IETF Logo Mail Archive

Re: [CFRG] [EXTERNAL] pq firmware signing question

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 18 March 2024 20:59 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6375BC180B72 for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 13:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.596
X-Spam-Level:
X-Spam-Status: No, score=-14.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34hpv7wxZ2n2 for <cfrg@ietfa.amsl.com>; Mon, 18 Mar 2024 13:59:34 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFA5C14F60A for <Cfrg@irtf.org>; Mon, 18 Mar 2024 13:59:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=1006; q=dns/txt; s=iport; t=1710795574; x=1712005174; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=BDry6xoEdnRw/M8usrCWVhDE+ZPgXhuoB3kYC4vLgxI=; b=NMkGvgXHaNoOQUfldlY5paTK+TBqqYtUfCm7YpuUpKwL8U3a3PrXhlz6 EFdjhplJTuCm6AFrGiRjwO9/PTwKBAPWDPRgDOTqx0KCpZ3skeSReg+V8 PRskF/yyAHc2DBxr7cZRSyPhOoQqY3CwJfNDK+0t+z9LBjemxkR2hphmI I=;
X-CSE-ConnectionGUID: edTnD6wSQv22fLBwRnYJNw==
X-CSE-MsgGUID: YKiksIFuT5eS85C9flki4Q==
X-IPAS-Result: A0AzAQDqqvhlmIcNJK1aHAEBAQEBAQcBARIBAQQEAQFAJYEqgWcqKHoCgRdIiCEDhS2GSYIiA6AFDwEBAQ0BAS4LCwQBAYUGAogCAiY4EwECBAEBAQEDAgMBAQEBAQEBAQYBAQUBAQECAQcFFAEBAQEBAQEBHhkFDhAnhWwNhk4BAQEBAwEBECg0FwQCAQgRBAEBHxAmCx0IAgQBEggagl4Bgl8DARCnNAGBQAKKKHiBNIEBghYFsnsGgUiIJgGKMScbgUlEgRVCgmg+gkoXAYFjhBKCLwSCE4M7iHSVRVR/HAOBBQRaDQUWEB43ERATDQMIbh0CMToDBQMEMgoSDAsfBRJCA0MGSQsDAhoFAwMEgS4FDRoCEBoGDCYDAxJJAhAUAzgDAwYDCjEwVUEMUANkHzIJPA8MGgIbFA0kIwIsPgMJChACFgMdFgQwEQkLJgMqBjYCEgwGBgZdIBYJBCUDCAQDUgMgchEDBBoECwd4ggKBPQQTRxCBNAaKHAyDDAIFI4F4KYERGIEeA0QdQAMLbT01Bg4bBQQfAYEZBaIwAYQQBlsgChMtGcZHCoQSjAqVUxeqLphfII1QmmMCBAIEBQIOAQEGgXsjgVtwFTuCZ1IZD445gRUBDIdTimV4OwIHCwEBAwmKaAEB
IronPort-PHdr: A9a23:e7TdwBcBm0N8uTy3rHnBg7cUlGM/eYqcDmcuAtIPkblCdOGk55v9e RCZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NBsdA97wMmXbuWb69jsOAlP6PAtxKP7yH9vJgcCq1/q/4bXYYh5Dg3y2ZrYhZ BmzpB/a49EfmpAqar5k0BbLr3BUM+hX3jZuIlSe3l7ws8yx55VktS9Xvpoc
IronPort-Data: A9a23:EXkti6tqwT1Wk2mXmIisEjP0GOfnVCteMUV32f8akzHdYApBsoF/q tZmKWyEaPvbZTDycop/bt7j8hwG6sPTnd4xTFRlritkQy8RgMeUXt7xwmUckM+xwmwvaGo9s q3yv/GZdJhcokf0/0rrav656yAkiclkf5KkYMbcICd9WAR4fykojBNnioYRj5Vh6TSDK1vlV eja/YuHZzdJ5xYuajhIs/na+Es11BjPkGpwUmIWNKgjUGD2zxH5PLpHTYmtIn3xRJVjH+LSb 44vG5ngows1Vz90Yj+Uuu6Tnn8iG9Y+DiDS4pZiYJVOtzAZzsAEPgnXA9JHAatfo23hc9mcU 7yhv7ToIesiFvWkdOjwz3C0HgkmVZCq9oMrLlCyvfCV4xPZSELyma9gKGspB4sp2MBoVDQmG fwwcFjhbziKg+awhbm8UOQp3IIoLdLgO8UUvXQIITPxVKl9B8udBfyRo4YDgV/chegWdRraT 9EXbSdvdhnaSxZOIVwQTpk5mY9Eg1GlKGcG9w/L9PBfD277/S9w06PMHsfpJ9GxFZh+z0icp WOaxjGsav0dHIfCkWXeqC3EavX0tQj1Qo06Faek+LhtmlL7+4AIIBQSUV3+qv6jhwvkHdleM EcTvCEpqMDe6XBHUPHwUyG+jCCbhScCAYBeN8cl0ge86IzLtlPx6nc/chZNb9kvtckTTDMs1 