[openpgp] Fwd: SLH-DSA code points
Falko Strenzke <falko.strenzke@mtg.de> Thu, 21 March 2024 14:35 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29EFC180B66 for <openpgp@ietfa.amsl.com>; Thu, 21 Mar 2024 07:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZiL30xE1hjP for <openpgp@ietfa.amsl.com>; Thu, 21 Mar 2024 07:35:33 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D032FC14F601 for <openpgp@ietf.org>; Thu, 21 Mar 2024 07:35:32 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42LEZUIL005126 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT) for <openpgp@ietf.org>; Thu, 21 Mar 2024 15:35:30 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711031730; bh=9KvPy/k+8W2N1xOHauR2ruPFLe3hhcRpctvkihX6hF0=; h=Date:Subject:References:To:From:In-Reply-To; b=PUrIlhN5PB47u+1jLiYkviUpkGF4DfDqZPQd2BMWZwQpiCEbD4STTgJFgxh7jU50b Q3NyWfw9/RcB3PDCuxQholCCRov1yTIJm9R7cenJAlXJRqN5MAbsbZCMcGTvoU1vof 7KD1P0nY1rpEEIZHi4akFXgcUOujppZt2Mh6X3Vcy+n6D4d5xZ4ViHxsIGRYNehYC1 7NCENyZuaICSRdeTmVp6UOEySBHmti8grHk6E7CCtMizen20XirxcnSox5fW2Gybtq B1/WWEHSfXHCymj7tRQXTuKsqQ807okzQkVqp4qeKprPr6PFOc5raZDHxRP2nUaFao 04943S7yJO2Bg==
Received: from [199.99.99.194] (dhcp194 [199.99.99.194]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42LEZUAG020513 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT) for <openpgp@ietf.org>; Thu, 21 Mar 2024 15:35:30 +0100
Message-ID: <8e119691-b6ea-4b0a-b5f0-832ae3c9783a@mtg.de>
Date: Thu, 21 Mar 2024 15:35:30 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: de-DE
References: <5a285dca-7821-4508-9b50-40004b21efc8@mtg.de>
To: "openpgp@ietf.org" <openpgp@ietf.org>
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <5a285dca-7821-4508-9b50-40004b21efc8@mtg.de>
X-Forwarded-Message-Id: <5a285dca-7821-4508-9b50-40004b21efc8@mtg.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010207080601050600020806"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/TDyrJmaqf82nS5W5nPsXxS-hmFM>
Subject: [openpgp] Fwd: SLH-DSA code points
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 14:35:37 -0000
Hi DKG, yes, I am working on a PR that proposes the changed code point allocation (3 "flat" code points, I think it is clear that we remove the parametrization in any case) and explains when and why each one is useful. I am not sure I have an ultimately concrete use case where signing time is clearly a big cost factor. One that is conceivable, though, would be code signing for a large number of devices, where the firmware image is different for each device. - Falko Am 21.03.24 um 03:57 schrieb Daniel Kahn Gillmor: > Hi Falko-- > > On Wed 2024-03-20 10:56:54 +0100, Falko Strenzke wrote: >> My argument for the current triple is that >> >> - 128s is the only SLH-DSA variant coming near ML-DSA regarding >> signature size, >> - 128f is a factor of 100 worse in signature generation than ML-DSA, but >> still 10x faster than 128s. Thus where signing time is a cost factor, >> 128f has a clear advantage. >> >> So both 128s and 128f seem highly relevant to achieve performance time >> or space wise somewhat close to ML-DSA. >> >> Then of course 256s seems clearly required to have at least one variant >> for 256 bit security. > thanks for this rundown. Would you be up for proposing something like > this justification text as an MR for draft-ietf-openpgp-pqc? > > If you could tie it to specific use cases (e.g. e-mail, code-signing), > that would also be useful. > > --dkg > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> <https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false> Follow us ------------------------------------------------------------------------ <https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Kahn Gillmor
- [openpgp] Fwd: SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Simon Josefsson
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- [openpgp] Code-signing in OpenPGP [was: Re: SLH-D… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Michael Richardson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor