Re: [Curdle] New Version Notification for draft-kampanakis-curdle-pq-ssh-00.txt

denis bider <denisbider.ietf@gmail.com> Thu, 22 October 2020 08:14 UTC

Return-Path: <denisbider.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669363A0EF2 for <curdle@ietfa.amsl.com>; Thu, 22 Oct 2020 01:14:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRv5HCcKqn8S for <curdle@ietfa.amsl.com>; Thu, 22 Oct 2020 01:14:50 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B22F3A0EEE for <curdle@ietf.org>; Thu, 22 Oct 2020 01:14:50 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id h62so732903oth.9 for <curdle@ietf.org>; Thu, 22 Oct 2020 01:14:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=75/hAO6W4uNBsEfxdlpK4mVLClhAFVlYdH3HV/VVdcI=; b=mAzHRkkxNaUiCooLkl6EHUC7OGdkoKPbzqTF3fHx+H3Hi/mOUDRxsd1sO5wnLmYsUp 0NhbRfwRU/KK6pZ1UMmqZmrONF06UI1pvhQI1I9qoVLeQZ1hH2Hp9vhlI66KCLMVdYCz KUzct2lWJgiLHqi6YKAeJYyo8cqHewdGW3qsEkLA2InslVunu4yfIshAF5V+mkp2Klbr CveL+D9VXT5rk09cZ62g8IIiiKYsO8mf/ww/ntzly7ZVxjPZaD1bUZqsg5DHzgUPc/62 Kpot+ueYhiQNCEGixXcPF0hlBZaQrGDwUWr1UW848ItHpacjPwVR6W6cbfn4UWlyP4X3 R/2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=75/hAO6W4uNBsEfxdlpK4mVLClhAFVlYdH3HV/VVdcI=; b=W21f/5xKcjATeUlmG3EfcIkg6x7Zq7K22tHco0elxkzftAoUYWEsZnbhofe8zyvv6o fLIATxkQ/GkuokCi5f54XSgGL+mlpSCN+j/uA0dVSQpzGg5FC+PaYM/ys4riWwIVxY3/ +Np8PPQivxhaaMF82sYBqsbrwQ/V37KbFLXxFSWUFu6HPLBTtg67Snt7x/WvD+TWCNdh CqBa+VYNiD6d/yOMQk7bvoxxDxYb+vkE/+L3+pKLE5GKl4866FgrASSA6/bvaA4JRGH2 yLb8kAjeP7KT6Axw8AwXMzrxfgtyRFzBHL76p0KNvDD9ZBPX89jWcUEVuxOojoRUrfiw 2xag==
X-Gm-Message-State: AOAM530qThXJRybFUT8sq4cuLxF0aiMbIJEVcHHO+caZd49SOxsIThRC V9uTB36xdtDSoViLnA2lkbosyfz3qV8IRtAhlf8FU4j8
X-Google-Smtp-Source: ABdhPJwqAmO51cXuX+glb/PfWOWiHYwBCm1X6JWllz8N7x0kgi1eq+rgsQYFR1wVsV165VGgcVxfdrdz728v1UTUavM=
X-Received: by 2002:a9d:61c8:: with SMTP id h8mr1102588otk.85.1603354489437; Thu, 22 Oct 2020 01:14:49 -0700 (PDT)
MIME-Version: 1.0
References: <160330301424.31060.12468739416056590425@ietfa.amsl.com> <BN7SPR01MB00242E76BD421378AF46B576C91C0@BN7SPR01MB0024.namprd11.prod.outlook.com>
In-Reply-To: <BN7SPR01MB00242E76BD421378AF46B576C91C0@BN7SPR01MB0024.namprd11.prod.outlook.com>
From: denis bider <denisbider.ietf@gmail.com>
Date: Thu, 22 Oct 2020 03:14:38 -0500
Message-ID: <CADPMZDDq_5obNHDD_Borg_5hzwd4JQdp=7Sg3+ErU53V5-xCXA@mail.gmail.com>
To: "Panos Kampanakis (pkampana)" <pkampana=40cisco.com@dmarc.ietf.org>
Cc: "curdle@ietf.org" <curdle@ietf.org>, Dimitrios Sikeridis <dsike@unm.edu>, Torben Hansen <htorben@amazon.com>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Markus Friedl <markus@openbsd.org>, Douglas Stebila <dstebila@uwaterloo.ca>
Content-Type: multipart/alternative; boundary="000000000000cac09605b23e0e95"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/paNrvwgFAcQEQp7G6aRBElx2-E8>
Subject: Re: [Curdle] New Version Notification for draft-kampanakis-curdle-pq-ssh-00.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 08:14:52 -0000

I strongly support this work being done as a standardized process, as
opposed to some implementation rushing it, possibly with issues, and
leaving others to decide whether to adopt it (issues included).

