IETF Logo Mail Archive

Re: [CFRG] Please review draft-ietf-drip-rid

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 17 September 2021 17:36 UTC

Return-Path: <prvs=5894ae5b75=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A63BE3A09F9 for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 10:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.895
X-Spam-Level:
X-Spam-Status: No, score=-0.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MAY_BE_FORGED=1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-9Vo-kCx2U3 for <cfrg@ietfa.amsl.com>; Fri, 17 Sep 2021 10:36:10 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A87B93A09F4 for <cfrg@ietf.org>; Fri, 17 Sep 2021 10:36:10 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (lle2k16-hybrid01.llan.ll.mit.edu [172.25.5.112] (may be forged)) by MX2.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 18HHa3mO398593 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 17 Sep 2021 13:36:04 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=bpWHiLTwxJKKG92LpwVfSPHa7ib2eQTufNgoEqTX3iKjvhuBIEiQRML9auTLsFyCYg6vEXws9aGhDpKUIjVOOr/YA3zJ4sfOTm9Lk6tRA3QIfVow0UtWLJF45NRQq41VZKIcVTveG8cLRbqx0H9n4/XapTwUHxTUPKvZL6NpL57Zsv0A/lZ+sDIv1La5iCMBLRj8YZiE0+nDpI/nXM5zXsNrl4iD3SD3/4XcFKbYu0IjRtUaMdksQ3DYwz/YBys3RPjTyXpCrUKnidc0zagLfml4zHRmgPCbgu0GETOv32TATM0yX5Tu2txmZ+u3OgiEuZEU0IG/EVmkPdsVgzaWlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=A1MZ1FhVQGRUwJgRcpeScaeGd2ezIe7Ho5ijxB+OXTU=; b=tjtl1p1oPoSLtm2WUqsv6hIVq9ww6TQsB+6OYd8I2sH0UeJc8kVURM4T6l4mckT9v0tCmjVA5W2X59KWKoGYzMeY3e5pPpxd6j8q2q87bwd9tSrpm4yQlgTmi1C87UAuBFEbpLOFPeyPfauOoFv8acGJWyk5Lkt1OnJUS43AAMPPeMH4S72cpwWJbVel7RxSQ/mmWVE8WzaVgBZtbDaB6jga45HhZHyzoXPs6WxudmnZk1iep1/H/Bzw1oRuuTaE5xH6OvjU6+78od9uk9pjwtYYI5P++KHjC8eK0B4FyFcpKf9qe6kp28Hv97bk6Sh6DeVTWOPlQr6KbhlYGaewuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Robert Moskowitz <rgm-sec@htt-consult.com>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [CFRG] Please review draft-ietf-drip-rid
Thread-Index: AQHXqabNt36YLY7DJUewIlymAShOI6uoROUA///DNACAAFe/gIAAIJ+A//++IYA=
Date: Fri, 17 Sep 2021 17:35:59 +0000
Message-ID: <D8417A4F-8160-4B36-8019-766E63CCC880@ll.mit.edu>
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com> <865c8f1c-a79e-d05f-2ece-05a3b04f5c9d@htt-consult.com>
In-Reply-To: <865c8f1c-a79e-d05f-2ece-05a3b04f5c9d@htt-consult.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: htt-consult.com; dkim=none (message not signed) header.d=none; htt-consult.com; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9376ceaf-4214-49e7-744a-08d97a019d15
x-ms-traffictypediagnostic: BN1P110MB0065:
x-microsoft-antispam-prvs: <BN1P110MB0065023F9F8DFC3E26CE4B6C90DD9@BN1P110MB0065.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eGaegnZbj3viFjTfAwEr7YhhUGrqj9uMrnz7eYIveXhLVdXSGJ8MeOvt4u7Ejf5RGn3e8MJ1aaB4SfRph4klcvL67LpwAx9JmB/xRhC5LjOLmjatxs6YimE64btmSRBTjaIcnyWxthAS7DdPwZpCwbR5ICD05mi0xgGCuAvk5SC8cNX0WBC5Z/7RkcRewMDZG1QHGsPwsVmgNy2qg39h4/IdavPl/E8jVEIVAeuO80YVWG3OOXvmyPoLWgMOYmkUM936WrKi1Efb3MrTXJy0GmdIJY1H+FgKtWidJ7MHVLx6yUaSOVU9mymlifbGj3fMMc+WFC1cyv5J8kGwv+qdvW3rKaUegv0hT/j14SGN4Nqxg1KXtuXNQBrv1bDkp75Tmzzi/zWkwNTNUCoRh2teGqud9nM/60LA6it3PIJMcm8R9WWKX0OPQTd8wrCsEfqfgbQQA+ApXxsp/3WM6Xfe7ji1bJi5ZvooAdgEG89DqWeVCBJZtqdShhu3+Sxg2fU3wEqsuTTplvBGqusPqB3TwktYh5Ic3wK4GEsEs18OkoJ4jvuz6y5tIgk/XkaT/q46PyMcG9eW49iqCUWD0+krNzVcm0ESY22RL1NcSbY1rSOqIQTvSe6bwpGYcTNpRYOyf7qi9YxXPq8Cpue2f99ugvbLG3rKw93wCwxXNoZZMk3Xr1THSV+mIz0lxn2pW+Y7dvbHFb7HX+oQIhCevqWIJdOKPeXRljIBgI4ypmTRIJycsMIuWobERGiWw2Wi4U24
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(53546011)(6486002)(99936003)(75432002)(6506007)(76116006)(26005)(66946007)(71200400001)(38070700005)(966005)(86362001)(33656002)(316002)(66446008)(186003)(66616009)(6512007)(64756008)(508600001)(38100700002)(66556008)(66476007)(110136005)(5660300002)(122000001)(2906002)(166002)(8936002)(8676002)(2616005)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jXvAQr8s/v8R2q8Km1fHm/HaX1prBEVOcmNQgPFkV0Jh+NQZffj5r6dB8VPMcQCvToSs5hPdUT9qV+ZXeKvmlDv3ai9xYccWDlmxls8O9Rxb5i1X79RyOtXsPYlP0eCp7hTtYT3rtwe4AZRtWSvHRdUHTU08qAV6+jJS+9abDxiRHbBGotsbRaJBiTHiimlQ5u3DWoER+JB/+uZvVXcaV3cabi6YgGgN2/1f9ro7Je6KDmFx2cnDa+cbs86jnhEWUa4WJGR+g1Hp5Aw/o9mPkDsn9jjk7mXahDrfgq1zIxBy9VkBN47rfxou0Q0C/JMwKr0ZDg6oYErYqjHNlapBSxAzm6H1YfUXZNUSp7M5B5IEijz6Akddmrgg69EvvatqnKKojPd9Cba60DpTpFPrRLYx6jGuE6+qWrftaSr33fccruyNVssu88LFW20mkaj9y4YsbFfn3W+DuNDwIMiaiQsunOWiylJym5COpo3cz/eztB5ZshY/fO0yGJsZiLLDQ1GOwiH/sdsOD4ruiP74xzRuVMmYSnR1GiGGwRI6d2TLxGj1we44Xr4xjWFt+GXDOZjVWnmnqL4uGebZzo0jqkbBNKjzHW7GvK1/ECXYz0MHzzB45cealHUocg0zN4mJUU7MkPZbTGDbVcLJIyus2Ha6qLoyuKv1/N9VJRo40hgPDmm6rc8TOOGKx9N4sbF70KO9GOSPJjTiE1OhemDD/g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3714730559_1619736813"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9376ceaf-4214-49e7-744a-08d97a019d15
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2021 17:35:59.7731 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0065
X-Proofpoint-GUID: BfwXEvuHx9iKXcbCIi3nvjZ3IfPNgoNZ
X-Proofpoint-ORIG-GUID: BfwXEvuHx9iKXcbCIi3nvjZ3IfPNgoNZ
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-09-17_07:2021-09-17, 2021-09-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=999 bulkscore=0 mlxscore=0 spamscore=0 adultscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109170108
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/_7nO0rCw8hvACjkSSjOySO1loHU>
Subject: Re: [CFRG] Please review draft-ietf-drip-rid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 17:36:16 -0000

I am not aware of any PQ signature that will work here and accepted for production systems.  

That I can’t comment on – except that among the NIST PQC candidates, Falcon seems both fast enough and “compact” enough, offering smallest key- and signature-size (small as PQ goes 😉).

So, I continue to work with pre-PQ so vendors can make hardware today to meet their 2023 mandate to support these rules.  That means manufacturing soon. 

Sure. You know your use case better.

On 9/17/21 11:34 AM, Michael Scott wrote:

 

On Fri, Sep 17, 2021 at 3:21 PM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:

I have not read the draft, but my answer to Watson is - because there is not enough room for Post-Quantum certificates, and Ed25519 is not an acceptable alternative for some of us.

 

I for one would be interested in just how extensive this "some of us" group is. In the interests of transparency I think they should step forward and identify themselves. It is a view I respect, but personally disagree with.

 

If people in good faith are willing to make major efforts to put forward proposals to this forum, it would only be fair for them to be aware of the extent of that grouping who would reject such proposals out-of-hand. 

 

Mike

 

--
Regards,
Uri

There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


On 9/17/21, 09:59, "CFRG on behalf of Watson Ladd" <cfrg-bounces@irtf.org on behalf of watsonbladd@gmail.com> wrote:

    I've read your email and have only one response.

    Why?

    There is enough room for an entire certificate chain using Ed25519 and
    compact encodings. That would be a lot simpler.

    Sincerely,
    Watson Ladd

    --
    Astra mortemque praestare gradatim

    _______________________________________________
    CFRG mailing list
    CFRG@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg



_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email