IETF Logo Mail Archive

[openpgp] Re: I-D Action: draft-ietf-openpgp-pqc-08.txt

Aron Wussler <aron@wussler.it> Tue, 15 April 2025 08:58 UTC

Return-Path: <aron@wussler.it>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 96FF61C2142D for <openpgp@mail2.ietf.org>; Tue, 15 Apr 2025 01:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=wussler.it
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wg4nlK9XmsRy for <openpgp@mail2.ietf.org>; Tue, 15 Apr 2025 01:58:10 -0700 (PDT)
Received: from mail-10625.protonmail.ch (mail-10625.protonmail.ch [79.135.106.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 459C81C21422 for <openpgp@ietf.org>; Tue, 15 Apr 2025 01:58:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wussler.it; s=protonmail2; t=1744707488; x=1744966688; bh=nzFSj3p5Qn6d7ZwjX6Oi+8W1aROwh7I0dV90qQio53Q=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=p4dYfEPgawzjFfj4m5GHvQcJlFXSno//1U7Cb5hv9S6FXl/TW5BcjzniqRXY3dHGb sr4Rqlq+GpZRCssLSA1Iig/tDRH9GOO2Va0qTwGANS0VzRynCCLGyh7yFShsXpB1bT u9URlvhATlbYJuEWD9paQrvHH/l2KuisxWsQx628QEoEQGa/JTS64/hVon1iUO6ARX 2Ud7OcrR1pK3VwdOJeI1j1zpkTQVu/1jejlEPACUiGGVQ7wWa96ZrEw/aTnsQdyPJW gm4CpxeAG/4/nE+zzAON5owTf4E6e+d2U9vAfEU9tjvm3WGRkKK5TNIBJmETDMV056 TsO/Na4dKVb/w==
Date: Tue, 15 Apr 2025 08:58:05 +0000
To: "openpgp@ietf.org" <openpgp@ietf.org>
From: Aron Wussler <aron@wussler.it>
Message-ID: <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it>
In-Reply-To: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg>
Feedback-ID: 10883271:user:proton
X-Pm-Message-ID: 6c35651f806e2d14c61ac8c390443c91c4adfc2a
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------34c5fc32157e7a85aabd0af496e52f415b88027755b84a7fc71202b0bbd838b5"; charset="utf-8"
Message-ID-Hash: XJ4DTR6SAVFTTNYI652JGMH64FNWUUKG
X-Message-ID-Hash: XJ4DTR6SAVFTTNYI652JGMH64FNWUUKG
X-MailFrom: aron@wussler.it
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: I-D Action: draft-ietf-openpgp-pqc-08.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/02A6UOphJwk0npU_qOZ6IppwaTc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi everyone,

At the OpenPGP Email Summit we discussed the PQC draft, and noticed that many are waiting on us to publish the latest state.

We took action, and here's the latest version with all the changes we discussed at the recent meetings:
- Assigned code points 35 and 36 for ML-KEM + ECDH algorithms: as discussed at the interim meeting and IETF 122
- Removed hash binding for ML-DSA + EdDSA and SLH-DSA algorithms: as discussed on the list, we allow signatures to offer a SHA-2 prehash to remove a blocker for CNSA 2.0 compliance
- Allowed usage of ML-KEM-768 + X25519 with v4 keys: as discussed at the OpenPGP summit, we decided to allow for a pq-upgrade path without rotating the primary key
- Aligned KEM combiner to X-Wing and switched to suffix-free encoding of the domain separator: as presented at IETF 122 to further align with LAMPS

Cheers,
Aron

--
Aron Wussler
Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930



On Tuesday, 15 April 2025 at 10:42, internet-drafts@ietf.org <internet-drafts@ietf.org> wrote:

> Internet-Draft draft-ietf-openpgp-pqc-08.txt is now available. It is a work
> item of the Open Specification for Pretty Good Privacy (OPENPGP) WG of the
> IETF.
> 

> Title: Post-Quantum Cryptography in OpenPGP
> Authors: Stavros Kousidis
> Johannes Roth
> Falko Strenzke
> Aron Wussler
> Name: draft-ietf-openpgp-pqc-08.txt
> Pages: 268
> Dates: 2025-04-15
> 

> Abstract:
> 

> This document defines a post-quantum public-key algorithm extension
> for the OpenPGP protocol. Given the generally assumed threat of a
> cryptographically relevant quantum computer, this extension provides
> a basis for long-term secure OpenPGP signatures and ciphertexts.
> Specifically, it defines composite public-key encryption based on ML-
> KEM (formerly CRYSTALS-Kyber), composite public-key signatures based
> on ML-DSA (formerly CRYSTALS-Dilithium), both in combination with
> elliptic curve cryptography, and SLH-DSA (formerly SPHINCS+) as a
> standalone public key signature scheme.
> 

> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/
> 

> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-08.html
> 

> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-openpgp-pqc-08
> 

> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
> 

> 

> _______________________________________________
> openpgp mailing list -- openpgp@ietf.org
> To unsubscribe send an email to openpgp-leave@ietf.org

v2.30.2 | Report a Bug | By Email | System Status