Re: [openpgp] SLH-DSA code points
Falko Strenzke <falko.strenzke@mtg.de> Thu, 21 March 2024 17:08 UTC
Return-Path: <falko.strenzke@mtg.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09DA2C15154E for <openpgp@ietfa.amsl.com>; Thu, 21 Mar 2024 10:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FvRzDsV22V0b for <openpgp@ietfa.amsl.com>; Thu, 21 Mar 2024 10:08:13 -0700 (PDT)
Received: from www.mtg.de (www.mtg.de [IPv6:2a02:b98:8:2::2]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22E3DC1519AE for <openpgp@ietf.org>; Thu, 21 Mar 2024 10:08:11 -0700 (PDT)
Received: from minka.mtg.de (minka [IPv6:2a02:b98:8:1:0:0:0:9]) by www.mtg.de (8.18.1/8.18.1) with ESMTPS id 42LH7wrr010400 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Thu, 21 Mar 2024 18:07:58 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mtg.de; s=mail201801; t=1711040878; bh=BxF8kh8I1Lu2Or0b6C0MjSWy6K/wiKbHs+wAxWONhEA=; h=Date:Subject:To:References:From:In-Reply-To; b=lDB8F4tFu8op+n2lQN19cJJbOdOzb9hv0f90bdoG8vMEBys2NC7zznvi26ZfKCUOe rF/2ha54vAEMEQeRu5ig+uXQdxBrB+DiFuZdc5lYIWLTqdrA8lkdBcPvCb1vjeCABf DoyUeX54hXz1AsBc8AA7y6DUfQzmQ3WrWGM9PhLEzNox7dFczeuY9qmw/fqOO3l5ty E0n56kUq6XrAavPOFZarqLGuXdQZzq+rbMQjg9KBiZMG6MMow56AQMYe0kRrMxDYWe aQAbEm7KDL3pK59jFN7CpkARPkrLo+bCGAZbfCkIZQFc3sTH8l9jvQ/yusV977NP1z nzIm45irPPyzw==
Received: from [199.99.99.194] (dhcp194 [199.99.99.194]) by minka.mtg.de (8.18.1/8.18.1) with ESMTPS id 42LH7vag028740 (version=TLSv1.3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256 verify=NOT); Thu, 21 Mar 2024 18:07:57 +0100
Message-ID: <919422f5-dba3-4a41-a84a-ac1d668b3265@mtg.de>
Date: Thu, 21 Mar 2024 18:07:57 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "openpgp@ietf.org" <openpgp@ietf.org>, Daniel Huigens <d.huigens@protonmail.com>
References: <42ff8d55-88a9-4c84-99bd-688f1d29b508@mtg.de> <87le6c47ia.fsf@fifthhorseman.net>
Content-Language: en-GB
From: Falko Strenzke <falko.strenzke@mtg.de>
In-Reply-To: <87le6c47ia.fsf@fifthhorseman.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms020007040708010003040607"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/WzZJ44yWRmP2vJ1CuFQxTh6gduY>
Subject: Re: [openpgp] SLH-DSA code points
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 17:08:19 -0000
I have made that PR now: https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/99 In its description I wrote: /For technical reasons, namely being able to proceed with other changes affecting larger portions of the draft without creating any conflicts, the editors would like to merge this PR as soon as it is found to make the correct transformation to the new three SLH-DSA-SHAKE code points (removing the parametrization) in a *technical sense* (which has an impact on the document structure and the textual reference to the algorithm) . The criterion for merging it should not be that there is already consensus on the exact number of SLH-DSA code points or the text for their justification in the "Additional Considerations" section. That can be agreed on in the further discussion on the list and then we can open another PR for the required changes./ - Falko Am 21.03.24 um 03:57 schrieb Daniel Kahn Gillmor: > Hi Falko-- > > On Wed 2024-03-20 10:56:54 +0100, Falko Strenzke wrote: >> My argument for the current triple is that >> >> - 128s is the only SLH-DSA variant coming near ML-DSA regarding >> signature size, >> - 128f is a factor of 100 worse in signature generation than ML-DSA, but >> still 10x faster than 128s. Thus where signing time is a cost factor, >> 128f has a clear advantage. >> >> So both 128s and 128f seem highly relevant to achieve performance time >> or space wise somewhat close to ML-DSA. >> >> Then of course 256s seems clearly required to have at least one variant >> for 256 bit security. > thanks for this rundown. Would you be up for proposing something like > this justification text as an MR for draft-ietf-openpgp-pqc? > > If you could tie it to specific use cases (e.g. e-mail, code-signing), > that would also be useful. > > --dkg -- *MTG AG* Dr. Falko Strenzke Executive System Architect Phone: +49 6151 8000 24 E-Mail: falko.strenzke@mtg.de Web: mtg.de <https://www.mtg.de> <https://www.linkedin.com/search/results/all/?fetchDeterministicClustersOnly=true&heroEntityKey=urn%3Ali%3Aorganization%3A13983133&keywords=mtg%20ag&origin=RICH_QUERY_SUGGESTION&position=0&searchId=d5bc71c3-97f7-4cae-83e7-e9e16d497dc2&sid=3S5&spellCorrectionEnabled=false> Follow us ------------------------------------------------------------------------ <https://www.mtg.de/de/aktuelles/MTG-AG-erhaelt-Innovationspreis-des-Bundesverbands-IT-Sicherheit-e.V-00001.-TeleTrust/> <https://www.itsa365.de/de-de/companies/m/mtg-ag> MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas Milde This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted. Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
- [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Kahn Gillmor
- [openpgp] Fwd: SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Falko Strenzke
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- Re: [openpgp] SLH-DSA code points Simon Josefsson
- Re: [openpgp] SLH-DSA code points Daniel Huigens
- [openpgp] Code-signing in OpenPGP [was: Re: SLH-D… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Michael Richardson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Simon Josefsson
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Huigens
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Andrew Gallagher
- Re: [openpgp] Code-signing in OpenPGP [was: Re: S… Daniel Kahn Gillmor