[openpgp] Re: Fw: New Version Notification for draft-ietf-openpgp-pqc-05.txt

Simo Sorce <simo@redhat.com> Tue, 22 October 2024 20:42 UTC

Return-Path: <simo@redhat.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CCEEC14F71D for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 13:42:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PrGAYlDjTT-W for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 13:42:47 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BFEFC14F6F2 for <openpgp@ietf.org>; Tue, 22 Oct 2024 13:42:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729629765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hnJr2rcBiq8Q5nvJ5CZSQswUYEgG1GEWwWD03KRfbJE=; b=QULnJJpSvZGsncF8Lr6k+oYMxJpzcNvZSDpjo7t1efjf1Q/0nlAFZrvLRvtIUfMkErst+I f5/w+z9Mf7ULe1xWzWotjtxe9Bhk9qgs97CF6Glmq49k+sJ7dRJY4qkzQYb6Omgfj4PA8o hRhnmAztV0JcrTEsEnIY5J7239rb/iY=
Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-388-UfBTrsmxMP6y2hcsDPTAaA-1; Tue, 22 Oct 2024 16:42:44 -0400
X-MC-Unique: UfBTrsmxMP6y2hcsDPTAaA-1
Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-7b13ff957cbso880325285a.0 for <openpgp@ietf.org>; Tue, 22 Oct 2024 13:42:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729629764; x=1730234564; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hnJr2rcBiq8Q5nvJ5CZSQswUYEgG1GEWwWD03KRfbJE=; b=kcdA3Vx3z8ipte/PQOmM3FItyKOvOP2WpfE4NSoj+s3qFA/WxByvDzJYxY9TQvVoVC 4CYu2T/s2KOWnCATJ1agnD+Ydv4i7QikHRbY2D7ArzUUIH2LqV2l5ufEGxpynNIGLTGK aHqjri0+xbfJiYW0cij0mCbOoBKZczZ5crEUnWLyVotVvXdpREPckDq4z3A8G93EL/F4 pqA/I5QhQYPso0lZV05XKZWxpF1/PlNPQz+IaQ4IoiNKAMaVZgwJAqrT7ID/P3J+xCOu yPcFeP6mwNcYBkqUKQMMyxy/DJYs6KjO1jJqlt5oMApHyHfH9y7op8rLTorlAmzkNQLV zRCQ==
X-Forwarded-Encrypted: i=1; AJvYcCVh/DxkYL5JQxHQz66cOAbz4voF719w0ysa6C2L9UQfxKE1qXnkGTObUhEcO/2r6LZZHRDT6fdE@ietf.org
X-Gm-Message-State: AOJu0YwyvBoivPAlzYqtxpiQy3Q1cUW3o7IdMqSIPVoUnmQ8t5K91W91 uMwdKMvyy990LA1VyeKiTZ5szad7KK0Ak8ljOFn8LLZ5KX1WiSk+MqvClgt+124JsOsm2nqbx64 7dMZ8jLtI0Z8nQU6R4nCD44Y4g7QrpRt2sEvpKOgBOuBeFjZaS14QYw==
X-Received: by 2002:a05:622a:30b:b0:460:ddc3:4f0d with SMTP id d75a77b69052e-46114706390mr3047871cf.43.1729629764089; Tue, 22 Oct 2024 13:42:44 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHkXM5F70JxN3VRixI1fUDnxhtpevaeJa/AiGlxyL4PWgjH4mT4Yf9jrmHBs3CYMro6gnROtw==
X-Received: by 2002:a05:622a:30b:b0:460:ddc3:4f0d with SMTP id d75a77b69052e-46114706390mr3047681cf.43.1729629763682; Tue, 22 Oct 2024 13:42:43 -0700 (PDT)
Received: from m8.users.ipa.redhat.com ([2603:7000:9400:fe80::a75]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-460d3c7c41dsm33528271cf.39.2024.10.22.13.42.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2024 13:42:42 -0700 (PDT)
Message-ID: <a40dad1bdb5f67586cff31469ee08d58accef8d5.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
Date: Tue, 22 Oct 2024 16:42:41 -0400
In-Reply-To: <lgzJzv6GX9ZQ_K3bRqIi9ASxbjwaZFahcghzBaHLReMHIfVpudSlnWe9wCrKniruARt3AzOpEkT8WBWjO4N1ksP9LLcq4pBu0VhrzOyqbJE=@wussler.it>
References: <172952468697.1996193.18317768871302868182@dt-datatracker-78dc5ccf94-w8wgc> <lgzJzv6GX9ZQ_K3bRqIi9ASxbjwaZFahcghzBaHLReMHIfVpudSlnWe9wCrKniruARt3AzOpEkT8WBWjO4N1ksP9LLcq4pBu0VhrzOyqbJE=@wussler.it>
Organization: Red Hat
User-Agent: Evolution 3.52.4 (3.52.4-1.fc40)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: I3WMHR457ANGF6CII2ULHJ7BIWD4FUFB
X-Message-ID-Hash: I3WMHR457ANGF6CII2ULHJ7BIWD4FUFB
X-MailFrom: simo@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Fw: New Version Notification for draft-ietf-openpgp-pqc-05.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/4onufENK-ySsCFnGgfwbG6ObRoo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Aaron,

