Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02
"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 10 February 2018 17:57 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A54128896 for <cfrg@ietfa.amsl.com>; Sat, 10 Feb 2018 09:57:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTiAG0BKgWjG for <cfrg@ietfa.amsl.com>; Sat, 10 Feb 2018 09:57:45 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0871C1200FC for <cfrg@irtf.org>; Sat, 10 Feb 2018 09:57:45 -0800 (PST)
Received: from [10.32.60.34] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w1AHvMDJ053360 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <cfrg@irtf.org>; Sat, 10 Feb 2018 10:57:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.34]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: cfrg@irtf.org
Date: Sat, 10 Feb 2018 09:57:42 -0800
X-Mailer: MailMate (1.10r5443)
Message-ID: <9C95169C-EF7A-49ED-9772-EB3F86397EA9@vpnc.org>
In-Reply-To: <cf5289c9-e3c9-22d9-5864-d897e43746b5@gmail.com>
References: <5A7F0202.3050801@isode.com> <cf5289c9-e3c9-22d9-5864-d897e43746b5@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/bZufoyWXjNAENznYT8OX-EqUrA4>
Subject: Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2018 17:57:49 -0000
On 10 Feb 2018, at 9:24, Rene Struik wrote: > There is already an IETF document that caters to the need for > algorithm > agility: see RFC 7696 [1]. There is no need for a document that > singles > out specific subcategories of technical advances that may necessitate > reconsideration of the security technology used. RFC 7696 does not discuss the cases where the new mandatory-to-implement algorithm has a much higher cost than the one it is replacing. If the post-quantum algorithms being chosen have similar work factors to the ones they are replacing, this entire document is indeed moot. However, it seems likely that the chosen post-quantum algorithms will have much larger key sizes, signature sizes, or both and (other than AES256) will also be significantly slower. > The suggested "methodology" in Section 6.1 is bound to be highly > susceptible to misleading claims and "crystal ball" gazing of dubious > technical stature. Can you say why you feel that technical tests that are led by "trusted representatives from the cryptographic community" that is "using verifiable means to pick the keys to recover" would be "highly susceptible to misleading claims"? There is no evidence that previous technical tests for things like breaking short RSA keys or demonstrating hash collisions have been susceptible to such claims. > Once there is something of technical nature to report, it is easy to > convert this to an IRTF/CFRG draft and circulate this then. But that's one of the main points of the document: there are various competing statements from the cryptographic community about whether or not there is something significant to report today with respect to building applicable quantum computers. We know that there are likely to be solid post-quantum algorithms which have the benefit of defeating applicable quantum computers with higher resource costs; it behooves us to determine when that benefit is worth that cost. --Paul Hoffman
- [Cfrg] Adoption call for draft-hoffman-c2pq-02 Alexey Melnikov
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Stephen Farrell
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Alexey Melnikov
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Rene Struik
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Paul Hoffman
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Stephen Farrell
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Stephane Bortzmeyer
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Stephane Bortzmeyer
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Stephen Farrell
- Re: [Cfrg] Adoption call for draft-hoffman-c2pq-02 Blumenthal, Uri - 0553 - MITLL