0OUk96BOdCJmOPPIZ563unOxQ5eKRQowXk+iTjopDbpDvHqpIU1yxnIVNsmSui+j8b+Hnf7x DXiQMkCa1c705JjO0aTpAyvb9eQSn7hFV5dCuL/BT/N0++BTNT5D7FEEHCChRq6EK6XT0Oao F8PkNWE4eYFAPmlzXPUGLpdQu/2uqvZb1UwZGKD+bF8plxBHFb+LehtDM1WeS+Fz+5dIGC5P hWP0e+vzMAPYRNGkpObk6rqVpx1lvK/fTgUfvvVddFJKoNgbxOK+TomZEibmQjQfLsEz8kC1 WOgWZ/0Vx4yUP0/pBLvHrt1+eFwnEgWmziMLa0XOjz6i9JyklbPF+dcWLZPB8hkhJ65TPL9r 44Ea5TVmk4HDoUToED/qOYuELzDFlBibbjeoM1MfenFKQ1jcFzNwdeIqV/9U+SJR5hoq9o=
IronPort-HdrOrdr: A9a23:XAYKPK4JF0Hhf3cJxAPXwZqCI+orL9Y04lQ7vn2ZFiYlEfBwxv rPoB1E737JYW4qKQ4dcLC7VJVoMkmsi6KdhrNhcItKPTOW8ldAQ7sSlrcKrweQfxEWs9QtqZ uIEJIOROEYb2IK9/oSiTPQe71Psbv3lZxAx92uskuFJjsaDZ2Imj0JcjpzZXcGPTWua6BJc6 a0145snRblU3IRaciwG3kCWMb+h/CjrvjbSC9DLSQKrC2Vgx2VyJOSKXWlNxElPA9n8PMHyy zoggb57qKsv7WQ0RnHzVLe6JxQhZ/I1sZDLNbksLlaFhzcziKTIKhxUbyLuz445Mu17kwxrd XKqxA8e+xu9nLqeH2vqxeF4Xig7N9u0Q6j9baruwqgnSXLfkN+NyOHv/McTvLt0TtigDi76t MN44vWjesQMfqKplWN2zGBbWAbqqPzmwtsrQbW5EYvCbf3r9Rq3NUi1VIQH5EaEC3g7oc7VO FoEcHH/f5TNUiXdnbDowBUsZWRt1kIb2C7q3I5y7qo+ikTmGo8w1oTxcQZkHtF/JUhS4Nc7+ CBNqhzjrlBQsIfcKo4XY46MICKI32IRQiJPHOZIFzhGq1CM3XRq4Tv6LFw4O2xYpQHwJY7hZ yEWlJFsmw5fV7oFKS1rdV22wGIRH/4USXmy8lY6ZQ8srrgRKDzOSnGU1wqm9vImYRqPiQaYY fHBHsNOY6REYLHI/c64zHD
X-Talos-CUID: 9a23:mHOT0GF6UcAhnGz4qmJq+HISNp46SUTDli3eB2WnM2BYapuKHAo=
X-Talos-MUID: 9a23:UwN1awgWw9cfF3WRjGmTe8MpBeRp4L+PJl0xzJg965SvZCJ0ODbBtWHi
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-5.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 20:59:33 +0000
Received: from rcdn-opgw-4.cisco.com (rcdn-opgw-4.cisco.com [72.163.7.165]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 42IKxXhp032105 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <Cfrg@irtf.org>; Mon, 18 Mar 2024 20:59:33 GMT
X-CSE-ConnectionGUID: Is8Kiaw/R/6D8Ta5GNwmEg==
X-CSE-MsgGUID: fObqSR+CS3yw8mPcX6EYyQ==
Authentication-Results: rcdn-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=sfluhrer@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.07,135,1708387200"; d="scan'208";a="30928954"
Received: from mail-dm6nam10lp2100.outbound.protection.outlook.com (HELO NAM10-DM6-obe.outbound.protection.outlook.com) ([104.47.58.100]) by rcdn-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 20:59:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FGVYd/Qej0zfie+ZiBnt8JLPjUxgdAuGnbqqi00Gimf41AaWm8kiui0kFAY+MNzA1suZTl89nALBHjLhEkw+JP0hF8b3UDjXsW3gSFFs7Ckkd8RxOGnphuj+Cj++Ky1HdhSkEXoPzD6oGm9zFcmhVEZuYuOf8RrzjBy113pYHoiSKWg+IAMokF+2PJHZ1tVTmOuvfshGKRct8Fk0gVmzClc90ztGhXPTHfybR6THaAm+4TemZjT0Y4u1Z6N+gWmKeldSZZELOozJFmSTy1SE/3ROAfP+xzhshsTN588XXXrO7BwFOPmfKHJsKkt+y/OVptX/xcUYEKsAW5qDHopmgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BDry6xoEdnRw/M8usrCWVhDE+ZPgXhuoB3kYC4vLgxI=; b=XArXq490+ah7RnaJazkEpbmJ2RZGDVKbH2+6rnGKtd+jCtRqB6UMsdxtSleRRjNZadhdaPQiSFfsTRMN3tgLRxfiMV8KXFcmkaGjBRMrBANsb2GWpMGfPbPJWVdSQyuAB1ysq9wNbOeCdqf6poucWFFeoxfWDcnQxRtWxanBBPD1K0owCwCMI5f/+CL/rxrGKiCR+VVy7VJCNYIOVXl6Xbs4C9GcQvb/HQAy7EfP7/gJlDxbKcROzh0ylfZESSXxaTwIla3vgQvFJoq+7UW6KDp8jDNeqdXCCz7JmhF79CRst9UaiXY0msuJJd9zMWmapMYnQTdRtE/zvbl8+CNkZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from CH0PR11MB5444.namprd11.prod.outlook.com (2603:10b6:610:d3::13) by PH8PR11MB8064.namprd11.prod.outlook.com (2603:10b6:510:253::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11; Mon, 18 Mar 2024 20:59:31 +0000
Received: from CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::f061:a0b9:4a91:b27c]) by CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::f061:a0b9:4a91:b27c%7]) with mapi id 15.20.7409.010; Mon, 18 Mar 2024 20:59:31 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [CFRG] [EXTERNAL] pq firmware signing question
Thread-Index: AQHaeLaTzbe0bPKJw061bWumSCVCfrE8fxQAgAESnwCAABNYAIAAFIWAgABCtdA=
Date: Mon, 18 Mar 2024 20:59:31 +0000
Message-ID: <CH0PR11MB5444A9FEB975A9CEBC52488FC12D2@CH0PR11MB5444.namprd11.prod.outlook.com>
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5444D732D1619268DB3353B8C12E2@CH0PR11MB5444.namprd11.prod.outlook.com> <5e573fc4-3d45-4757-9c3d-efda3c273ed1@cs.tcd.ie> <4C91EA88-46C3-4C9F-866C-2BCB56F08333@amongbytes.com> <799a47e0-b469-4a46-ae1f-42d7b4e7c6ec@mtg.de> <GVXPR07MB967870DE329836FA8A80E321892D2@GVXPR07MB9678.eurprd07.prod.outlook.com> <Zfhys2oSTVZz96Ol@LK-Perkele-VII2.locald>
In-Reply-To: <Zfhys2oSTVZz96Ol@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5444:EE_|PH8PR11MB8064:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mSk7n+KYcHKV9kOvWSLHJt3jHIZImiAU7EPWtb8vETyhAv3SWW4u9rY/Q03jtkBfz58uAwZaq7HR+vWxm5xjYHUXFF0U3gDceKgSMlmkDl1f7APIHEIDMccGQlTV0DQbwcP/d/I3VvDAOwmcg4Z8ctw8P6aib2GoXUf7oYte3aOkySxc86Db6n2IL/+qTXtJW0veouxKw4HMP0ObYAWBHOh0zL6Oltwaq0MzttuJo/xLMLD0nLdObqh4hDrMchG3xkezHvV1s8Po0F22Z0KI0bc92M5aY8gjlXSffY6p9rqMd6K6o53RhG00nwWDcLXAKg8QFhVekHQeD83YwBKdwtAblNIy+lvk2LJPj39hhNM6BaffIUs/rBXYcMvw+SXilNYIAfxyxCtWsbK3zMNMX01EXtN0DCxLiqv4Eiu0lzuSyFYb3dd3gvCW2K0oC/Yc1A70xt3lfDWMMQH+z7opDDJiq4QRoWo9vVjgPRuJwCo76lNucv8rhq1Fq2kOp6nx12SphsQezCvvnJDq9vWrlDYviwTQ+6X4dEed8znSuMJbZTEmiK/nDIDPv6Wjmslhb1M/MmU/fstqGtUHXwuW9J+nP63cf1a35DVGEHjQE5E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5444.