Re: [openpgp] German BSI, PQC for OpenPGP in Thunderbird,

Derek Atkins <derek@ihtfp.com> Thu, 24 June 2021 14:40 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C163E3A1F19 for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 07:40:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePWcbwIFmT1l for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 07:40:03 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC0A03A1F1A for <openpgp@ietf.org>; Thu, 24 Jun 2021 07:40:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 5111CE2040; Thu, 24 Jun 2021 10:40:01 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 27133-01; Thu, 24 Jun 2021 10:39:59 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id D36B0E2045; Thu, 24 Jun 2021 10:39:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1624545599; bh=WrFaYnj/VOWDn0dzQT3pYhf9uGcjFFjoXyUoFI5xWwU=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=Ma9MF+ANiIO/XNYqK6VjQkjqqN/RcTQ0/gPQrR8qEVEyWwGTW+2HN1NFKRBjbHwUY AZjEYOl4LE9BaK6PW/Jx/4SPNhY3BZySWDmmbfBpQyV1w1iI2Opx1vVUfQTwJKy0kb LUeDwffeVLXsVOWv/kDlGdo5r/PyEv7y9oTH1sTo=
Received: from 73.126.63.116 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Thu, 24 Jun 2021 10:39:59 -0400
Message-ID: <6dea5f0d481349c211224e256e23dd1f.squirrel@mail2.ihtfp.org>
In-Reply-To: <c2b4b0ea-ed14-79a0-c547-5fe79fc35fc0@kuix.de>
References: <c2b4b0ea-ed14-79a0-c547-5fe79fc35fc0@kuix.de>
Date: Thu, 24 Jun 2021 10:39:59 -0400
From: "Derek Atkins" <derek@ihtfp.com>
To: "Kai Engert" <kaie@kuix.de>
Cc: openpgp@ietf.org
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/SNG0zBhGVgJS1qkJW4eS7od5i6E>
Subject: Re: [openpgp] German BSI, PQC for OpenPGP in Thunderbird,
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 14:40:08 -0000

Hi Kai,

My only concern at this point in time would be the question of what PQC
methods to include?  Right now there are still way too many choices, and
there is an expectation that NIST will reduce those choices over the next
2ish years.  So does it pay to do the work now, or perhaps wait a bit for
Round 3 to finish, before we potentially add methods?

-derek

On Thu, June 24, 2021 9:52 am, Kai Engert wrote:
> Hello,
>
> I'd like to make you aware of a project call by the German BSI (a
> federal agency for IT security), which was brought to my attention.
>
> I've posted some information on it on the Thunderbird planning mailing
> list, see the following thread, which has multiple messages from me:
>
> https://thunderbird.topicbox.com/groups/planning/T5abbf135db2f3c1c/the-german-bsi-intends-to-sponsor-pqc-improvements-for-openpgp-in-thunderbird
>
> In my understanding they intend to pay a contractor for a wide set of
> tasks to bring PQC to Thunderbird, including the work to standardize the
> use of PQC with OpenPGP, including implementations for RNP, Botan, GnuPG
> and libgcrypt.
>
> It seems the BSI has already made a suggestion that they want to require
> the use of CRYSTALS-Kyber and -Dilithium.
>
> Is that a reasonable choice?
>
> Does it make sense to define a limitation to these methods at this point
> of time?
>
> Thanks
> Kai
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>


-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant