IETF Logo Mail Archive

Re: [openpgp] PQC encryption algorithm selection

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 07 February 2024 16:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2AF2C14CEFD for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 08:43:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hbn5iHNVxk9X for <openpgp@ietfa.amsl.com>; Wed, 7 Feb 2024 08:43:35 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2133.outbound.protection.outlook.com [40.107.21.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4724C14CEED for <openpgp@ietf.org>; Wed, 7 Feb 2024 08:43:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FHgNSxGcvbseaWVPmWWt0Ej47BZ79VLmyQcyqeIsH00TZM6xY0MAUVMKmgvpyMPb3vPDwoghe8qaUVkUkDXsv3COv3+qBaWRGshPFpq3IEucC55NgaWOzpD2qwN79xxWWh8gRivuXDr0GH3PpWHZBdVR/BgXeU/aowqoO0gWeqEFwyRitI3vmBqt9wG63GP9QRcx9WkTaFpToFv6ecLPy+23mXkH4i1Ff62TUQs20wK/3k5Zuc027Ci7lDUv0nRJPY0mmVwspWznT79AXsXgyq2eUj2PUXQjvMYzN2kfCCeDRxVYIFKaMgUpqPnZUL9z4W7dO0ynazLHjNlAJAZ4Og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q2fT2Y9naSFimDNQsZPJig3efLJ/WNfTvLzbpKuQQ/4=; b=HDxPoiorgIaktRTdX9s5MoWQ82ejII38ij9i/u0uHDlt7ooVIwjOuoMoVoKpIcP4e5OqlctvXtumzCROMGAVHvd58sR3SFkafMTVgNZ7FFIWVlvFXp52lKDRQW2B7qmovPMGMiPEzmxWxbRtH+HtSV3fskAleSXV0zV4kG+13zB/slRCRuLLqiEBz34q7Z7woimbJg2/EFo6RJP8y+iOJ4Ed3xNx8lrAqr2wF9dkjKGNljUKEJfSlPgdr1xHpZRcDjQcisK94xQ6Qd6OxYR0pdJST6JqSpi3RDtgHQ7wQSSzZyC86gANrkxhGXx4S/RWGWcC9YWfrRbMa5OOW8d2Vw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q2fT2Y9naSFimDNQsZPJig3efLJ/WNfTvLzbpKuQQ/4=; b=QQ+P63H41OqOgGiPWeU7mKj6Yll/SFK6au9c8pAJn8yn9W3cwFNSiBh0LzpE1dZ8yDvMXhLe7yZ0cbKdl3cT8RUxk/WDABs0//aWcM1pT7ap1kI/hb+IoRrNOPsg/zQHmWeTIWBQtJ6S9ImwNUlRlrh3xy4ubHFkAcso6vqzmjMp2oRh7s9LEtJLBMrx/WoGSEwoUSb2AVHuAVwPbeZhDe2pIVOR0DI/UIx+QMCjrb7mLMbdCMagkxaD8pyQuPqZ7fGi3yQTkCsc7REWwHopfEOshhEWEowTPED5aAj3Dn0Kx3urbkerjwx7TxVxN85Q+yWgnO98u0KwhY8fj1zvaQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS4PR02MB8006.eurprd02.prod.outlook.com (2603:10a6:20b:4e1::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36; Wed, 7 Feb 2024 16:43:30 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::29da:8147:6e33:c2b7%4]) with mapi id 15.20.7249.035; Wed, 7 Feb 2024 16:43:30 +0000
Message-ID: <2b734cfc-fd09-4157-8ae4-82ccaf8cc329@cs.tcd.ie>
Date: Wed, 07 Feb 2024 16:43:28 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Aron Wussler <aron@wussler.it>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <WlmG-t8W8gPB6BePADYNwa365fmk6DGf3GF8Q4XZ3Ho1X3h0W9wykE364A6KDLQvU2p-lUKsftm0rQEe8V5p2jTuQgUEOQWOnlnhQJzdsgs=@wussler.it>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <WlmG-t8W8gPB6BePADYNwa365fmk6DGf3GF8Q4XZ3Ho1X3h0W9wykE364A6KDLQvU2p-lUKsftm0rQEe8V5p2jTuQgUEOQWOnlnhQJzdsgs=@wussler.it>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------mk1Xi0ugGllRP3ND6nS9NHX0"
X-ClientProxiedBy: DB3PR08CA0035.eurprd08.prod.outlook.com (2603:10a6:8::48) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS4PR02MB8006:EE_
X-MS-Office365-Filtering-Correlation-Id: b9a1ba73-0d9c-4e6d-c40a-08dc27fbea18
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: FZvqzFHPy/CtzhlT0cmESzj/TuEfrZ6FpW+wSCR4rfaJ0Lo/MKrC7z1pmzEJ3EAhM9gqOC+OYtKDIibybz+fxzjVc/zYGZxYGshQXo/OmFGGyCleTQbXxAtQGc1i0YZsBCYzAH3N1vROI6prMQ0azIxHIzF+fbYcKgZ5rNHo/iPuFZwPc/wxuXUUu5UXPPWC36SNJ1L8swEQ5S2pluvxtMKGl8a+3Badnb9CQXLVx1Sr38khS9sSJq1ZDjndXI8eZrTH51oNbHw1Q9OAJIsrwxPhg1038x21MsAXpJVT+uYvfjtNKermQ1ExVAq4OzMcwg4AMchVOKRzb+B1Z7oE1SNdqbsZVyDbIPPd15EM5PT89pbQr1mr7ZeMGkSWx1gAL2mwF+yr4nvC5Vs/2mJ5dBYTThXzkUyQrX1rrXXgroioU8cXaO3j35Yb7/ddfu1xQum6iEG0Csnru9OmRY9voKKL2RwwvCg6dxLDkdPS30D31QZL9ei0DzYbPKNLwSQWI7X7IY4SvaFTRUekmYmof5xSlvnxDJ9uX3aTX+PvXjKh7sspayM5FaARqi8GUzpp+ktoY3gZ1IwCJZCUcHsh684jUqNjCkiTmZHbHA1/FE5GCjf0I2BHi6scSzoJPWjJ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(396003)(376002)(136003)(346002)(230922051799003)(64100799003)(186009)(1800799012)(451199024)(31686004)(38100700002)(21480400003)(83380400001)(26005)(6512007)(8936002)(36756003)(8676002)(41300700001)(6506007)(33964004)(2616005)(53546011)(6486002)(786003)(66556008)(86362001)(966005)(66476007)(5660300002)(2906002)(110136005)(66946007)(316002)(478600001)(31696002)(235185007)(44832011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: WXNDzJTlqc69+uV3pVmSBINBlYqEjjxtEZfm0f8us3X9beUf8XNgs7hkWJpicf8dkfD+qQihorqNHMQUM3yeaTrGNR8NWn6IHhlvV8loUcGrdCYPr+IjOw73FeG7c5W7Y02KFryQ25E5NW71LJ3j1zyM072khIKuFi1a9jak4xa/BNg0cWw3frhNJGuAab4ZHWV89BlzY8VHeDXaV8h4JCXSUF2svRjkqnjNDYGPiUb3sNOVOATOEN2J3KQUozXoetQNhW24QxiRGfERkNoJz+52CJeH2v42a5XQujRKpg7CdiTpVy02hj+C79McUdLXJ4nYBa+MuFBTmLSffcaApbFk0VuhFDLFxlF9hwopEAgcuC67FeGoQandD+OCYWmmcER4MdWAPt9iiFLzfsIVk4FbJm4lz+xHuA2uOcEnJqeKMbQ6ZwuKpG/QRUldvxhMd+Q2UxgB9/XcNdaQrpYWFxO/GrRK81VrZ7S/gUFX9v0hjGIFJ7rw+ivLSZT9dA+hGWk/Ihe+WJsaYTThRZL+KUV8c+EYbv+1AsWnOaAJfMgjSbEMzYz1aBIg6x2YSc7eJNmeCxixVDjSgaS8QHhIfdSAXQxPU78mv6XwohbU/ylRs6gk4N/gbbGxB/CtejfTJxz9Vo6aVAbzlwwZSF+S8ziwx21tSEh99lm/u9QFu769LTXqSHkZ473BXo122BM10PTrUtymJ4W4GFEe7y8r++bXxTDCd4KKCANsKF/PG3s7Y+TZIlWVei1dNo8pUwdETXhvXR0dO6+UW8UJMYObeye5bkCgh2vbFmyD/mT+vwSj9UXWUhtI2jwh+9Q0lXMkdIO4e/jKgrs9rRV3EtG0n5Zoa/1d1/hncxohmnYM2iWASNxUMwTA+m75zKO/RQoqIUV4NhQF0SS7ZssvWeNitLB8pDUkcE/Kub2VhMc1qEGDF6N6DAaIvDF0Wub8n73LHdMhou5Rpw22wFApI80odqilgEI1wGx2pLlSmdh78Pr5qO11E4/AZuMuTkDBeOmmqcuCpRZY5Xgn7/AiAvGTKrO0dHRPbSLT9yXpUznvZQtxDCteatYGTuiKsWqSqP1W4vpUQqc+taWGuxJ9rYFGO1VVl0vt4T8iyZEn+SqWlYmGC7thMjK5wvOb+dkb46rtRxmDEKGZT4i1tLLJofioZo3XIF+pNqcHrj+ViC3ro68MO0tJ/5zJYmb0W1B41W3ufZkXvGRWZONZDkHDGgP6qv99et+fX+dzIe2XG8UPx/CpCiZI4ZeXJ2KOE1p19QmqMiuXJlvksrIcQwTqZJw9oa3ajCh4SqtpimdWGid/pFVlRdWMWP4iWjGim9CCWPTwShh2nTdytIKKmZpm82e7U1Z8AhHil48Pp0Tisu0+Jb4m/nWXfcc0+1mRx1xI/+Rv8TrKcrnoBpjasEyl5e8jtmBE6ckxtfOLe8YDf4IaAeQYzMpDPf/ap7zEfD/3xjEjlBWF5m3B1wlUD+bZB1myC7Eyw5/XYjOt3M8pz9BQfWLE7ZHLbIE3QmbJob11/IH57zxcYDs7l3/h4PSiLlqFhvSAOOTxFU4lAQTe4R7y5R/HSn3SRfAh801ALQ9n5e0V
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: b9a1ba73-0d9c-4e6d-c40a-08dc27fbea18
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2024 16:43:30.0129 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ewqLHuuR2eULYpoLtlkHzIxekoRHUGyzn4osoXNOqm1M4DRrR6vYEkVX/P1b04bM
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB8006
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vD5EtQ3XXBLH17LdnzezbyAL-Hk>
Subject: Re: [openpgp] PQC encryption algorithm selection
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 16:43:39 -0000

