Re: [openpgp] PQC encryption algorithm selection
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 07 February 2024 16:43 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2AF2C14CEFD for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 08:43:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hbn5iHNVxk9X for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 08:43:35 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2133.outbound.protection.outlook.com [40.107.21.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4724C14CEED for <openpgp@ietf.org>; Wed, 7 Feb 2024 08:43:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FHgNSxGcvbseaWVPmWWt0Ej47BZ79VLmyQcyqeIsH00TZM6xY0MAUVMKmgvpyMPb3vPDwoghe8qaUVkUkDXsv3COv3+qBaWRGshPFpq3IEucC55NgaWOzpD2qwN79xxWWh8gRivuXDr0GH3PpWHZBdVR/BgXeU/aowqoO0gWeqEFwyRitI3vmBqt9wG63GP9QRcx9WkTaFpToFv6ecLPy+23mXkH4i1Ff62TUQs20wK/3k5Zuc027Ci7lDUv0nRJPY0mmVwspWznT79AXsXgyq2eUj2PUXQjvMYzN2kfCCeDRxVYIFKaMgUpqPnZUL9z4W7dO0ynazLHjNlAJAZ4Og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q2fT2Y9naSFimDNQsZPJig3efLJ/WNfTvLzbpKuQQ/4=; b=HDxPoiorgIaktRTdX9s5MoWQ82ejII38ij9i/u0uHDlt7ooVIwjOuoMoVoKpIcP4e5OqlctvXtumzCROMGAVHvd58sR3SFkafMTVgNZ7FFIWVlvFXp52lKDRQW2B7qmovPMGMiPEzmxWxbRtH+HtSV3fskAleSXV0zV4kG+13zB/slRCRuLLqiEBz34q7Z7woimbJg2/EFo6RJP8y+iOJ4Ed3xNx8lrAqr2wF9dkjKGNljUKEJfSlPgdr1xHpZRcDjQcisK94xQ6Qd6OxYR0pdJST6JqSpi3RDtgHQ7wQSSzZyC86gANrkxhGXx4S/RWGWcC9YWfrRbMa5OOW8d2Vw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q2fT2Y9naSFimDNQsZPJig3efLJ/WNfTvLzbpKuQQ/4=; b=QQ+P63H41OqOgGiPWeU7mKj6Yll/SFK6au9c8pAJn8yn9W3cwFNSiBh0LzpE1dZ8yDvMXhLe7yZ0cbKdl3cT8RUxk/WDABs0//aWcM1pT7ap1kI/hb+IoRrNOPsg/zQHmWeTIWBQtJ6S9ImwNUlRlrh3xy4ubHFkAcso6vqzmjMp2oRh7s9LEtJLBMrx/WoGSEwoUSb2AVHuAVwPbeZhDe2pIVOR0DI/UIx+QMCjrb7mLMbdCMagkxaD8pyQuPqZ7fGi3yQTkCsc7REWwHopfEOshhEWEowTPED5aAj3Dn0Kx3urbkerjwx7TxVxN85Q+yWgnO98u0KwhY8fj1zvaQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS4PR02MB8006.eurprd02.prod.outlook.com (2603:10a6:20b:4e1::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36; Wed, 7 Feb 2024 16:43:30 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7249.035; Wed, 7 Feb 2024 16:43:30 +0000
Message-ID: <2b734cfc-fd09-4157-8ae4-82ccaf8cc329@cs.tcd.ie>
Date: Wed, 07 Feb 2024 16:43:28 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <WlmG-t8W8gPB6BePADYNwa365fmk6DGf3GF8Q4XZ3Ho1X3h0W9wykE364A6KDLQvU2p-lUKsftm0rQEe8V5p2jTuQgUEOQWOnlnhQJzdsgs=@wussler.it>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <WlmG-t8W8gPB6BePADYNwa365fmk6DGf3GF8Q4XZ3Ho1X3h0W9wykE364A6KDLQvU2p-lUKsftm0rQEe8V5p2jTuQgUEOQWOnlnhQJzdsgs=@wussler.it>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------mk1Xi0ugGllRP3ND6nS9NHX0"
X-ClientProxiedBy: DB3PR08CA0035.eurprd08.prod.outlook.com (2603:10a6:8::48) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS4PR02MB8006:EE_
X-MS-Office365-Filtering-Correlation-Id: b9a1ba73-0d9c-4e6d-c40a-08dc27fbea18
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FZvqzFHPy/CtzhlT0cmESzj/TuEfrZ6FpW+wSCR4rfaJ0Lo/MKrC7z1pmzEJ3EAhM9gqOC+OYtKDIibybz+fxzjVc/zYGZxYGshQXo/OmFGGyCleTQbXxAtQGc1i0YZsBCYzAH3N1vROI6prMQ0azIxHIzF+fbYcKgZ5rNHo/iPuFZwPc/wxuXUUu5UXPPWC36SNJ1L8swEQ5S2pluvxtMKGl8a+3Badnb9CQXLVx1Sr38khS9sSJq1ZDjndXI8eZrTH51oNbHw1Q9OAJIsrwxPhg1038x21MsAXpJVT+uYvfjtNKermQ1ExVAq4OzMcwg4AMchVOKRzb+B1Z7oE1SNdqbsZVyDbIPPd15EM5PT89pbQr1mr7ZeMGkSWx1gAL2mwF+yr4nvC5Vs/2mJ5dBYTThXzkUyQrX1rrXXgroioU8cXaO3j35Yb7/ddfu1xQum6iEG0Csnru9OmRY9voKKL2RwwvCg6dxLDkdPS30D31QZL9ei0DzYbPKNLwSQWI7X7IY4SvaFTRUekmYmof5xSlvnxDJ9uX3aTX+PvXjKh7sspayM5FaARqi8GUzpp+ktoY3gZ1IwCJZCUcHsh684jUqNjCkiTmZHbHA1/FE5GCjf0I2BHi6scSzoJPWjJ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(396003)(376002)(136003)(346002)(230922051799003)(64100799003)(186009)(1800799012)(451199024)(31686004)(38100700002)(21480400003)(83380400001)(26005)(6512007)(8936002)(36756003)(8676002)(41300700001)(6506007)(33964004)(2616005)(53546011)(6486002)(786003)(66556008)(86362001)(966005)(66476007)(5660300002)(2906002)(110136005)(66946007)(316002)(478600001)(31696002)(235185007)(44832011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: WXNDzJTlqc69+uV3pVmSBINBlYqEjjxtEZfm0f8us3X9beUf8XNgs7hkWJpicf8dkfD+qQihorqNHMQUM3yeaTrGNR8NWn6IHhlvV8loUcGrdCYPr+IjOw73FeG7c5W7Y02KFryQ25E5NW71LJ3j1zyM072khIKuFi1a9jak4xa/BNg0cWw3frhNJGuAab4ZHWV89BlzY8VHeDXaV8h4JCXSUF2svRjkqnjNDYGPiUb3sNOVOATOEN2J3KQUozXoetQNhW24QxiRGfERkNoJz+52CJeH2v42a5XQujRKpg7CdiTpVy02hj+C79McUdLXJ4nYBa+MuFBTmLSffcaApbFk0VuhFDLFxlF9hwopEAgcuC67FeGoQandD+OCYWmmcER4MdWAPt9iiFLzfsIVk4FbJm4lz+xHuA2uOcEnJqeKMbQ6ZwuKpG/QRUldvxhMd+Q2UxgB9/XcNdaQrpYWFxO/GrRK81VrZ7S/gUFX9v0hjGIFJ7rw+ivLSZT9dA+hGWk/Ihe+WJsaYTThRZL+KUV8c+EYbv+1AsWnOaAJfMgjSbEMzYz1aBIg6x2YSc7eJNmeCxixVDjSgaS8QHhIfdSAXQxPU78mv6XwohbU/ylRs6gk4N/gbbGxB/CtejfTJxz9Vo6aVAbzlwwZSF+S8ziwx21tSEh99lm/u9QFu769LTXqSHkZ473BXo122BM10PTrUtymJ4W4GFEe7y8r++bXxTDCd4KKCANsKF/PG3s7Y+TZIlWVei1dNo8pUwdETXhvXR0dO6+UW8UJMYObeye5bkCgh2vbFmyD/mT+vwSj9UXWUhtI2jwh+9Q0lXMkdIO4e/jKgrs9rRV3EtG0n5Zoa/1d1/hncxohmnYM2iWASNxUMwTA+m75zKO/RQoqIUV4NhQF0SS7ZssvWeNitLB8pDUkcE/Kub2VhMc1qEGDF6N6DAaIvDF0Wub8n73LHdMhou5Rpw22wFApI80odqilgEI1wGx2pLlSmdh78Pr5qO11E4/AZuMuTkDBeOmmqcuCpRZY5Xgn7/AiAvGTKrO0dHRPbSLT9yXpUznvZQtxDCteatYGTuiKsWqSqP1W4vpUQqc+taWGuxJ9rYFGO1VVl0vt4T8iyZEn+SqWlYmGC7thMjK5wvOb+dkb46rtRxmDEKGZT4i1tLLJofioZo3XIF+pNqcHrj+ViC3ro68MO0tJ/5zJYmb0W1B41W3ufZkXvGRWZONZDkHDGgP6qv99et+fX+dzIe2XG8UPx/CpCiZI4ZeXJ2KOE1p19QmqMiuXJlvksrIcQwTqZJw9oa3ajCh4SqtpimdWGid/pFVlRdWMWP4iWjGim9CCWPTwShh2nTdytIKKmZpm82e7U1Z8AhHil48Pp0Tisu0+Jb4m/nWXfcc0+1mRx1xI/+Rv8TrKcrnoBpjasEyl5e8jtmBE6ckxtfOLe8YDf4IaAeQYzMpDPf/ap7zEfD/3xjEjlBWF5m3B1wlUD+bZB1myC7Eyw5/XYjOt3M8pz9BQfWLE7ZHLbIE3QmbJob11/IH57zxcYDs7l3/h4PSiLlqFhvSAOOTxFU4lAQTe4R7y5R/HSn3SRfAh801ALQ9n5e0V
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: b9a1ba73-0d9c-4e6d-c40a-08dc27fbea18
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2024 16:43:30.0129 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ewqLHuuR2eULYpoLtlkHzIxekoRHUGyzn4osoXNOqm1M4DRrR6vYEkVX/P1b04bM
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB8006
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vD5EtQ3XXBLH17LdnzezbyAL-Hk>
Subject: Re: [openpgp] PQC encryption algorithm selection
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 16:43:39 -0000
Hiya, A purely process-oriented comment: I hope that people aren't going to take the IDs below as if those have been allocated by IANA already (as they've not). It might be better if we adopt use of the 100-110 range for private/experimental values for the present, until the choices settle down some more. If that's ok, I'd ask the authors to please make that change when they next revise the I-D. And maybe add a bit of text to the effect that one ought expect the final codepoints to differ and that different draft versions may also change things. If that's not ok, please say why. (Bearing in mind this is a 1 octet value, so we don't want to burn a bunch of codepoints as we develop the specs.) But either way, please don't assume that IDs from the current draft will be those that end up in an RFC. (And the same goes for all other codepoint allocations.) Once things do settle down, we can ask for an early allocation so that we don't need to wait for the RFC before getting codepoints for later interop testing. Thanks, S. PS: Sorry I didn't spot this as we did the adoption call. On 07/02/2024 11:39, Aron Wussler wrote: > Hi everyone, > > In the next weeks, before IETF 119, we'd like to collect feedback about the algorithm selection implemented in the draft [1]. We're interested in presenting some vectors for the next meeting. It would be great if you could provide feedback by March 1st. > > To keep the discussion focused we're going to start from the encryption algorithm selection, KEM combiners will follow (since it may also depend on the algorithm selection). Digital signatures will also follow in another thread. > > Right now, we have the following list of algorithms (in table 1) > +====+===============================+=============+=============+ > | ID | Algorithm | Requirement | Definition | > +====+===============================+=============+=============+ > | 29 | ML-KEM-768 + X25519 | MUST | Section 5.2 | > +----+-------------------------------+-------------+-------------+ > | 30 | ML-KEM-1024 + X448 | SHOULD | Section 5.2 | > +----+-------------------------------+-------------+-------------+ > | 31 | ML-KEM-768 + ECDH-NIST-P-256 | MAY | Section 5.2 | > +----+-------------------------------+-------------+-------------+ > | 32 | ML-KEM-1024 + ECDH-NIST-P-384 | MAY | Section 5.2 | > +----+-------------------------------+-------------+-------------+ > | 33 | ML-KEM-768 + ECDH- | MAY | Section 5.2 | > | | brainpoolP256r1 | | | > +----+-------------------------------+-------------+-------------+ > | 34 | ML-KEM-1024 + ECDH- | MAY | Section 5.2 | > | | brainpoolP384r1 | | | > +----+-------------------------------+-------------+-------------+ > > Please provide feedback on the algorithms, and if you think they should be "MUST", "SHOULD", or "MAY". The proposed list is derived from the results of the NIST standardization process, hybrid with the curves already supported from OpenPGP for compliance purposes. > > Finally, please note that this is not the sole opportunity to standardize PQC algorithms: as of the crypto-refresh, new algorithms will need a specification and designated expert review, and not an RFC. > > Cheers and thanks, > Aron > > > [1] https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-00.html#name-algorithm-specifications > > -- > Aron Wussler > Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930 > > > _______________________________________________ > openpgp mailing list > openpgp@ietf.org > https://www.ietf.org/mailman/listinfo/openpgp
- [openpgp] PQC encryption algorithm selection Aron Wussler
- Re: [openpgp] PQC encryption algorithm selection Simo Sorce
- Re: [openpgp] PQC encryption algorithm selection Bart Butler
- Re: [openpgp] PQC encryption algorithm selection Simon Josefsson
- Re: [openpgp] PQC encryption algorithm selection Stephen Farrell
- Re: [openpgp] PQC encryption algorithm selection Paul Wouters
- [openpgp] Fw: Re: PQC encryption algorithm select… Aron Wussler
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor
- Re: [openpgp] PQC encryption algorithm selection Aron Wussler
- Re: [openpgp] PQC encryption algorithm selection Daniel Huigens
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor
- Re: [openpgp] PQC encryption algorithm selection Stephen Farrell
- Re: [openpgp] PQC encryption algorithm selection Falko Strenzke
- Re: [openpgp] PQC encryption algorithm selection iang
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor
- Re: [openpgp] PQC encryption algorithm selection Kousidis, Stavros
- Re: [openpgp] PQC encryption algorithm selection Justus Winter
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor
- Re: [openpgp] PQC encryption algorithm selection Johannes Roth
- Re: [openpgp] PQC encryption algorithm selection Daniel Kahn Gillmor