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1296RRhvpidkXGerIFtqFi0NjVjIrhzvSEvnUOvjmJFX7vbFfNIWGkSS7vfMank6h8g6Qtl5HLqaCcdt0cMpDNrQcOHgNwBz3j8AEDeI9wmTtwvC4w/hoSQr47FZU3upUPP90T2txEMIPcPSJF1KE6g7wurdR3If3vtB0Q22rlwul5osuRrCwp5ye4ye3UOmwqebTMX4ocNj9P2Utv/vvhIj5s2y0YzY7+u0OCe5VVqCsZ4RW2DlGr4EIUdOci2WotyznQWxtNWzMg62Y06m2FEX4T7LO/La1ApRMKAvqMQ6roOoNj7VKF1dzSDNBpeEt8uh4FZbxOAFmZqIPWCEZOK1GDBcP3iTj3kRrPDS9TH5fU6jnPZG99Oz+fhrTOFheqsnCOfpGii41mprCBKj3jpfI0vqIBbz4VQoDcI6Muh+alqJSd1IFH2qPEkIijL3LjPq3VEpo+S7jprYLMllkqqZ37mHqHFWB+1W4mlY2HuvNbM3CMkB70e9gbyIxo6t020cKGZtDN8/9JRXtPFo81ckcaHSeAx628eosL9KP2fkYBTMOheXXokBZTLcYIycKFp2I2sG4pY4cXFLBXLoSbUbHmnSX3nY+O+/QNTaVo1GjBcCQCnRj143RUvETxhLn+2sBK6UQf4KxixsL5DmFRolr4BRVy/SomKW0l4Jnhxwdxzu1lPo7IXdLNlGLDBloUetHF5FJ6Wq/sOTkjI11pUECTffMEgmt2H+nYBFjW6EevMSrHVfL0MoRo1YIQvrgRZmNuZ71xZSUXwZFAUAoxjVYIXj1YIk6jLa4ITRUuFym9ZK0Kyj8l2xUC5ueF+TVHQ70aY183k/JWehc309GTQY5VooB5ziBp3arl7z2oppI9XPaI7bfYwxEaZCaedWATRFZc79ZZMayNiazuULSfaufRkF2bUPun/WpRaU4euIEoHo+aZEgbu0fdXRKeKjOmvMb91PrSKd3IUuESGL0mN9aZnhzhzlveukAMQpVKnfrFMklqMQnn51kT1mZTE6yxeHVS8nLWR9HdmShybd5MNm6W3TqFRZk38tJPYfQ6IWaG7rlibAgeJnax44Xi7yFw5fc8jXyLuapV4pcuHjOPgniOSJSra75MsdnD2PMtJiuyV2QSYm87Uv+f9ezk3IZOcJQEBebeVYQA7ppTR1d1oKDzBXrYS7zTeBaio7jXd0UShyJywDB3d5h97AmoBQ+ev7ygJ9FGMyoJCxQyoYjsq2U4VcyUJWkNz4UM9EaavX01IpE7NGSQMb+gcO4kbKqeLwdNrwj9nQxQil/imxDsQPcs+u7c7+8qIluk4QlyPjvav42ZCh8R4DABK1YyeA6vwgjKJR5kWUF0POhYe5tP0Ms+Ckwn+I59OnhYwOEedM4Sazfr0OhFD03hpQgnUgdjQMxAi/JvCcHXmveVup12XcZh4HExYZaBAJ2AQTh/WYS4C9naV88/gIHC0Y+EKm6tIieUljuwL4F33BSsmkQ/7cehZ0PyIiot6QmTtZqoRHieYU7gqxaE6fFcl5IxLRA1G2I9PUKzLXIk83z+1VH2cv8eWyE4rbZmieF+tkkPXizExMYP0OA6xDlcmIJZEM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5444.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a42217fc-7ee2-4b0d-fa2a-08dc478e4ec5
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2024 20:59:31.1924 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zmkY3nz74ImnWhjDG46mG0jGI+DRd26w514WnjaPE5D48zkedClNt8S7GOJZuQFY/+WZeuJct76L7I+4oPm2zQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB8064
X-Outbound-SMTP-Client: 72.163.7.165, rcdn-opgw-4.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ME0Cb2eyTcZKgrf-6xybgkjw_9s>
Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 20:59:38 -0000

If you're worried about NIST certification, well, NIST is actively considering smaller Sphincs+ parameters with smaller limits on the number of signatures.

> -----Original Message-----
> From: CFRG <cfrg-bounces@irtf.org> On Behalf Of Ilari Liusvaara
> Sent: Monday, March 18, 2024 12:58 PM
> To: cfrg@irtf.org
> Subject: Re: [CFRG] [EXTERNAL] pq firmware signing question
> 
> And 1M signatures seems plenty: To burn through this in a millenia takes
> multiple releases per day (which is extremely fast pace, even for single-layer
> setup).
> 
> Advantage of using SPHINCS+ retuned to small number of signatures over
> stuff like XMSS is that there are no state-tracking problems.
> 
> However, there is certificational problem here: This will hold, but can we get
> this certified enough?
> 
> 
> 
> 
> -Ilari
> 
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email