great work on the update!

That said I have to ask is there is apce for adding NIST ECC curves
here.

While Ed25519/Ed448 have been recently approved for use in FIPS modules
via revision 5 of FIPS-186 there is yet no approval for the use of
X25519/X448 as SP 800-56A has not been extended to cover them.

It would be useful if at least one KEM option would be defined using
NIST curves for the classic algorithm part.

Ideally bot KEM and Signatures can use the classic NIST approved
curves, as adding an Edwards curve implementation to existing modules
may not be trivial and time would be better spent properly implementing
ML-DSA and ML-KEM while reusing a proven and hardened P256/P384/P521
implementation for the classic part.

I understand the desire to avoid too many combinations, but a standard
should also look at the practicalities of deployment IMHO.

HTH,
Simo.

On Mon, 2024-10-21 at 15:35 +0000, Aron Wussler wrote:
> Hi everyone,
> 
> We just published the new version of the draft, including all the changes promised at the last meeting. 
> 
> 
> In particular, here's the changelog:
>    *  Reworked KEM combiner for the purpose of NIST-compliance.
>    *  Mandated v6 keys for ML-KEM + ECDH algorithms.
>    *  Defined private key seed format for ML-KEM and ML-DSA.
>    *  Added key generation security considerations.
>    *  Replaced initial public drafts with FIPS 203, 204, 205.
> 
> The test vectors are up-to-date, and we encourage everyone to have a look at it, or even better try to implement it.
> 
> Cheers,
> Aron
> 
> 
> 
> --
> Aron Wussler
> Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930
> 
> 
> 
> ------- Forwarded Message -------
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Date: On Monday, 21 October 2024 at 17:31
> Subject: New Version Notification for draft-ietf-openpgp-pqc-05.txt
> To: Aron Wussler <aron@wussler.it>, Falko Strenzke <falko.strenzke@mtg.de>, Johannes Roth <johannes.roth@mtg.de>, Stavros Kousidis <stavros.kousidis@bsi.bund.de>
> 
> 
> > A new version of Internet-Draft draft-ietf-openpgp-pqc-05.txt has been
> > successfully submitted by Aron Wussler and posted to the
> > IETF repository.
> > 
> 
> > Name: draft-ietf-openpgp-pqc
> > Revision: 05
> > Title: Post-Quantum Cryptography in OpenPGP
> > Date: 2024-10-21
> > Group: openpgp
> > Pages: 59
> > URL: https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-05.txt
> > Status: https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/
> > HTML: https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-05.html
> > HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
> > Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-openpgp-pqc-05
> > 
> 
> > Abstract:
> > 
> 
> > This document defines a post-quantum public-key algorithm extension
> > for the OpenPGP protocol. Given the generally assumed threat of a
> > cryptographically relevant quantum computer, this extension provides
> > a basis for long-term secure OpenPGP signatures and ciphertexts.
> > Specifically, it defines composite public-key encryption based on ML-
> > KEM (formerly CRYSTALS-Kyber), composite public-key signatures based
> > on ML-DSA (formerly CRYSTALS-Dilithium), both in combination with
> > elliptic curve cryptography, and SLH-DSA (formerly SPHINCS+) as a
> > standalone public key signature scheme.
> > 
> 
> > 
> 
> > 
> 
> > The IETF Secretariat

-- 
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc