Re: [openpgp] German BSI, PQC for OpenPGP in Thunderbird,

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 24 June 2021 16:31 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E963A22F9 for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 09:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YM4wNdf9ryzl for <openpgp@ietfa.amsl.com>; Thu, 24 Jun 2021 09:31:09 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F38E3A22F7 for <openpgp@ietf.org>; Thu, 24 Jun 2021 09:31:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id B454038BAF; Thu, 24 Jun 2021 12:32:51 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kATQX1jOO_uM; Thu, 24 Jun 2021 12:32:49 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E31B38A7D; Thu, 24 Jun 2021 12:32:49 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 083011C6; Thu, 24 Jun 2021 12:31:05 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Derek Atkins" <derek@ihtfp.com>
cc: "Kai Engert" <kaie@kuix.de>, openpgp@ietf.org
In-Reply-To: <6dea5f0d481349c211224e256e23dd1f.squirrel@mail2.ihtfp.org>
References: <c2b4b0ea-ed14-79a0-c547-5fe79fc35fc0@kuix.de> <6dea5f0d481349c211224e256e23dd1f.squirrel@mail2.ihtfp.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature"
Date: Thu, 24 Jun 2021 12:31:05 -0400
Message-ID: <1922.1624552265@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/U9e23ZY2N9XT1HA1t0ttD73hYvk>
Subject: Re: [openpgp] German BSI, PQC for OpenPGP in Thunderbird,
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 16:31:14 -0000

Derek Atkins <derek@ihtfp.com> wrote:
    > My only concern at this point in time would be the question of what PQC
    > methods to include?  Right now there are still way too many choices,
    > and there is an expectation that NIST will reduce those choices over
    > the next 2ish years.  So does it pay to do the work now, or perhaps
    > wait a bit for Round 3 to finish, before we potentially add methods?

Reading Kai's email, my impression was that the point of the German effort is
to figure out (sooner) what changes might be needed to Thunderbird, and
perhaps, provide NIST with implementation feedback.

So, that's why they want to do the work now.

    > On Thu, June 24, 2021 9:52 am, Kai Engert wrote:
    >> Hello,
    >>
    >> I'd like to make you aware of a project call by the German BSI (a
    >> federal agency for IT security), which was brought to my attention.
    >>
    >> I've posted some information on it on the Thunderbird planning mailing
    >> list, see the following thread, which has multiple messages from me:
    >>
    >> https://thunderbird.topicbox.com/groups/planning/T5abbf135db2f3c1c/the-german-bsi-intends-to-sponsor-pqc-improvements-for-openpgp-in-thunderbird
    >>
    >> In my understanding they intend to pay a contractor for a wide set of
    >> tasks to bring PQC to Thunderbird, including the work to standardize
    >> the use of PQC with OpenPGP, including implementations for RNP, Botan,
    >> GnuPG and libgcrypt.
    >>
    >> It seems the BSI has already made a suggestion that they want to
    >> require the use of CRYSTALS-Kyber and -Dilithium.
    >>
    >> Is that a reasonable choice?
    >>
    >> Does it make sense to define a limitation to these methods at this
    >> point of time?
    >>
    >> Thanks Kai
    >>
    >> _______________________________________________ openpgp mailing list
    >> openpgp@ietf.org https://www.ietf.org/mailman/listinfo/openpgp
    >>


    > --
    >        Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer
    > and Internet Security Consultant

    > _______________________________________________ openpgp mailing list
    > openpgp@ietf.org https://www.ietf.org/mailman/listinfo/openpgp

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide