[openpgp] Re: Fw: New Version Notification for draft-ietf-openpgp-pqc-05.txt

Simo Sorce <simo@redhat.com> Tue, 22 October 2024 20:50 UTC

Return-Path: <simo@redhat.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC8CC15107E for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 13:50:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.252
X-Spam-Level:
X-Spam-Status: No, score=-2.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4_SQlQpsZQRw for <openpgp@ietfa.amsl.com>; Tue, 22 Oct 2024 13:49:59 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CBFDC151079 for <openpgp@ietf.org>; Tue, 22 Oct 2024 13:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729630198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kIo5TT6caQTOmw6vW/yrBvFL+1pLEbWbWMQWl573znA=; b=iYP9ZjD2YDNPc0wuBNVLVJ5XZCu0R1u4MpaZ+fOzhhPos+3442kXMfC758FAQajdQIf3ES bCqKEdx9wEEeQyzxpKkXch80JIcbQ9QiWZSNygRKBdIqBYKVHZpvCvD3/dIBI5rA+hyvRA TY5aeuWi9auzL5gd7TxOI1oPEY2FYAY=
Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-492-52EvCIQZOVa5iaU9LuupPA-1; Tue, 22 Oct 2024 16:49:57 -0400
X-MC-Unique: 52EvCIQZOVa5iaU9LuupPA-1
Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-5eb6154407eso4715277eaf.1 for <openpgp@ietf.org>; Tue, 22 Oct 2024 13:49:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729630197; x=1730234997; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kIo5TT6caQTOmw6vW/yrBvFL+1pLEbWbWMQWl573znA=; b=lSo6gAhe4jedZrXRHV9kITcMEk+riT0VHlTBOKFqOoA3TJtT569NrVbp9Xlnll0yM5 /Z7DK/fS2CQPrj4+xW+gJ+oG+yledwW106rqbyfCdP7MZ7zgSZSKyBoCh18cI1VZRAn5 YgzY7g9Vk0Rt/Ioh03W0j1tR5XL+26+d6cTeJfRXEV0Ws59QC3W9Mj9GNTST5WX43J0T YYYauzBoOCYrW1vNXnjnnIAz5C1o/nH2hh4mOvVOLsO6xaiNjSrBsQc08aWqfv+psrq5 6MdPxA820HwfCEkLuIzRZYLoaaoMuPFv5E2pvkRm1kmoQd+HRR7dZJScjn6J4KUeygrf pinQ==
X-Forwarded-Encrypted: i=1; AJvYcCVTndyDszsJNnob6TzXVZ1M0vH+AbefN8mreA1y6jevENdVuhf8XotVORgcoCPvcDV8THHD5eQU@ietf.org
X-Gm-Message-State: AOJu0YyitrVJ9BnR6vMsTV7f0+KTmzTyLsrZ7ov6ZwX1CF3ZxENuJDNh cIJDa5BqeKHbH400peXEOZrz6uvaW8o/Vgpr1UyP7K8gOICDhxyT3gcQMLcKnwcnIbbinYB3JD3 C3BRD7Y0YanSPiHCbcORN/zUlFVj/ifY9m2tK3dx4+F378rVO6Dtd5w==
X-Received: by 2002:a05:6358:418b:b0:1b5:e976:9a2b with SMTP id e5c5f4694b2df-1c3d810a684mr23118155d.13.1729630196829; Tue, 22 Oct 2024 13:49:56 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHaLCFuj4UQsszt2OfhG1DsMJXvlSLn0FNbf1elaqH904mYDsgK9HpC9H4dBk3cP9mjnjA7aA==
X-Received: by 2002:a05:6358:418b:b0:1b5:e976:9a2b with SMTP id e5c5f4694b2df-1c3d810a684mr23116555d.13.1729630196459; Tue, 22 Oct 2024 13:49:56 -0700 (PDT)
Received: from m8.users.ipa.redhat.com ([2603:7000:9400:fe80::a75]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7b165a77f25sm318913985a.103.2024.10.22.13.49.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2024 13:49:56 -0700 (PDT)
Message-ID: <e7d89e79829bb2af14d45c18195a77d31b93ffe0.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
Date: Tue, 22 Oct 2024 16:49:55 -0400
In-Reply-To: <a40dad1bdb5f67586cff31469ee08d58accef8d5.camel@redhat.com>
References: <172952468697.1996193.18317768871302868182@dt-datatracker-78dc5ccf94-w8wgc> <lgzJzv6GX9ZQ_K3bRqIi9ASxbjwaZFahcghzBaHLReMHIfVpudSlnWe9wCrKniruARt3AzOpEkT8WBWjO4N1ksP9LLcq4pBu0VhrzOyqbJE=@wussler.it> <a40dad1bdb5f67586cff31469ee08d58accef8d5.camel@redhat.com>
Organization: Red Hat
User-Agent: Evolution 3.52.4 (3.52.4-1.fc40)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: DFXMAOCIKWMUZT64AG5TITIIUQVTX5UO
X-Message-ID-Hash: DFXMAOCIKWMUZT64AG5TITIIUQVTX5UO
X-MailFrom: simo@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Fw: New Version Notification for draft-ietf-openpgp-pqc-05.txt
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/U5UupqKD9R1UvFuutusLn1GZqwI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On Tue, 2024-10-22 at 16:42 -0400, Simo Sorce wrote:
> Hi Aaron,
> 
> great work on the update!
> 
> That said I have to ask is there is apce for adding NIST ECC curves
> here.
> 
> While Ed25519/Ed448 have been recently approved for use in FIPS modules
> via revision 5 of FIPS-186 there is yet no approval for the use of
> X25519/X448 as SP 800-56A has not been extended to cover them.
> 
> It would be useful if at least one KEM option would be defined using
> NIST curves for the classic algorithm part.
> 
> Ideally bot KEM and Signatures can use the classic NIST approved
> curves, as adding an Edwards curve implementation to existing modules
> may not be trivial and time would be better spent properly implementing
> ML-DSA and ML-KEM while reusing a proven and hardened P256/P384/P521
> implementation for the classic part.
> 
> I understand the desire to avoid too many combinations, but a standard
> should also look at the practicalities of deployment IMHO.
> 
> HTH,
> Simo.

That 'apce' above is a typo for "space" ... sigh.

And I forgot to add that if classic NIST curves where available, then
existing and certified HW tokens that implement those curves could be
used in conjunction with a non certified software implementation of ML-
KEM and ML-DSA resulting still in a FIPS compliant tool as for KEM
combiner the PQ part is just seen as additional data and does not
"break" FIPS compliance, while for Signatures the certified signature
function is sufficient to claim a compliant verification is done.

This means existing tokens could be used while we wait for new ones
that can provide certified ML-KEM and ML-DSA implementations.

Simo.

-- 
Simo Sorce
Distinguished Engineer
RHEL Crypto Team
Red Hat, Inc