IETF Logo Mail Archive

Re: [Mathmesh] [Pqc] let's move beyond X.509 for PQC transition...

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 02 February 2023 18:09 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: mathmesh@ietfa.amsl.com
Delivered-To: mathmesh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4062AC1575CB; Thu, 2 Feb 2023 10:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KczCC38HYUf; Thu, 2 Feb 2023 10:09:54 -0800 (PST)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A77FBC151536; Thu, 2 Feb 2023 10:09:54 -0800 (PST)
Received: by mail-oi1-f174.google.com with SMTP id r28so2136907oiw.3; Thu, 02 Feb 2023 10:09:54 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oW7/jMHlUxxWl7nat1xAEtPvIgSRZDg6cpn9oEQV4wY=; b=i2ZRyH/I42xc3KP9vOt2UlfbZU2NEDpXb+FOUH1O5PFpjqxvpLhhClL8bYsi8fkqx0 AhLqnCAEELC5MFLUmvd+8lJMd1MUAvPa5Wed3cTam6tSfN6N8zZIchYC+mNBORA7aoK6 veu7BsvPo5aqes9YydW2TDLwvCDehv9oRtMYvH5gpTvVstUlZVJy+tHkKNuRWuPX6aiI AHIkwJHhJy/76ZS9jzjEUJ1Aq1AYzsNMb8ie3q++61VJ2/UDRrJAE1jbOkqZ17z97VuO uT4KECcYPWVmqPc073L97JbnFQhIGeZf10+/QKG0dBALvk0mdpqICNjm4KXmE0ICCrMl bLtg==
X-Gm-Message-State: AO0yUKUqtTJWVQ9+T2s0ljBuD0Dl3k44XvxVx7w4WCTJPGZll+DAkUJa U+/ycpBaSR/GgEkUuco9FbNqasqQ4g85K0YQ0IOsTDwOxypVuA==
X-Google-Smtp-Source: AK7set/DD7Yk1ynSFONhItqpYYOkbSakQetOiAGp4xr72JPPld59ouwAlT2bsrC9jSecDmsQrS9tVt1JOceCWugfDPg=
X-Received: by 2002:aca:acd7:0:b0:35e:4c50:a52c with SMTP id v206-20020acaacd7000000b0035e4c50a52cmr182042oie.244.1675361393817; Thu, 02 Feb 2023 10:09:53 -0800 (PST)
MIME-Version: 1.0
References: <7466301a-cacf-716b-f88d-df6df9e37672@cs.tcd.ie> <Y9m7Ft9LIhG0AVqf@kduck.mit.edu> <1513c056-778e-8953-0a24-35815cb78e3e@cs.tcd.ie> <1887772.1675320213@dyas> <BFDA6238-B977-4F48-9BE4-882F22DD5E9E@ll.mit.edu> <000001d9372e$b49e0b20$1dda2160$@x500.eu>
In-Reply-To: <000001d9372e$b49e0b20$1dda2160$@x500.eu>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 02 Feb 2023 13:09:43 -0500
Message-ID: <CAMm+Lwgx7EiqfQsgxMXc6Cm2qJwc7OfSuBA7MnRhoAK7G3+K_Q@mail.gmail.com>
To: Erik Andersen <era@x500.eu>
Cc: pqc@ietf.org, mathmesh@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bfbf9d05f3bb782a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mathmesh/pmlT0GvWFIerAj3LDyfZJXVv8Tc>
Subject: Re: [Mathmesh] [Pqc] let's move beyond X.509 for PQC transition...
X-BeenThere: mathmesh@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mathematical Mesh <mathmesh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mathmesh/>
List-Post: <mailto:mathmesh@ietf.org>
List-Help: <mailto:mathmesh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2023 18:09:55 -0000

On Thu, Feb 2, 2023 at 12:49 PM Erik Andersen <era@x500.eu> wrote:

> Just to remind you. The Issuer and sequence number together are used to
> uniquely identify a particular certificate.
>
> Erik
>
>
I am trying to be mindful of Paul's request here. But you are illustrating
a part of the reason why it is hard to do the right thing for PQC in the
context of PKIX.

There is no such object in PKIX as a key identifier. There are labels that
might apply to keys but only if we assume a very large and squishy set of
assumptions about issuers etc. that are not necessarily true and can be
overridden.

And that is why attempting to build a hybrid system in which we have
Dilithium-448 keys or Kyber-448 keys is hard. A lot of ambiguity is
introduced.

It is really hard to show what I am proposing with clarity in PKIX because
PKIX and worse, the WebPKI come with decades of cruft like cross
certification that violate a lot of assumptions. I cannot keep matters
straight in my head talking about layering this stuff onto PKIX. And if I
can't keep it straight in my head, I don't think I can explain my ideas to
other people.

My Mesh tools can be used to provision keys for use with any cryptographic
application so of course I have to be able to emit PKIX certificates, SAML
assertions, etc. But every cert I create is according to a very narrow
profile and that stops me running into issues.

We can take this to the MathMesh mailing list (MathMesh@ietf.org) pending
creation of a PQC list. I also dropped a comment on the
cryptography@metzdowd.com list a few mins ago.


I don't have a unique identifier for a certificate (assertion) in my work.
If I did, I guess it would be the fingerprint of the certificate.

[*] I am using the label Kyber-448 to refer to a composite key with a
Kyber-1024 key paired with an X.448 key and the label Dilithium-448 for
Dilithium-5 paired with Ed448

v2.23.0 | Report a Bug | By Email