IETF Logo Mail Archive

[openpgp] Re: WGLC for draft-ietf-openpgp-pqc

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 14 May 2025 09:48 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 235CD2864508 for <openpgp@mail2.ietf.org>; Wed, 14 May 2025 02:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wek4eGurpH8l for <openpgp@mail2.ietf.org>; Wed, 14 May 2025 02:48:25 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2105.outbound.protection.outlook.com [40.107.20.105]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9AA4E28644FC for <openpgp@ietf.org>; Wed, 14 May 2025 02:48:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DNA4WIjjmBAM4CWGTWAkAcy8ob+h1LGagnWb8p8UUIuPSaxLjSb4qPQciUJ0NwDmnIC5sU9kR6IM0nlUUf9adv2pW7Lk2d5cH9/QSOFeydWVNNbv2Dnd+GUhoAEfuej5vv1H4mJs57UcJOhQhrLc/0935SnelUZdLJ+l+rKKf+u3c3YXH3K1eLGx5lwLNxG2eMoIAVxzlkcI6LsCGGAkMcjmoRx0TKjgKjzDQAYC7pOR2pnvnkTMIdUqVO7HSxrFbom+gWSoNpUE33fT3LYWwLqwCVFU9mcRevMHsGb5bbkTxbHLqPnykpbsSsGbSJTLFiyNgkNBn1t8JG8XDT4KGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1wgLNacnJwX26kRftAPWEr6knxOohlwivytaMQo6Uqo=; b=NBokz9Z13f26+wn55hmUmVyHz0P7PFZEN2rjHJ804eddD14+xCn87WJVbPdFDregPpKN55jXdObkAxVVqAcPPd90bAeYdWzTNQU3MAbKHhS15RLogKrU8i9e/zLKPTt2PP6ltDXyVdT8W0ai5bgy7dy+Pic7yQQ2hHeIv/ZPoAh8PkSVD0o7kqdTmgvCR89I5O/6x+2IPDCN8ZKi+kPJK1D8QRA11xxGOvir0HKNgkq7pGpNFqQCSZlV6IL0sjObfA6ew5dUVGc+G6IXUdLy4Q+QajkffjQsMS4yCEJ1zOFO6yfwfa4uOLpIo82++WnczgJZgk3da3u0B64RjBwHZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1wgLNacnJwX26kRftAPWEr6knxOohlwivytaMQo6Uqo=; b=Bil97PRcRFy59hrSVxqedFUBym7FpdgF+X1avWDnUqIHFmmE7S1br1FDU1MupwKOqp0FW/kYUjZpMs2v8eSI9WoSGyNZg9dS2h3zx4Ktw+LScAaUG0Dar+QUD842t4covq46o9IxM/7l9eHVqW8v1JR7eZmE5yr8fcG85tum5wEOU0RW1pWsRqnogY30IGH4xNex3wsIaGRhuVYUtNm30nXCYcWeaLilzNMZ+sGIvvKh3clHQaBd24egIasmNzd5NKz3JWsDihTUhA+5JtfFkxqWSbtnhI4zQsCCbFoa/6/7SIzcRfxJObUUvUpb/iWDdFcLssHeul5tDI/6O1iA1g==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16) by DB5PR02MB10096.eurprd02.prod.outlook.com (2603:10a6:10:48d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.16; Wed, 14 May 2025 09:48:23 +0000
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a]) by DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a%2]) with mapi id 15.20.8722.027; Wed, 14 May 2025 09:48:23 +0000
Message-ID: <90052b8f-9f58-49e8-b6fd-d59c27ed8831@cs.tcd.ie>
Date: Wed, 14 May 2025 10:48:22 +0100
User-Agent: Mozilla Thunderbird
To: Falko Strenzke <falko.strenzke@mtg.de>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, openpgp@ietf.org
References: <174470653269.1286532.14892820163225351018@dt-datatracker-64c5c9b5f9-hz6qg> <LSicuu3DyGQdz5FlANti-HGJ6GuAucc5BKufbsCa603EsSZ0q1XMXYvt_OubLd0UQkg0gh2F--9y9WpoqWfQu5XU-KEcJ15GG66cSFk9ByU=@wussler.it> <87wmblcr8i.fsf@fifthhorseman.net> <87ikm5eoey.fsf@fifthhorseman.net> <1a15934d-50be-46dc-8300-189834c70e3f@cs.tcd.ie> <96729095-d88f-480e-b6f7-8d3b84599ccd@mtg.de>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <96729095-d88f-480e-b6f7-8d3b84599ccd@mtg.de>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------FZV2ICiZVOIuEVKUnX8Nwh30"
X-ClientProxiedBy: DU7P191CA0011.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:54e::18) To DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB8PR02MB5946:EE_|DB5PR02MB10096:EE_
X-MS-Office365-Filtering-Correlation-Id: ddca9bc1-7304-4945-6600-08dd92cc7766
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|4022899009|10070799003|366016|1800799024|13003099007;
X-Microsoft-Antispam-Message-Info: MO7sWr3s+lkwrTt6PUchBtG9hQA0rRGB9VpbQgGPVzAVPXCxIn/o2+l9tJbNvDFW0SyoXoyZo8m+mWQvornxEaz3fctQLSFdbFJzMi46NoVKUu0kGWsN7W+/Lxcrk76ADFrWOnOPkF/c2/cQc5mZOYA9QVhIA+Tpmc7OFUyAzbfaY2F5mpvq4FGee1MhvC/KBgO5dt+8Cgn5MZ26o91gJ7UiqB01jaNiqqK4JDSvvIcBByzKLmFeyiCpxPYQ0oOff1gUcV6B0StBQl+QC7YWHxrHqr/CDaiiUK0rFFPDaxrhz43mcyWsqGXUJs7rSVcvwjsQ6nYWFbG5m9rXtGcqjX04rdOTtG3/VTPPXrpJWdZcogy2T2x1xDcXy3Yp+5JDvC5JabYOsX7gdXPwKaE7qU7Mq/NqC1y/xhBGiqryBiQSDrZD7GVGxXrhTqkiUn4WE4GGLGqJBOFwTEeqS68NUYOEpIj0JgTB03kIt86sNZcpZSpSikTqDvc4JPooVH2vM6FXrIGjesIhtN6fNmFQ3IM8GSqq1IvtLmCqguwa7VZaeDJ2T0J1xKl9mWD39Hs+J9KCrdIA2PdudqjP4Fcx8bRICUyO6cKU64Znp/2Bh/asgK5C9mszlEvpMkxl4tEuANe8dC1XptRhTfBF3AuPYpFS3C9iu4TyQ9tyMlX9my4MgTawZ6sDCctT7ZSYuNEsnbkMFOezZrlILlVct1MkghpnKwCrNQNQF7Kn96PHqjYnL+dPwjjaFVcmrEhJwCc7SNrY+b2e1d0j4qNDg0ZeeZSHCrFBMQ7U5RnhM0QwQT8oyJYYVzq8rGiia3uMgdUL5lxYAZHBGdv32Om3EKWm3bvqwd0amPXaXkxprUXQMjgbRwlwudJk1QU4MqQOWsNRfdc6FUfzSdrGpYJqbXoLAPyAsg+fUNV2tzZQtmFo7mS42c3QTrpT1wCOkMbwuKPTPdRhWUpZdDXjhlgeF+H8WIN3BbL9BuAP0SpGVaooyE0F7+p5qrckWvcAHWP6c+kMgnHkZtMXePDUl30sP2KQMH5nVkWAmM1OvNZefyJ+QsWPG2cyFqJBg02mHJsmS/uuwNZQDGhq8G2glR4ojadzDy0ju+NRpfrzG4Ehh409K09X9daft/v8LB8Z6cswi2CVijthv5JJV/+WDYGMbFbJDgzEMbIkyxl9kH0yknTcgUSZtxHC5ofYUhxxMu8CdOL5wmWLGAEMcrhdkobjIaSFKj9FX5jqUKLqitXldX5KhQRVdaZ1rxlkr8CLujxc/p9RIV0Gur8yq8oibsJk/XCPXuFrTJrlKckyW+y6J0h526nP5iymwysgpzBFtzEN3oBV38ZPsl7Cs0coHZhJnHQ/mSUgputjLlKXzFmc0RmUPtc=
