[DNSOP] Post quantum DNSSEC ?

"John R Levine" <johnl@taugh.com> Tue, 15 October 2019 19:11 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC45D12084F for <dnsop@ietfa.amsl.com>; Tue, 15 Oct 2019 12:11:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=F1YmZOq1; dkim=pass (1536-bit key) header.d=taugh.com header.b=3UC1qGui
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-9xlohiOKqT for <dnsop@ietfa.amsl.com>; Tue, 15 Oct 2019 12:11:35 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A597120855 for <dnsop@ietf.org>; Tue, 15 Oct 2019 12:11:35 -0700 (PDT)
Received: (qmail 34400 invoked from network); 15 Oct 2019 19:11:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=865d.5da619e5.k1910; i=johnl-iecc.com@submit.iecc.com; bh=b6PPhF4DTOoqLXTx+ZW5WswiZ60+O6ZtaRVIO50V2mY=; b=F1YmZOq11WiiIxmido54KVArZWPuvLUC/17Rfz51HdseVFmacAsfFtE7lxhLdh+zu7y/EpLimhe7Y2oN8ACARxb4n2oeTebfmrQhYt7uhMtPDX/mKwwt3y1BVP0vgznZw9ZBNIKvlV2xbHdOJ2q1TVH6QXPd8pZC2+6EcGF9DdLa5QdSsqCpckESqyxaoMO139vmI7kqMWIrjTXOUbyM2y6jPPNiTBgC9/poLsS0XBVB2XaLJFoExFcoVVVAWjzZ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=865d.5da619e5.k1910; olt=johnl-iecc.com@submit.iecc.com; bh=b6PPhF4DTOoqLXTx+ZW5WswiZ60+O6ZtaRVIO50V2mY=; b=3UC1qGuiEGr4dnupEM+jaYzBiU1rmKcDFcVHSb9JQ/KWIyufK3bwvuclVJn2fHJ4V6pqHcpviHt7nFYNjOmbpvKHmfIpP7vN5MPO64HsrZk40r5cc2utUuJ8fh4OKFA7dUVJvrIONMHlK6Xi9Ps2kGEk/3Rxxp0bHWZTotyx5FvNPgaY051QouDWFKVVbCpCA7rHf9zxSFSc2y4b+vCAZ0LvOdDQggCQbDQYUuJbHu9zjK49X5t4+6sUL1GpzTq4
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 15 Oct 2019 19:11:32 -0000
Date: 15 Oct 2019 15:11:32 -0400
Message-ID: <alpine.OSX.2.21.99999.368.1910151455580.75899@ary.local>
From: "John R Levine" <johnl@taugh.com>
To: dnsop@ietf.org
User-Agent: Alpine 2.21.99999 (OSX 368 2019-09-06)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/u_-Di8wF_BOaVI45Cr9R471fyRo>
Subject: [DNSOP] Post quantum DNSSEC ?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 19:11:38 -0000

I just heard a most interesting talk at M3AAWG about postquantum crypto 
and particularly about the NIST candidate algorithms.  Many of them have 
much larger key or signature sizes than any current algorithm, like 10,000 
bits or more.  Some are a lot slower than others.  Has anyone been looking 
at how these algorithms would or would not work with DNSSEC?  NIST is 
accepting comments and the talk said they particularly want comments from 
industry on how this would affect existing applications.

I can imagine ways to make things work, e.g, hashes in some places rather 
than signatures, but I don't understand DNSSEC in enough detail to figure 
out what's a show stopper.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly