Re: [hackathon] PQC X.509 115 Hackathon pre meeting minutes
Michael Baentsch <info@baentsch.ch> Tue, 01 November 2022 06:15 UTC
Return-Path: <info@baentsch.ch>
X-Original-To: hackathon@ietfa.amsl.com
Delivered-To: hackathon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD251C15270D; Mon, 31 Oct 2022 23:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.805
X-Spam-Level:
X-Spam-Status: No, score=-6.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7G5O_TJ4GPBO; Mon, 31 Oct 2022 23:15:17 -0700 (PDT)
Received: from www14.servertown.ch (www14.servertown.ch [IPv6:2a00:41c0:94:231:94::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7837CC152709; Mon, 31 Oct 2022 23:15:15 -0700 (PDT)
Received: from [IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9] (unknown [IPv6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]) by www14.servertown.ch (Postfix) with ESMTPSA id 97B41162A896; Tue, 1 Nov 2022 07:15:08 +0100 (CET)
Authentication-Results: www14.servertown.ch; spf=pass (sender IP is 2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9) smtp.mailfrom=info@baentsch.ch smtp.helo=[IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]
Received-SPF: pass (www14.servertown.ch: connection is authenticated)
Content-Type: multipart/alternative; boundary="------------7GISiQ0m08EXjmNFBFpicz68"
Message-ID: <ca477835-89df-bc93-e6e6-35e5e726cfbd@baentsch.ch>
Date: Tue, 01 Nov 2022 07:15:08 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
To: John Gray <John.Gray@entrust.com>, 'LAMPS' <spasm@ietf.org>, "hackathon@ietf.org" <hackathon@ietf.org>
Cc: Felipe Ventura <Felipe.Ventura@entrust.com>, "kris@amongbytes.com" <kris@amongbytes.com>, "Railean, Alexander" <alexander.railean@siemens.com>, "Kretschmer, Andreas" <andreas.kretschmer@siemens.com>, Tim Hollebeek <tim.hollebeek@digicert.com>, Max Pala <M.Pala@cablelabs.com>, Michael Richardson <mcr@sandelman.ca>, Sofía Celi <cherenkov@riseup.net>, "alexandre.petrescu@gmail.com" <alexandre.petrescu@gmail.com>, "Klaußner, Jan" <Jan.Klaussner@d-trust.net>, Florence D <Florence.D@ncsc.gov.uk>, "Vaira, Antonio" <antonio.vaira@siemens.com>, Serge Mister <Serge.Mister@entrust.com>, David Hook <dgh@cryptoworkshop.com>, Carl Wallace <carl@redhoundsoftware.com>, "Markku-Juhani O. Saarinen" <mjos@pqshield.com>, "pat.kelsey@notforadio.com" <pat.kelsey@notforadio.com>
References: <CH0PR11MB5739E98B69C5AD88745F539E9F5D9@CH0PR11MB5739.namprd11.prod.outlook.com> <DM6PR11MB25852409BE2751E34E1E83AAEA259@DM6PR11MB2585.namprd11.prod.outlook.com> <DM6PR11MB25852EC7B6A0715311F0A97EEA2D9@DM6PR11MB2585.namprd11.prod.outlook.com> <DM6PR11MB2585D8CB79C287C4E93D9AB4EA309@DM6PR11MB2585.namprd11.prod.outlook.com> <DM6PR11MB25854090EFBCA469B4E7F833EA369@DM6PR11MB2585.namprd11.prod.outlook.com>
From: Michael Baentsch <info@baentsch.ch>
In-Reply-To: <DM6PR11MB25854090EFBCA469B4E7F833EA369@DM6PR11MB2585.namprd11.prod.outlook.com>
X-PPP-Message-ID: <166728330960.123522.404723118528984831@www14.servertown.ch>
X-PPP-Vhost: baentsch.ch
Archived-At: <https://mailarchive.ietf.org/arch/msg/hackathon/lEU6k4QHcXZ-DddvEE1iBV5K07o>
X-Mailman-Approved-At: Tue, 01 Nov 2022 05:04:31 -0700
Subject: Re: [hackathon] PQC X.509 115 Hackathon pre meeting minutes
X-BeenThere: hackathon@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion regarding past, present, and future IETF hackathons." <hackathon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hackathon>, <mailto:hackathon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hackathon/>
List-Post: <mailto:hackathon@ietf.org>
List-Help: <mailto:hackathon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hackathon>, <mailto:hackathon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2022 06:15:21 -0000
Thanks, John for the summary & apologies for not having been able to participate in the pre-meeting yesterday. FYI/one correction to the below: The "OID-by-env-var" option is only available for [oqsprovider](https://github.com/open-quantum-safe/oqs-provider), the OpenSSL3 (binary/standard OSSL3-API) plugin for liboqs (for which I am the lead developer). It is _not_ available for [oqs-openssl](https://github.com/open-quantum-safe/openssl), the OpenSSL1.1.1 fork fusing liboqs with libssl/libcrypto calls to provide PQ capabilities (for which I am only a "late" contributor: That fork has been implemented many years ago, i.e., has a totally different code base & TLS/X.509 integration approach than oqsprovider). Both only share their use of liboqs. Regards, --Michael Am 01.11.22 um 04:33 schrieb John Gray: > > Thanks for attending the pre-meeting today! I think it was very > productive. For those of you who could not make it, here is a summary: > > 1. We decided to use gather > (https://www.ietf.org/how/meetings/gather/ > <https://www.ietf.org/how/meetings/gather/>) to connect the onsite > participants with the remote participants at the following times: > > * Saturday November 5^th at 10am and 4pm GMT (London England Time) > * Sunday November 6^th at 10am and 1pm GMT (London England Time) – > The final presentations are at 2:00 pm on Sunday. > > I also updated the team schedule with the above > information: https://wiki.ietf.org/meeting/115/hackathon/teamschedule > > 2. To foster communication, we decided to use the Hackathon Github to > share files, though perhaps there are better IETF tools that would > allow us to do this easier. Pushing and pulling code is always > fun, but dropping in files is probably easier if there is such a > tool that isn’t too onerous to setup. > 3. We also talked a bit about the key formats themselves: > 1. For the PQ Public Key, we seemed to agree that having the key > encoded as an OCTET_STRING agrees with the current draft > standards (dilithium for example). We understand it uses an > extra 4 bytes when it is placed inside the standard > SubjectPublicKeyInfo, but for the sake of compatibility it > doesn’t seem like a big deal. It is fairly trivial for > encoders and decoders to unwrap these messages. We can use > the same procedure for the other algorithms (Falcon, SPHINCS+ > and Kyber). > 2. For the Private Key, we discussed the issue of concatenation > of the public key with the private key (as is done in openSSL > by default). Some software implementations need access to the > public key. I also learned from Markku that the Kyber private > key already concatenates the full public key. We seemed to > agree that this structure should work in all cases: > > PQPrivateKey ::= SEQUENCE { > > version Version, > > privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, > > privateKey OCTET STRING, > > publicKey [1] PQPublicKey OPTIONAL > > } > > In the case of Kyber, the OPTIONAL publicKey can be omitted as it is > already part of the private key. For the other algorithms it can be > included based on application need. It is also recognized that many > applications can just use their own PrivateKey format. The above is > only needed when interchanging private keys (PKCS#12 for example). > > 3. For the OIDs, the key seems to be agility. It seems a number > of people are planning to support both sets of OIDS I sent > out earlier (the OQS OIDS and the Entrust OIDS for > interoperability). Carl mentioned he is planning to support > all of them, I am working on supporting all of them at once, > and I also learned from Michael Baentsch (lead developer for > openSSL-oqs) that there is a way to override the OIDS with > simple environment variable commands! He put together this > page for us: at > https://github.com/open-quantum-safe/oqs-provider/wiki/Interoperability#ietf-115-hackathon > <https://urldefense.com/v3/__https:/github.com/open-quantum-safe/oqs-provider/wiki/Interoperability*ietf-115-hackathon__;Iw!!FJ-Y8qCqXTj2!Y1TcFQZhvY5KvgEPVzmY1p25bL-8eOus0rUxFZtcPdoedImCX9HE0-ZhqEe5exCN8fWgXF2zKZF3AdmZ$> > Ideally we want the ability to drop in whatever OIDs get > standardized on short notice, so designing software with that > in mind will help collaboration at this time. > > 4. A question on how interactive protocols (CMPv2, SSH, etc) could be > tested came up. Essentially we would need to be able to > communicate over an internal network so a server/client can > communicate. Since the event is hosted by Cisco we are assuming > there will be some way to accommodate this at the event? 😊 > 5. We also talked about composite, and a few people are interested in > testing this format as well, so that is great! > 6. We briefly touched on signatures, but didn’t get too far into the > “hash-then-sign” weeds, as that question comes up. I imagine it > will keep coming up until this issue is fully resolved for the PQ > context. Markku mentioned the XMSS standards do some type of > preformatting of the hash, so looking at that may offer some > useful guidance. For our hackathon I think we agree we will stick > to full message signing for now. Obviously there is no reason > signing a hash of a message wouldn’t work, from an algorithms > perspective it is just a smaller blob of bits being signed. 😊 > > I think that about covers everything we talked about today. > > See you at the Hackathon on Saturday if you can make it either on > gather (online) or in person. > > Cheers, > > John Gray > > *From:* John Gray > *Sent:* Tuesday, October 25, 2022 10:16 PM > *To:* Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; > 'LAMPS' <spasm@ietf.org>; pqc@ietf.org; hackathon@ietf.org > *Cc:* info@baentsch.ch; Felipe Ventura <Felipe.Ventura@entrust.com>; > kris@amongbytes.com; Railean, Alexander > <alexander.railean@siemens.com>; Kretschmer, Andreas > <andreas.kretschmer@siemens.com>; Tim Hollebeek > <tim.hollebeek@digicert.com>; Max Pala <M.Pala@cablelabs.com>; Michael > Richardson <mcr@sandelman.ca>; Sofía Celi <cherenkov@riseup.net>; > alexandre.petrescu@gmail.com; Klaußner, Jan > <Jan.Klaussner@d-trust.net>; Florence D <Florence.D@ncsc.gov.uk>; > Vaira, Antonio <antonio.vaira@siemens.com>; Serge Mister > <Serge.Mister@entrust.com>; David Hook <dgh@cryptoworkshop.com> > *Subject:* PQC X.509 115 Hackathon pre meeting October 31st at 10am EST > > I realize I failed to mention a time for our PQC x.509 pre-hackathon > meeting. This is the first hackathon I will be attending, so please > forgive my newness of trying to organize this hackathon event… 😊 > > I am hoping it will be a fun way for us to collaborate with these new > PQC key formats. 😊 > > For the pre-hackathon meeting we will be in gather.town on Monday the > 31^st in the Hackathon room table G at 10:00am EST (Easter Standard > Time). > > https://www.ietf.org/how/meetings/gather/ > > I have made up some slides, but it looks like they were blocked. My > colleague Mike Ounsworth copied the content into this google document > > https://docs.google.com/document/d/1A2-D82du0qJjygvBuOlG8Xao3MzDYz1pRDzjT9eY6ls/edit?usp=sharing > > Hopefully I covered everything this time. > > If you can’t make this pre-meeting that is okay, we look forward to > seeing you at the PQC X.509 Hackathon > > Cheers, > > John Gray > > Entrust > > *From:* John Gray > *Sent:* Friday, October 21, 2022 6:33 PM > *To:* Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; > 'LAMPS' <spasm@ietf.org>; pqc@ietf.org; hackathon@ietf.org > *Cc:* info@baentsch.ch; Felipe Ventura <Felipe.Ventura@entrust.com>; > kris@amongbytes.com; Railean, Alexander > <alexander.railean@siemens.com>; Kretschmer, Andreas > <andreas.kretschmer@siemens.com>; Tim Hollebeek > <tim.hollebeek@digicert.com>; Max Pala <M.Pala@cablelabs.com>; Michael > Richardson <mcr@sandelman.ca>; Sofía Celi <cherenkov@riseup.net>; > alexandre.petrescu@gmail.com; Klaußner, Jan > <Jan.Klaussner@d-trust.net>; Florence D <Florence.D@ncsc.gov.uk>; > Vaira, Antonio <antonio.vaira@siemens.com>; Serge Mister > <Serge.Mister@entrust.com>; David Hook <dgh@cryptoworkshop.com> > *Subject:* RE: PQC X.509 115 Hackathon > > Thanks for your interesting in the PQ Keys and Signatures in X.509 / > PKIX Hackathon. I have tried to cc those people who have expressed > interest in the hackathon either via email or by discussion. Some of > you may already know each other, some of you may not. If I forgot to > include you, I apologize. You are welcome to attend. > > We are planning a pre-hackathon meeting Monday October 31st in the > IETF’s gather.town in the Hackathon room table G. > > https://www.ietf.org/how/meetings/gather/ > > This will allow everyone to test their A/V and so we can sync up about > what we want to hack at. If you can’t make the meeting, that is > okay, let me know and I will send you notes. > > Suggested Agenda: > > 1. Introductions > 2. Discuss Scope (What do people want to test). I put together this > slide deck today which covers much of the scope that I envision. > Hopefully it goes through email without an issue. Obviously it > is not exhaustive, but gives a good starting point for those who > may just be starting to take a look at this. > > Cheers, > > John Gray > > Entrust > > *From:* John Gray > *Sent:* Wednesday, October 12, 2022 8:20 PM > *To:* Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; > 'LAMPS' <spasm@ietf.org>; pqc@ietf.org; hackathon@ietf.org > *Subject:* RE: PQC X.509 115 Hackathon > > Thank you for all your comments and suggestions in regards to a PQC > X.509 Hackathon. We have added the details of this hackathon topic > to the IETF Hackathon Wiki located here as ‘*PQ keys and signatures in > X.509 / PKIX*’ > > https://wiki.ietf.org/en/meeting/115/hackathon > > We hope that at least one author for each of these drafts is able to > join in some capacity so we can attempt to come to a consensus on the > key and signature formats of the PQ finalist algorithms. > > * https://datatracker.ietf.org/doc/html/draft-uni-qsckeys-00.html > <https://datatracker.ietf.org/doc/html/draft-uni-qsckeys-00.html> > * https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/ > <https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/> > > We plan to distribute a set of OIDS we will use to identify the key > and signature formats (we need those to interoperate with the various > X.509 structures like PublicKeyInfo, PrivateKeyInfo, X509Certificate, > PKCS10, X509CRL, OSCP, CMS, etc). Ideally we suggest that these are > done in an agile way in software to make it easier to plug in the real > OID values once they have been officially registered. We will use > formats already suggested in existing drafts whenever possible. > > I know there have already been multiple key format proposals for some > of the PQ key and Signature drafts, so we can use different OIDs to > designate different formats if we want to test with different key and > signature formats for the same algorithms. If there are key and > signature formats that aren’t included in the list we provide, please > suggest and add to the list. > > I plan to add this information into the IETF GitHub repository in the > next week, so stay tuned! > > If there is something you think we have missed, please let us know. > > Cheers, > > John Gray > > Entrust > > *From:* Spasm <spasm-bounces@ietf.org> *On Behalf Of *Mike Ounsworth > *Sent:* Tuesday, October 4, 2022 9:01 PM > *To:* 'LAMPS' <spasm@ietf.org>; pqc@ietf.org > *Subject:* [EXTERNAL] [lamps] PQC X.509 115 Hackathon > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the sender and know > the content is safe. > > ------------------------------------------------------------------------ > > Hi LAMPS and people interested in PQC! > > As suggested at 114, my colleague John Gray and I would like to do a > 115 Hackathon on PQ keys and signatures in X.509 / PKIX. > > We are suggesting to play with Dilithium, Falcon, Sphincs+, and > Composite signing algorithms in Certs, CRLs, CSRs, PKCS#12s, CMS > SignedData, maybe OCSP Responses, maybe Timestamping, maybe CMP. We > can bring: the Entrust Toolkit (which we can hack at), Bounce Castle, > OpenQuantumSafe-openssl, OpenCA (easier if Max Pala is there, but we > can probably figure out how to build it). > > The point of the hackathon, I think, is going to be OIDs, and public > key / private key formats (ex.: the differences between Dilithium and > Falcon encodings in draft-uni-qsckeys, and > draft-massimo-lamps-pq-sig-certificates). > > Question 1: are others interested in joining us at the hackathon? (no > point is signing up for a hackathon spot if we’re the only ones there) > > Question 2: whether or not you're joining, what PQ X.509 / PKIX things > would you like to see working with Dilithium, Falcon, Sphincs+, Composite? > > --- > Mike Ounsworth > Software Security Architect, Entrust > > /Any email and files/attachments transmitted with it are confidential > and are intended solely for the use of the individual or entity to > whom they are addressed. If this message has been sent to you in > error, you must not copy, distribute or disclose of the information it > contains. _Please notify Entrust immediately_ and delete the message > from your system./ >
- Re: [hackathon] PQC X.509 115 Hackathon John Gray
- Re: [hackathon] PQC X.509 115 Hackathon John Gray
- [hackathon] PQC X.509 115 Hackathon pre meeting O… John Gray
- Re: [hackathon] PQC X.509 115 Hackathon pre meeti… Scott Fluhrer (sfluhrer)
- Re: [hackathon] PQC X.509 115 Hackathon pre meeti… John Gray
- Re: [hackathon] PQC X.509 115 Hackathon pre meeti… Barry Leiba
- [hackathon] PQC X.509 115 Hackathon pre meeting m… John Gray
- Re: [hackathon] PQC X.509 115 Hackathon pre meeti… Michael Baentsch