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR02MB5946.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(4022899009)(10070799003)(366016)(1800799024)(13003099007);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 5zL5D1/MqXfD05kgs4uxvatrfqmQmp7NqdXmm69JyyhIcxXYY7PNGvMmRc2JyCyDQdBP9YJYikTTEyQflnpt30bPsY7QIxEULA1kTUEBxCNfIWRiTV9iJHw/a3h8X7zywwN6UoUquipePoKKBfyNjzD01tkgB5YpHbN60PSKR/Wkn+j+NGG86JTP6DiII0UWBto+HU9V8Ok1K5yydhb87BGgEpqDWvJolIKZt9xZuY054XOWkOeS7ObPPBpElR+BKsqHrWl4736tTEKbD/w7pguhqG4Z0oTvEx6OJ2gqdNULYpN3lVBR40He7gMEGb1V9QO5V6ZdYazAp31zI03oRQip2YJujihK3ufXdjb2cf584kXWs+kll6sRVSB7EUrEG5csbPxJNFAkodsmtHnFz0Nx1aQyOEruC1h7TUJ0yzamBg9RWw8iuel2/FcUs+S1xueI8p0DSIYUDTP/oBbOo5DE1V3ArIyJ6BJolu+qCthu7pAK6aNaxDQnenXGwmSsvQZPIQSulH0cdiM1I56b1wTd4NHc3QW+71jq9ZzPVSslgq1SLvtL0OStpfIlWXuxsfu257VxXQbv8Y6+m0f+xE4u1aUWQTU4brEjJIxdBTDhMSwvlWiuv8InX/rDKXG2EM1u14Xlw6eSyDZ14c21AX9nn1fNicPzyCId2i/f/SLVuwMt+qhRgHdGEKdwjcKADCrICVwpkLOGYxBwpCaNZT0iqJjFVUJ5rRcrx9QNV2dH71soq5ut97WGfcU/KjiEq0549ujYtxOCwJXdOXWzAkN0RfRB8KwtA4sQyuO9AvJKJJVR85EOLvKDaa6tT9nMfGgSMaQGNBR5CduBhhdpmFJpLPxEnc6Ci3IH49AzLcMKNvSj8ib1a4L10zWNl6I2rjdKi37hGf7klXDCHwQ46Bcy75ntamzw1gSuqHig8ocUCJBshh5Cs2/xTL5m0CIfz73JUNv13VoxU2/40gPre8M6aiYwVwnJZ8Sd3wW3VY4NGjGRp7bCI1DEryNtuEMhXWXsKl9jVYdJHGGDhY/fjL7ZZRVXG6O7EQo/+4Ffk72QYltfywLClbDZaPJcu5SBiBJ8om0dhBerYgH4IZmbU4a7bKuVklTDPfGDs5lTEwCTeyTli2+yi3h+cBjl0qg0oB1FjCnP0CViGWBY1nMdBRDgIQqO6LTlMRLYMRsYRQS5Wo0libqy2VE8TbvCIe2qTZkSmuC5nbAZQOLWB/fv4ItjE9DTMnMYDE7X2Bhhhz3UIt7QC+sKrg6obDA5rtEVVeoKguw8dD/Y+WCVt/Af+IZPl1KnE6aeBkI4hYUdVjKPuL9dlr7npfsDGFvoQRD802iOkVXytT7cWFHoW7+NkaVkQfZFj4PCTpSdr5JN0O9I14hX5kkQ3TQgmo72As22+dgob1ataxPQRvYVjlZy7rCa3KHl8AlNAQUlxuaqQqlbH2JOJP/lScf8qJEK0AylHGyYk6Czp1GgfM1YZGQg0hQal7TgQ8hBw4vc3t0Xz8W8hFrp6M1yrBHxgnUtSjeP9JZnSzYilisVoX82Nmip242rt6aDfw1TwH8KZKKqUwPfHuPlfORhyJl9469bbN0T2s3WU/IANz+xwqVOinJkDIPEZFM4uWQ/1ntEBRizutpbHE1yOP9/D9Xgo5/ymQyo
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: ddca9bc1-7304-4945-6600-08dd92cc7766
X-MS-Exchange-CrossTenant-AuthSource: DB8PR02MB5946.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 May 2025 09:48:23.3330 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: f1UeHxOtAMZL0HgSWpc7I0bT3vz0njUK59n4qD3XYDFdXkPdmJvM9i7Kfo2X/Xny
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR02MB10096
Message-ID-Hash: BMGW752HX3S6E27HVTVAUVJZUKCYPIX2
X-Message-ID-Hash: BMGW752HX3S6E27HVTVAUVJZUKCYPIX2
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: WGLC for draft-ietf-openpgp-pqc
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/jrRB5Dclup3fkTcpuFX779O57gY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

Hi Falko,

On 14/05/2025 07:39, Falko Strenzke wrote:
> Hi Stephen,
> 
> see my comments inline.
> 
> Am 14.05.25 um 00:11 schrieb Stephen Farrell:
>>
>> I have a few personal comments below, none of which should delay us
>> in publication. (Unless they resonate much more widely than I expect.)
>>
>> It looks to me (and dkg, based on off-list mail) like we do have
>> consensus to proceed with this, but in chair-mode, we should look back
>> over the  WGLC comments and send a mail to the list to confirm that etc.
>> I think we may want a -09 draft too based on the earlier comments, but
>> should then be good to push ahead.
>>
>> My non-blocking personal comments/queries are below - it is ok to ignore
>> 'em, honest:-)
>>
>> Cheers,
>> S.
>>
>> - I think (but am not 100% sure) we want it to be true that
>>   no implementation makes unexpected multiple uses of any
>> secret or private value at any time. For example, KEM
>> private values when sending a mail to multiple recipients
>> or signature private keys when signing twice with algs
>> 32/33.
>>
> I don't fully understand what you are referring to by "secret or private 
> values" here. For instance, what do you mean by "KEM private values"? Do 
> you mean the key shares from the individual KEMs (e.g. "mlkemKeyShare" 
> in the draft) that are created by the KEM encapsulations or the result 
> of the KEM combiner ("KEK" in the draft)? 

The former.

 > These values are never reused.
 >
> For the encryption / encapsulation only the public keys are input values 
> to the operation. Or do you mean that the corresponding private keys 
> should not share key material?
> 
> In my understanding the only question that needs to be addressed is 
> whether private key material can be reused – for instance a private ML- 
> KEM+X25519 key could in principle share the EC key material with a 
> standalone X25519 key. See my comment below on how the draft deals with 
> that and why.
> 
>> Is that the case?  If so, should we say it (more)
>> explicitly? We almost do say this in a few places, some of
>> which RECOMMEND not re-using, others of which call for
>> "independent" generation. Is this something we could
>> tighten up on without breaking any use-cases? If we do have
>> some real use-case that needs to re-use a secret or private
>> value, (basically other than multiple alg-specific signing
>> private key use), can we describe that as the
>> counter-example to just saying RECOMMENDED rather than MUST
>> NOT?
> 
> Do I understand you correctly that you are OK with keeping the current 
> statement that generating fresh keys is RECOMMENDED but you propose to 
> include an example for the case where keys might be reused?

Correct. Describing the unusual case for a SHOULD or RECOMMENDED
is generally useful if we can.

If the unusual case is really only "needs to re-use private key
from token" that may well be worth saying. If trying to add that
causes a bunch of discussion, then we're probably better off as
we are.

> 
> For the background: Initially, we had precluded key reuse entirely. 
> Based on issue #71 <https://github.com/openpgp-pqc/draft-openpgp-pqc/ 
> issues/71> raised by Justus we weakened the statement to the current 
> form in PR #88 <https://github.com/openpgp-pqc/draft-openpgp-pqc/ 
> pull/88/files>. The concrete use case from Justus was the reuse of an 
> ECC key on a hardware token that is already used as a standalone key and 
> should be reusable in a newly generated PQC-composite key. (So that the 
> user doesn't have to buy or handle to hardware tokens).
> 
> What statement I could imagine to add is to explicitly say that only 
> such reuse of private key material is allowed as in Justus' example, but 
> not the reuse of the private key seeds across algorithm IDs (as you 
> mention for the two SLH-DSA 128bit algorithms, or between any other PQC 
> algorithm where the seed lengths match). Such key reuse seems a bit far- 
> fetched to me, though. Would you prefer that we include such a statement 
> anyhow?

The closer we can get to "never do it unless <X>" the better
I think as it might affect where people put the keygen bit of
code and I'd guess the nearer we get to "keygen, use-key,
clean-up" all being close to one another, the less likely keys
might leak etc.

> 
>>
>> - 2.1: Five is IMO too many signature options. Can we not
>>   reduce that number?  If not (as I suspect, I always lose
>> this argument;-) then it'll help with later document
>> processing if we can document why we need five in e.g. an
>> email, in case someone asks, which they probably will.  (I
>> forget if we covered this specifically in earlier debates
>> sorry, if a reference provides a good answer, that's just
>> fine.)
> 
> First of all, I respectfully disagree that the draft is defining many 
> new algorithms. 

I do realise that people disagree with me about too-many, and
that's ok:-)

> In comparison with LAMPS (as per current draft 
> versions) , this is only a very small subset. Just to give a rough 
> overview: LAMPS defines all 12 SLH-DSA parameters, where OpenPGP defines 
> 3. LAMPS defines ML-DSA and ML-KEM combinations not only with the 
> Edwards curves, but also with NIST and Brainpool curves. Not to mention 
> combinations with RSA.

Yep. You can imagine what I think of that:-)

> 
> Second, we need to keep in mind that due to the decision of defining 
> each security parameter set as a distinct code point, we naturally 
> arrive a more code points than this is the case for the historic 
> algorithms. We only introduce 3 new algorithms, but due to the parameter 
> multiplicity (which is already very restricted in my view) we end up 
> with 2+2+3 = 7 code points.
> 
> Third, I want to remind us that we reduced the number of new algorithms 
> already significantly from the initial proposal (less SLH-DSA code 
> points, removal of Brainpool curves).

Indeed.

Nonetheless, if we can point at some text that justifies each
of the codepoints, that'll be better, because someone is likely
to ask (or to ask to add their fav other one).

Again though, all these comments are non-blocking, so if we
don't have that text, we can live without it and have the
discussion if/when someone asks later.

>> - I didn't check the appendices/examples, but I know others
>>   have (thanks!).  We should also get somoene to confirm on
>> the list that the set of examples in the version we forward
>> for publication are (still) ok, again in an email to the
>> list so we can point to that later.
> As posted on the list by Aron, in the draft repository the test vectors 
> have already changed again, so it makes sense for people to wait for the 
> 09 version for the final check.

Yep, that's likely best.

Cheers,
S.

>>
>> - nit: We use ":=" without definition, and I'd say just
>> "=" would be just as good?
> 
> I personally agree to this proposed change. RFC 9580 also uses "=".
> 
> Best regards,
> Falko
> 
>>
>>
>>
>> _______________________________________________
>> openpgp mailing list --openpgp@ietf.org
>> To unsubscribe send an email toopenpgp-leave@ietf.org

v2.31.3 | Report a Bug | By Email | System Status