l-TW_v2ohTDhpnGBOm-0AuU1n9
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-09-17_08:2021-09-17, 2021-09-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 spamscore=0 suspectscore=0 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109170127
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/F8caa2sviUPI7_kPd_B67RYxxpU>
Subject: Re: [CFRG] Please review draft-ietf-drip-rid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 21:28:59 -0000

On 9/17/21, 16:59, "Paul Hoffman" <paul.hoffman@vpnc.org> wrote:

 

>    On 17 Sep 2021, at 12:10, Blumenthal, Uri - 0553 - MITLL wrote:

> 

>    > Acceptable as *new* designs? I'm not a spokesman for the US 

>    > Government, but I doubt that.

> 

>    Then you seem to be doubting the NSA FAQ on quantum computing and 

>    cryptanalysis. 

>    https://media.defense.gov/2021/Aug/04/2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF

 

Thanks for bringing this up - I wasn't aware of a fresh update (Aug 2021, wow!).

 

However, what I find there seems to support what I've been saying:

 

Q: What about new elliptic curves and associated algorithms?

A: Given the transition time required for most government programs to integrate new cryptography; the large established base of existing solutions; the desire to preserve interoperability with existing systems; and the expected standardization of post-quantum algorithms, NSA does not anticipate including additional algorithms or parameter selections in the CNSA Suite.

. . .

Q: When will CNSA be updated to quantum-resistant algorithms?

A: The intention is to update CNSA to remove quantum-vulnerable algorithms and replace them with a subset of the quantum-resistant algorithms selected by NIST at the end of the third round of the NIST post-quantum effort – NIST determines the timeline for each round. See the Future Cryptography section of this FAQ for more information.

 

 

 

>    > Once NIST PQC publishes its first PQ standards (Jan 2022), we'll see 

>    > if recommendations change then.

> 

>    This assumes that they are "standards", yet NIST has waffled mightily 

>    about what the next step will be, particularly about authentication 

>    mechanisms.

 

NIST promised to set the standards by Jan 2022. That set will include KEM (probably more than one), and Signature (authentication ;) - again, probably more than one. Whatever *subsequent* standards may come out of PQC, according to NIST, will *augment* rather than replace the 3rd-round selection. 

 

 

>    Maybe we can cut this thread here? If any of us are not a spokesperson 

>    for $ZZgovt, we should not immediately follow such statements with 

>    suppositions about what $ZZgovt will do. Let's let them do that and then 

>    we can respond.

 

OK, sure, I agree. (But couldn't refuse myself the pleasure of the last word in this sub-thread. 😉)