IETF Logo Mail Archive

Re: [CFRG] NSA vs. hybrid

Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 06 December 2021 23:30 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 755DF3A0B2F for <cfrg@ietfa.amsl.com>; Mon, 6 Dec 2021 15:30:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4iR1uUAjp9lS for <cfrg@ietfa.amsl.com>; Mon, 6 Dec 2021 15:30:06 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56B133A0B29 for <cfrg@irtf.org>; Mon, 6 Dec 2021 15:30:06 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B6LYF9N016511 for <cfrg@irtf.org>; Mon, 6 Dec 2021 17:30:03 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=mail1; bh=SVdUcFvjlclrNv8fFR2M2+/w+SQ8TeAvSI0kKh9OXSM=; b=IPsWs7W/5S/QgvYg4jnjqlY1jsM448LsvXDnydKQwT4GyT9/FfFT7GD2j48BMYLgD3Jk AjraTVkx2Z7lQ+ziE7cRt74fP8MRhVWMkvmerlqDt/eoNMP4DbNWpiz5rlSJyW+Shzak TEYs5Ilo69ZptO+TaQvXLIm73o/02XxLyNCP0zCcuhVWhHn7mj1JqqMiKirVcYKtRi6j qY8kYz7KDIhRfkx9KWfKaT7E5kocEZ6NwYLB0v6xU4ajbIMswy8cV0lSqlI1KyoZbJ95 a6tDN5DDiorlBjhhlJtxDFYBROqM8z1Ul9dsfFzop8nSYaiZYPCs3MiKm7Am0uCIlvox Xw==
Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2101.outbound.protection.outlook.com [104.47.70.101]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3csbhba80x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <cfrg@irtf.org>; Mon, 06 Dec 2021 17:30:02 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HTe2uaZb+bvR3JdRjzHNqP4kSJ5gthHG4oTBnF664gFEjSTgnAFxTrrxb4Cwajkw/60+y/LgNuoW/bkaARvN/zw48caeehqMNB+adq7duyKTtmz68aKdy4YobCYxVsWin8tyhd1IKg3xGb3WJ2O3oh6NZespHSs7LCnd2E2G9xEocHOcWaX9Rph3yrmiYUx3oy6DdQu84Kl2wcGMeD+UZcbMXhAp0rWMMdU0nRekaRlm9wxkBLgKBomDtRhDEfsnUNpnRpCrgq09GXQhK79symSRR9zoqfwiEZoZVD2UQj6kEGN/27xZQ/fAQT+Z/PkFriKZTLl1A5qvlp/MlPupIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SVdUcFvjlclrNv8fFR2M2+/w+SQ8TeAvSI0kKh9OXSM=; b=a4a1sCxKF8Jf5TobD+noKbmyjzJIlMl/q7vJTF9+V0zsIKzQ/65CTEmVu/rt4zTSqeSwqXI/yOf4ICwArXCSnMt/JkkF2C8D7gwq0SOHL5NgvVsdjG3BxCGyKnTp6lc7zHL3N5YqzDSOuq3e8qIdqg2lshbmiocerb+CPXWCCmyO+mR8ZN48DwmGQfBkElKQDM7Rua423oxo1bZtBXH9X96OaS3OfgwR32YaxkUx3hnpnX/uhazg0A/bqmkiNXl0PWIw5vuAAbCqx32rT+zxmFnxXpio4vF+VYx3rbRzKhEcsMdLDOcpKL2sGF9QYpW8xVUJkRH2jXy7JIDXPWi1OA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from BL3PR11MB5732.namprd11.prod.outlook.com (2603:10b6:208:353::14) by MN2PR11MB3679.namprd11.prod.outlook.com (2603:10b6:208:f1::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Mon, 6 Dec 2021 23:29:56 +0000