2 years to RFC would be realistic if all the information is in, and clear
answers exist to everything anyone might bring up.

When the information is not in, and clear answers do not yet exist, these 2
years are extended indefinitely. The 2 year counter doesn't really start.
When clear answers exist, THEN the counter starts, and from THAT point it
takes the 2 years.

Maybe by starting sooner you can save... half a year? Maybe?

Nevertheless, there is a strong benefit to starting early and making it
KNOWN that a process has started. It would discourage individual
implementations from rushing it. So I support starting the process.

denis


On Wed, Oct 21, 2020 at 1:50 PM Panos Kampanakis (pkampana) <pkampana=
40cisco.com@dmarc.ietf.org> wrote:

> Hi all,
>
> This draft introduces post-quantum (PQ) algorithms to SSH. It includes
> Hybrid
> Key exchange messages for SSH and hybrid key exchange and PQ signature
> methods.
>
> Note that we do not want to standardize anything before NIST has
> standardized
> the first PQ algorithms. We are following a similar approach to what the
> TLS
> WG is doing with https://tools.ietf.org/html/draft-ietf-tls-hybrid-design
> .
> They will not ratify the draft before NIST's PQ Round 3 has concluded (in
> 18
> months or so) so they can pick an algorithm.
>
> draft-kampanakis-curdle-pq-ssh takes a different approach from
> draft-kario-gss-qr-kex which was submitted recently. Basically I feel that
> a
> new SSH draft would definitely not be ratified in less than 2 years, so
> there
> ample time to work on the details and come up with the actual SSH PQ
> identifiers after NIST has the first standardized algorithms.
>
> Note that the industry has done experimental work with SSH performance
> with PQ
> algorithms (using OQS OpenSSH). Some preliminary results of ours are here
> https://blogs.cisco.com/security/tls-ssh-performance-pq-kem-auth and a
> conference paper will be published in December with more detailed results.
> So,
> we kind of know which algorithms seem more promising from NIST's Round 3
> algorithm Finalists. In other words, we can start the work now, instead of
> waiting for NIST Round 3 to conclude.
>
> I know PQ algorithms in SSH are not in CURDLE's Charter right now, so this
> work may require re-chartering if the WG thought it is worth to pursue.
>
> Thoughts welcome.
>
> Rgs,
> Panos
>
>
>
> -----Original Message-----
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Wednesday, October 21, 2020 1:57 PM
> To: Douglas Stebila <dstebila@uwaterloo.ca>ca>; Panos Kampanakis (pkampana)
> <pkampana@cisco.com>om>; Dimitrios Sikeridis <dsike@unm.edu>du>; Douglas
> Steblia
> <dstebila@uwaterloo.ca>ca>; Markus Friedl <markus@openbsd.org>rg>; Torben
> Hansen
> <htorben@amazon.com>
> Subject: New Version Notification for draft-kampanakis-curdle-pq-ssh-00.txt
>
>
> A new version of I-D, draft-kampanakis-curdle-pq-ssh-00.txt
> has been successfully submitted by Panos Kampanakis and posted to the IETF
> repository.
>
> Name:           draft-kampanakis-curdle-pq-ssh
> Revision:       00
> Title:          Post-quantum public key algorithms for the Secure Shell
> (SSH) protocol
> Document date:  2020-10-21
> Group:          Individual Submission
> Pages:          13
> URL:
> https://www.ietf.org/archive/id/draft-kampanakis-curdle-pq-ssh-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-kampanakis-curdle-pq-ssh/
> Html:
> https://www.ietf.org/archive/id/draft-kampanakis-curdle-pq-ssh-00.html
> Htmlized:
> https://tools.ietf.org/html/draft-kampanakis-curdle-pq-ssh-00
>
>
> Abstract:
>    This document defines hybrid key exchange methods based on classical
>    ECDH key exchange and post-quantum key encapsulation schemes.  These
>    methods are defined for use in the SSH Transport Layer Protocol.  It
>    also defines post-quantum public key authentication methods based on
>    post-quantum signature schemes.  These methods are defined for use in
>    the SSH Authentication Protocol.
>
> Note
>
>    EDNOTE: The goal of this draft is to start the standardization of PQ
>    algorithms in SSH early to mitigate the potential record-and-harvest
>    later with a quantum computer attacks.  This draft is not expected to
>    be finalized before the NIST PQ Project has standardized PQ
>    algorithms.  After NIST has standardized then this document will
>    replace TBD1, TBD3 with the appropriate algorithms and parameters
>    before proceeding to ratification.
>
>    EDNOTE: Discussion of this work is encouraged to happen on the IETF
>    WG Mailing List or in the GitHub repository which contains the draft:
>    https://github.com/csosto-pk/pq-ssh/issues .
>
>    *Change Log* [EDNOTE: Remove befor publicaton].
>
>    draft-kampanakis-curdle-pq-ssh-00
>       *  Initial draft
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>