[Cfrg] Postquantum cryptography in IETF protocols
John Mattsson <john.mattsson@ericsson.com> Mon, 14 November 2016 04:16 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CF47129461 for <cfrg@ietfa.amsl.com>; Sun, 13 Nov 2016 20:16:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id boZ20hl6u0x1 for <cfrg@ietfa.amsl.com>; Sun, 13 Nov 2016 20:16:13 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C8D61294F0 for <cfrg@ietf.org>; Sun, 13 Nov 2016 20:16:13 -0800 (PST)
X-AuditID: c1b4fb3a-c2aab98000000467-09-58293a8b5da8
Received: from ESESSHC019.ericsson.se (Unknown_Domain [153.88.183.75]) by (Symantec Mail Security) with SMTP id 41.4B.01127.B8A39285; Mon, 14 Nov 2016 05:16:12 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.87]) by ESESSHC019.ericsson.se ([153.88.183.75]) with mapi id 14.03.0319.002; Mon, 14 Nov 2016 05:13:20 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: Postquantum cryptography in IETF protocols
Thread-Index: AQHSPiyom8D42FJpFESl5nQ2PiBZkqDYZJ+A
Date: Mon, 14 Nov 2016 04:13:19 +0000
Message-ID: <D44F6813.54E37%john.mattsson@ericsson.com>
References: <D44F679F.54E34%john.mattsson@ericsson.com>
In-Reply-To: <D44F679F.54E34%john.mattsson@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-originating-ip: [153.88.183.150]
Content-Type: text/plain; charset="utf-8"
Content-ID: <79462D1642DBCE499350058528B084BD@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjkeLIzCtJLcpLzFFi42KZGbHdW7fHSjPC4PADRouju9pYHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVcfRZP2vBBa6K2c0bmBsY13B1MXJySAiYSGy8v4O1i5GLQ0hg HaPEjZ9vWCCcxYwSF1s+MoNUsQkYSMzd08AGYosIKEtM3feQCcQWFjCWOLL+ATNE3ELi5M0v TBC2kUTbtcuMIDaLgKpEy/kN7F2MHBy8AuYSX79IgoSFgMy1yxuZQcKcQK0Hp1qAhBkFxCS+ n1oDNoVZQFzi1pP5TBB3Ckgs2XOeGcIWlXj5+B8rSKuogJ7EmvthEGEliRXbLzGChJkFNCXW 79KHmGItcXDzFTYIW1FiSvdDdhCbV0BQ4uTMJywTGMVmIVk2C6F7FpLuWUi6ZyHpXsDIuopR tDi1uDg33chIL7UoM7m4OD9PLy+1ZBMjMHYObvlttYPx4HPHQ4wCHIxKPLwf6jUihFgTy4or cw8xSnAwK4nwrjXSjBDiTUmsrEotyo8vKs1JLT7EKM3BoiTOa7byfriQQHpiSWp2ampBahFM lomDU6qBse7Lnri7U3grHQ7G8dbVuXSX6M+Pu7uVr1vg3bnXExw8O3TWTjsl//i9X1u6z3N/ pdmCRn2+F+7sOfRceuPmmLfvbNV/ev15plz2vU/m8IrlU32nP2NhzbE8dujDyY8ZyZzyR3pP ZywPvmpu+Sbn06xTh1atZOi5UrP8XHiE1In7VilLZm/YJKbEUpyRaKjFXFScCAD3kuSTmQIA AA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/jU1otG5hVBc0cvNlxhbHYKRWdVI>
Subject: [Cfrg] Postquantum cryptography in IETF protocols
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2016 04:16:16 -0000
Hi, Good that CFRG starts some more detailed discussion on PQC. It makes sense to support post-quantum key exchange for use cases that need long-term confidentiality (15 years). For other use cases I think it can wait until PQC key exchange algorithms has been thoroughly evaluated and standardized. If implemented now, it should be used in addition to ECDHE, just like Google has done with their experimental New Hope implementation. I have noticed a lot of uncertainty in various SDOs on how quantum computers will affect algorithms and protocols, what needs to be done, and when things need to be done. I recently wrote the following FAQ for 3GPP. http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_85_Santa_Cruz/Docs/S3-161 847.zip I suggest that CFRG produces something similar (but more detailed) and publish it at an informational document. I think a document giving PQC guidance to IETF WGs and users of IETF standards would be very useful. Cheers, John
- [Cfrg] Postquantum cryptography in IETF protocols John Mattsson
- Re: [Cfrg] Postquantum cryptography in IETF proto… David McGrew (mcgrew)
- Re: [Cfrg] Postquantum cryptography in IETF proto… Tams, Benjamin
- Re: [Cfrg] Postquantum cryptography in IETF proto… William Whyte
- Re: [Cfrg] Postquantum cryptography in IETF proto… Watson Ladd
- Re: [Cfrg] Postquantum cryptography in IETF proto… Tams, Benjamin
- Re: [Cfrg] Postquantum cryptography in IETF proto… Tams, Benjamin
- Re: [Cfrg] Postquantum cryptography in IETF proto… William Whyte
- Re: [Cfrg] Postquantum cryptography in IETF proto… Ilari Liusvaara
- Re: [Cfrg] Postquantum cryptography in IETF proto… William Whyte
- Re: [Cfrg] Postquantum cryptography in IETF proto… John Mattsson
- Re: [Cfrg] Postquantum cryptography in IETF proto… William Whyte
- Re: [Cfrg] Postquantum cryptography in IETF proto… Aaron Zauner
- Re: [Cfrg] Postquantum cryptography in IETF proto… Tams, Benjamin
- Re: [Cfrg] Postquantum cryptography in IETF proto… Paterson, Kenny
- Re: [Cfrg] Postquantum cryptography in IETF proto… William Whyte
- Re: [Cfrg] Postquantum cryptography in IETF proto… Paterson, Kenny