IETF Logo Mail Archive

[openpgp] Re: WGLC for draft-ietf-openpgp-pqc

Simo Sorce <simo@redhat.com> Wed, 14 May 2025 16:36 UTC

Return-Path: <simo@redhat.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 762B1288C7DC for <openpgp@mail2.ietf.org>; Wed, 14 May 2025 09:36:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEEtMSjm0CZp for <openpgp@mail2.ietf.org>; Wed, 14 May 2025 09:36:01 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4E518288C7D7 for <openpgp@ietf.org>; Wed, 14 May 2025 09:36:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1747240560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FBaWU9gSmFYq8QkRXL04363Adh4wLZI2vxKQdKXOP00=; b=TZG3uhCJGqHPd7XasimW20Qvjrj07uf20MwMK8DxTCsQcAfSvf8n9/U3Qyf+ggC1yQGg/O k3aPF67z1m2rgoBbjk/R/JsDrdKpebQej7Z0y0sm34M7qTQwaFvP4fXbp8lJAecfBlt6yQ 7wMzUOCGyMTUm/aWed51oqIvFZgd5Aw=
Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-619-ShodRcN0NuC4m4CCiuikaQ-1; Wed, 14 May 2025 12:35:59 -0400
X-MC-Unique: ShodRcN0NuC4m4CCiuikaQ-1
X-Mimecast-MFC-AGG-ID: ShodRcN0NuC4m4CCiuikaQ_1747240559
Received: by mail-qt1-f197.google.com with SMTP id d75a77b69052e-476a44cec4cso107472891cf.2 for <openpgp@ietf.org>; Wed, 14 May 2025 09:35:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747240559; x=1747845359; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FBaWU9gSmFYq8QkRXL04363Adh4wLZI2vxKQdKXOP00=; b=joYNcZd1GYkhIRpL0bO3ezXd9gfgGOQBPl4D+8ejN9XKT6JbH0ZGWar7KhiY+LedzD 4oClh6RibnqfsnnJnIqHogJQkD/oh01Ns8JeGzOwnhq/MqPQLWArVxyJJpBGjX7JnRZr xoRujvsffalm52i9jnx5RLH+dwz4uEkBLEl+8545woiMvwbOMwrg3Uky6psvx0/fcqtA kNjuanJbaYszgZ3viCIYz5RM+3IPMuWjAx1Xwu9bYnTH4EYqkp+mz5Hz64bJrLppEdA3 frkemZ4iK+wtDg9aQ8tir5pe0TyOqoTP1K2kbML2ARfMwfm8n3X1uLYDUh12oVRE1nt4 3pCA==
X-Forwarded-Encrypted: i=1; AJvYcCUg2fdYFAtew1738xxzpTKtNG1keideCT+8cm4Ibodn0gSY7v3qc8BP+lLKzsXLKbgDqFUJaaqL@ietf.org
X-Gm-Message-State: AOJu0YxOcNHXFNDp5kMtUqctZlNqqczwGi5JO5u6PQZz5nQ/Nwpz+4ma Sg6mEweKLFVxehH+3Ez2+iH3I5PN1oBBrE8/FgrkYrv7hEolY5DhpkT8kXpVJc/+7Y5PcoElmTH G6q7mXKWxeBPlOr/e9R9hBMPLc/7f51pVipDBI2J0m03MH9d1A5EPoQ==
X-Gm-Gg: ASbGncuim0d7oZbqyBSAgN/e4Hij0j982vhFDfpow5lqMwR0cADPpKUHQCrYbzOokUw 7b1zvAbjaZuQkiCbj8dtQOFAjv4dy1uKKntSMbVFM5wkCcB+3emqfPX4bxNGSHgDKTwsqF2thaM GvUhd0RYe6DdYroi7Z8/eM0FTJ5IeQl94xuaXg9VdSOMBOVUcO1yWCFpBuU/hfk0DmaFtEAgNnd quTrnn9D691rIB1igz+nDZeRcp/l15JSkgaSlfaSXs3TBXi/XzAvdm06ohqCq2J/TwsTb7m9ZMN zpNNlg==
X-Received: by 2002:a05:622a:258a:b0:476:909b:8287 with SMTP id d75a77b69052e-49495cd4256mr64780041cf.20.1747240559064; Wed, 14 May 2025 09:35:59 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFTHqKaQ7jJ9Lyoi6wrDE+Ok4wxsuWMx2YXLCZ4cWZ1onjHjm4Ju7RVfN6LSVbWnOVkiE2VLw==
X-Received: by 2002:a05:622a:258a:b0:476:909b:8287 with SMTP id d75a77b69052e-49495cd4256mr64779591cf.20.1747240558670; Wed, 14 May 2025 09:35:58 -0700 (PDT)
Received: from m8.users.ipa.redhat.com ([2603:7000:9400:fe80::18e]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-49452583cf3sm80865751cf.54.2025.05.14.09.35.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 May 2025 09:35:58 -0700 (PDT)
Message-ID: <d7cab02150ce1153b257a5036708302c64b5ffe9.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
Date: Wed, 14 May 2025 12:35:57 -0400
In-Reply-To: <1a15934d-50be-46dc-8300-189834c70e3f@cs.tcd.ie>
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it> <87wmblcr8i.fsf@fifthhorseman.net> <87ikm5eoey.fsf@fifthhorseman.net> <1a15934d-50be-46dc-8300-189834c70e3f@cs.tcd.ie>
Organization: Red Hat
User-Agent: Evolution 3.56.1 (3.56.1-1.fc42)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: 8sAulhTXRGUhL3QuIjH9b4_w9qeySTi7Jfg5V9shz9Q_1747240559
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: WY5IO7LFYP3OBD7TSD7DDGQTU27YLYAR
X-Message-ID-Hash: WY5IO7LFYP3OBD7TSD7DDGQTU27YLYAR
X-MailFrom: simo@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: WGLC for draft-ietf-openpgp-pqc
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/SeW0V9LkLbtlrK6XVj_26ht57DQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Some counter-comment inline.

Also adding that while I do not really like exactly every single choice
in these documents I think they are a good WG compromise and should be
moved forward w/o delay.

On Tue, 2025-05-13 at 23:11 +0100, Stephen Farrell wrote:
> 
> - I think (but am not 100% sure) we want it to be true that
>    no implementation makes unexpected multiple uses of any
> secret or private value at any time. For example, KEM
> private values when sending a mail to multiple recipients
> or signature private keys when signing twice with algs
> 32/33. Is that the case?  If so, should we say it (more)
> explicitly? We almost do say this in a few places, some of
> which RECOMMEND not re-using, others of which call for
> "independent" generation. Is this something we could
> tighten up on without breaking any use-cases? If we do have
> some real use-case that needs to re-use a secret or private
> value, (basically other than multiple alg-specific signing
> private key use), can we describe that as the
> counter-example to just saying RECOMMENDED rather than MUST
> NOT?

When using HW tokens with small storage it may be required to be able
to use the same private key for multiple signature schemes, I think
RECOMMENDs is strong enough and MUST NOT would be excessive (also
difficult to enforce, so kinda toothless).

> - 2.1: Five is IMO too many signature options. Can we not
>    reduce that number?  If not (as I suspect, I always lose
> this argument;-) then it'll help with later document
> processing if we can document why we need five in e.g. an
> email, in case someone asks, which they probably will.  (I
> forget if we covered this specifically in earlier debates
> sorry, if a reference provides a good answer, that's just
> fine.)

We ultimately want more than five, because the hybrids explode the
matrix, so I think this is something you just will have to make peace
with :-D

-- 
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc

v2.31.3 | Report a Bug | By Email | System Status