Received: from BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9]) by BL3PR11MB5732.namprd11.prod.outlook.com ([fe80::ed02:a7e6:c379:8bc9%7]) with mapi id 15.20.4690.027; Mon, 6 Dec 2021 23:29:56 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] NSA vs. hybrid
Thread-Index: Adfq+SifdKkyH8eASvmUsdG8SJfxRw==
Date: Mon, 06 Dec 2021 23:29:56 +0000
Message-ID: <BL3PR11MB5732F4B9822A93E08E7E115F9F6D9@BL3PR11MB5732.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cc6681ac-db00-4893-a85c-08d9b910500c
x-ms-traffictypediagnostic: MN2PR11MB3679:EE_
x-microsoft-antispam-prvs: <MN2PR11MB36796445E38CDA8A1BE55B519F6D9@MN2PR11MB3679.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3g1KXZHHLc5IdyJI151pYQHhTOL/YH0YJLDwOzGZvdLS/iN+j66cBvmBXz9XduQpKDHuyd2S7touPp48p7bWBj0wpSOcZONVY211evB9bJaTdDLJgtQezOlxtwXVd50eLdOJb5KivBs1qeCK4BX74E6oTMYt5I2MCOiWH9gLV+SH2LQ7EmeS04UaTTSNvmRMLqifcbKQnqiQ0YpJJvHjGfS0AWBkmSz7z0xuJTQ44qJ8IquelubXSybidrPRfKhsmTlvtcIMZp9NjmS3S1Y4vA6NnOqs9gfJcn7d/OOIuF7cuURsvbl01MrDnxwLFEl5puka1RwY7w8aKCHTbrFBjLfZ/KVUvE8JRYaazG/RrZNXMhR91IMpYJbSqGpTYfKQ8wVBCNs1Ytfs/7pjunWZP1mi5L24xxA7LAZ+gcpzjME9VLyDx3c+Xh3ui6B7JEgyg1/Xy8O3R35CynJtMqCZ9ZXoOE/CxEU4M/sNaxVU0MPS+WLEvr7+Oi2w78oYRiWXbppHlcH+dgZ5CXWYQi+K5AJxohNl1lp3MU0UAz9ioKBLiyf/p762YgUJ6yor32gmiAPsIp7muPLa/AoCXJ8Pls/Gn9oAOs0HdKXDjNrvxrqNh/HiDT9wHyORPINo8myRSw7k8PQ50KdMuSfRkygfXX5kfUwezmkNNePzbkQ8NPsr3R/QN5UCpyesnuYDFMg1S4pvRhrabNtMwhRzjt0eyxWo5PmLEhQogjFf9j1nFDK9Mf5c1oD0v6ZmyAgtQzoLMO6taHHVfbQKAJoeS2i2RoeXjuOogNyInGd+r9Xpguuk+DIvtETHHoKDU8n4wsnTcNPQXg3/cfddKOy5KNoXIg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL3PR11MB5732.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(7696005)(2906002)(966005)(71200400001)(83380400001)(38070700005)(66574015)(55016003)(9686003)(316002)(8936002)(52536014)(66446008)(64756008)(38100700002)(122000001)(508600001)(86362001)(33656002)(66946007)(66556008)(66476007)(76116006)(26005)(6916009)(53546011)(8676002)(6506007)(5660300002)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rkIJNd9deK13GhheSeznNm7/9tdnZ78AqvnRnPjyCOd6r1xiSoVpBWUEaa8Ne4+T4EgmoAkPMRd0HHoDed3kIg04JodbM04gDSW1L3NWKyWElf9RkjGyI1K3nrHUhw7OrSbzTSdL6Jq0/ZyXZSjgWwWCyGLKTx9O85uar4hYFkLlrrY87UExYPAuRqYlAjBfqU1kGMxSokn0A6LYZxGGXe9SxNkwe9zuIodx4Uxw7kDzOp9zjBXMSo97lYrNJuO5mKazoFc7y+F/YLRSLWa0E1bUVFp+Vc3qd/19fsG4grSEDubdU5MTdOySsaX0NwgN9gpyN6Km0KNGefyw7aM9LOWFD4G6mI2fjbMnhdz56Q/TWAjDtPsNtCaKtWe24e1N5XzZiW/KzkFLhjJGDOpFlQ0mXEq2RSi9BOZ7Y1kUpBNgx2m+BDX7dZ3K3991wBHQAnfRVJ6iTr/q5hxFcduTDX+fSIrfh+NDHI1Y6tojucq1wfzg+fLxD04hnBe/c/4glRNtNWqxn1EXtixxRiV9GOFG8IbQnbwnX8YBzob7FoMjoJr+O5IW7g85liDCP8BZRjMWwcJfkJNKDaQMaemR2XJ9SfVjXjgpypxHZovWBUpXBwml/RhcMlt0AJwbCtEDWhM1TRR8HVrFabM0+fSkxVAJqhCzbSnSGIOMHfGYRdpDTGAfSsIrtBsqeknkYhf2uUiKWVTaPRXTxJRI3vfnxR5UeiQitxLn16HbTSlwHj+mCUl2WCeDECwZNdFsCo+MII7yC0memQkyFLkl1I+/XiLA8VohbZ9OLQpHS/dgSiafXn8vA+wfYhqjpWZk2SkL87w+DQf9iNZXwUoClCO3y+kq2Un80XbEJZAGuDZT5TJQh8CZlY1GP9yPayeZEeUNZ+QJH0s67kJ73fhZxroWkGAx7BQVhZIeH8RPdDFiWflRpe0DNckePwNvPWLdfHfztsG3HyH8qkIaVqTmwJCHoVph2/SsC6eui/mHXG+ZZa7sEfpWHx5rbA/yJ5dCuVapepvsN7anJwEHci2n3lklTxt5JgmMp7Ietuk7RJvSukcJp7Oa2uwC+G828wDrKeuSRP7JIzzrGcmFB0BU0wKxbLC0OpsS9QIU/TbVjjIq6BPw+azpcTeelSuSoTFcuRtVMGac7sFfFBTw7++sYmrdC7WU8SxD4tadLSuz8Ba8uzueMAmi2eWq+URNYBbkmgz9vYdzy2OSskGwJEdnZYqlTylCLT0hlEl97OszXKdMIzv9SPfzXOcTcoKcMuZgvyvp2+z7DLg4CWND/fkWk2jrW4T+MUHyMJhycvtbfF+LHnhbM21bOm04TktMaodH+YJLJjUEFNehwf4LATzJ6XTRj/gZVrogXc0SDT1rTEqFbgBufhlbwa4t0akqJV+dJETiICcYE/clOzvnphxBwh30C6cK90mrX+OxXiJX9G4/xwhfIrNhkP/FwJcvvuOhdSt0BjqnGFtspYQIecyosUc8h8yi6Ui+M6ataKuV/XQNvhMu1sPbfvelJm2PdWKgJezK/hQuhCN0Ah/ealjmxU+xL7dGqlZJ0wYqrQSVSLlCqpWtajiMJlmYWiftYkgxq6o7s2yqaThoytm1Dcjpd8YtyX6X65F4w3T0zavu9PrpGje/RemTw+p5JcJoRD5iXdaJFt/QS4GTYHJokmQm1OT1yg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL3PR11MB5732.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cc6681ac-db00-4893-a85c-08d9b910500c
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2021 23:29:56.1714 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NUPzYpgV4XA5cFz/ePoGiokmhBV9TPR129Oz7o419vyN8c/uCWNa66iG9oB6I4P0t8LcSeb4Z+bC++QR96zd/TL8HnN6T9f4it2rDXACQY4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3679
X-Proofpoint-ORIG-GUID: lW6aI2xdMUPqcf2mA3qBiHvaHIibiBiX
X-Proofpoint-GUID: lW6aI2xdMUPqcf2mA3qBiHvaHIibiBiX
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-06_08,2021-12-06_02,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 adultscore=0 malwarescore=0 priorityscore=1501 impostorscore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112060141
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Swjl44vY2Mf57a2etdS3y93X5MY>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2021 23:30:12 -0000

> Natanael <natanael.l@gmail.com> Mon, 06 December 2021 17:09 UTC
> This is straying away from the main topic, but there is "quantum annoyance"
> as a step in between quantum resistant or quantum weak.

> In other words, systems where every session has to be broken individually
> even if you have a quantum computer, rather than just breaking one key once
> and then reading all sessions.

I haven't seen the term "quantum annoyance" before. I like it.

I think we have a bit of a "bike shedding" problem here that discussions like this one seem to inevitably gravitate back to TLS-like protocols; which IMO is the easier of the two problem spaces with "offline" or "asynchronous" protocols being a much harder problem to design and deploy PQ migrations for.
For example the following things don't have "sessions" where you can apply the concept of "quantum annoyance":
* S/MIME emails where you look up the recipient's encryption cert, and sign the message with your signing cert
* Code-signing infrastructures
* Documents signed by an eIDAS digital signature infrastructure

These are cases where the signing / encryption is done and the object sent into the ether to be verified / decrypted by some unknown client potentially years later. The PQ migrations concerns here are both security (longer data shelf-life means higher importance that algorithm(s) chosen at signing / encryption time don't turn out to be flawed hint hint hybrid), as well as interop (we really can't proceed pre-standards because of the multi-vendor nature of most of these environments, not to mention that the "unknown client" factor makes graceful migration mechanisms much more difficult to design).
It's fine that we want to solve PQ migration for TLS / IKE first, but let's not forget that we have this (IMO far more difficult) problem waiting for us around the corner.

---
Mike Ounsworth
Software Security Architect, Entrust

-----Original Message-----
From: CFRG <cfrg-bounces@irtf.org> On Behalf Of cfrg-request@irtf.org
Sent: December 6, 2021 11:43 AM
To: cfrg@irtf.org
Subject: [EXTERNAL] CFRG Digest, Vol 200, Issue 12

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Send CFRG mailing list submissions to
        cfrg@irtf.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/cfrg__;!!FJ-Y8qCqXTj2!IH4lkvnSGWEpPmfUM7KgYGIRp3Qnzdib0uYXyNaP5j2NsST6Oghk2ZmcBVopdE1pe_tX$
or, via email, send a message with subject or body 'help' to
        cfrg-request@irtf.org

You can reach the person managing the list at
        cfrg-owner@irtf.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of CFRG digest..."


Today's Topics:

   1. Re: NSA vs. hybrid (Dan Brown)
   2. Re: NSA vs. hybrid (Natanael)
   3. Re: NSA vs. hybrid (Blumenthal, Uri - 0553 - MITLL)


----------------------------------------------------------------------

Message: 1
Date: Mon, 6 Dec 2021 15:19:27 +0000
From: Dan Brown <danibrown@blackberry.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Mike Ounsworth
        <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, "cfrg@irtf.org"
        <cfrg@irtf.org>
Subject: Re: [CFRG] NSA vs. hybrid
Message-ID: <8223d944172648d38426533b0da11325@blackberry.com>
Content-Type: text/plain; charset="utf-8"

> -----Original Message-----
> From: Blumenthal, Uri - 0553 - MITLL
> Sent: Saturday, December 4, 2021 8:45 PM ...
> My point is: we "should NOT have layered..." then, and we did not - as
> evidenced by pretty much all of the current IETF and proprietary (that
> I'm aware of) protocols.
> ...
> People who designed IPsec and TLS (presumably as smart and educated as
> we are) understood the concept of combining different algorithms as
> well as we do (it's hard not to, given its age).
> ...
> The common sense prevailed back then, and IMHO it would be better if
> it prevails now.

Not offering hybrid, say NTRU & ECC, in the past put us in this pickle now of the quantum computer attack risk.
Especially, all the forward secrecy obtained in the past from (EC)DHE is now in jeopardy (even for bug-free implementations).
Arguably, it was a smaller bug than others (using http not https, and non-forward-secure key exchange (RSA)).
Certainly, there are applications where the gains from hybrid are outweighed by the cost, but also applications where hybrid is worthwhile.
Hybrid ought to be option, or IETF WGs should use a cost-benefit analysis per application, the CFRG could help there.
(Generally, let's learn from our mistakes. Besides, aren't some users naturally inclined to expect the Internet to maximally secure their data? ;)

----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6441 bytes
Desc: not available
URL: <https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/cfrg/attachments/20211206/e1994010/attachment.p7s__;!!FJ-Y8qCqXTj2!IH4lkvnSGWEpPmfUM7KgYGIRp3Qnzdib0uYXyNaP5j2NsST6Oghk2ZmcBVopdIqIQ03t$ >

------------------------------

Message: 2
Date: Mon, 6 Dec 2021 18:09:04 +0100
From: Natanael <natanael.l@gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IRTF CFRG
        <cfrg@irtf.org>
Subject: Re: [CFRG] NSA vs. hybrid
Message-ID:
        <CAAt2M180ADofCVAw9DZ_86aNnzUU80rcckCQ=tGZ+upK0mPvhg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Den m?n 6 dec. 2021 15:21Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
skrev:

> > The other point to consider is that the WebPKI only needs signatures
> > and
> there are other,
>
> > simpler ways to achieve PQC hardening.
>
>
>
> I?m not sure I follow.
>
> In my understanding, PQ hardening (especially for signatures) requires
> using PQ algorithms ? what other ways are there?
>
>
>
> > We could heavily modify Certificate Transparency for instance.
>
>
>
> How would that help??
>

This is straying away from the main topic, but there is "quantum annoyance"
as a step in between quantum resistant or quantum weak.

In other words, systems where every session has to be broken individually even if you have a quantum computer, rather than just breaking one key once and then reading all sessions.

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/cfrg/attachments/20211206/cd5330e0/attachment.htm__;!!FJ-Y8qCqXTj2!IH4lkvnSGWEpPmfUM7KgYGIRp3Qnzdib0uYXyNaP5j2NsST6Oghk2ZmcBVopdEeLeeWL$ >

------------------------------

Message: 3
Date: Mon, 6 Dec 2021 17:42:18 +0000
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Natanael <natanael.l@gmail.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IRTF CFRG
        <cfrg@irtf.org>
Subject: Re: [CFRG] NSA vs. hybrid
Message-ID: <21AB33DA-1D7E-4FDC-B417-A20BFC670C37@ll.mit.edu>
Content-Type: text/plain; charset="utf-8"

>>> The other point to consider is that the WebPKI only needs signatures
>>> and there are other, simpler ways to achieve PQC hardening.
>>
>> In my understanding, PQ hardening (especially for signatures)
>> requires using PQ algorithms ? what other ways are there?
>>
>>> We could heavily modify Certificate Transparency for instance.
>>?
>> How would that help??
>
> This is straying away from the main topic, but there is "quantum annoyance"
> as a step in between quantum resistant or quantum weak.?

Ah, "quantum annoyance". I did not think it's applicable to signatures.

> In other words, systems where every session has to be broken
> individually even if you have a quantum computer, rather than just
> breaking one key once and then reading all sessions.?

Yes. But as I said, while I have my personal opinion about this defense mechanism, it may work for key exchange, but IMHO not for signatures, unless in some point up the chain a "true" PQ signature is used - and even then, people with sensitive information to protect and worry about, cannot rely on this kind of "annoyance" defense.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/browse/cfrg/attachments/20211206/1bb177e3/attachment.p7s__;!!FJ-Y8qCqXTj2!IH4lkvnSGWEpPmfUM7KgYGIRp3Qnzdib0uYXyNaP5j2NsST6Oghk2ZmcBVopdJWpIAxF$ >

------------------------------

Subject: Digest Footer

_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://urldefense.com/v3/__https://www.irtf.org/mailman/listinfo/cfrg__;!!FJ-Y8qCqXTj2!IH4lkvnSGWEpPmfUM7KgYGIRp3Qnzdib0uYXyNaP5j2NsST6Oghk2ZmcBVopdE1pe_tX$


------------------------------

End of CFRG Digest, Vol 200, Issue 12
*************************************
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email