Hiya,

A purely process-oriented comment: I hope that
people aren't going to take the IDs below as if
those have been allocated by IANA already (as
they've not).

It might be better if we adopt use of the 100-110
range for private/experimental values for the
present, until the choices settle down some more.

If that's ok, I'd ask the authors to please make
that change when they next revise the I-D. And
maybe add a bit of text to the effect that one
ought expect the final codepoints to differ and
that different draft versions may also change
things.

If that's not ok, please say why. (Bearing in
mind this is a 1 octet value, so we don't want
to burn a bunch of codepoints as we develop
the specs.)

But either way, please don't assume that IDs
from the current draft will be those that end
up in an RFC. (And the same goes for all other
codepoint allocations.)

Once things do settle down, we can ask for an
early allocation so that we don't need to wait
for the RFC before getting codepoints for later
interop testing.

Thanks,
S.

PS: Sorry I didn't spot this as we did the
adoption call.

On 07/02/2024 11:39, Aron Wussler wrote:
> Hi everyone,
> 
> In the next weeks, before IETF 119, we'd like to collect feedback about the algorithm selection implemented in the draft [1]. We're interested in presenting some vectors for the next meeting. It would be great if you could provide feedback by March 1st.
> 
> To keep the discussion focused we're going to start from the encryption algorithm selection, KEM combiners will follow (since it may also depend on the algorithm selection). Digital signatures will also follow in another thread.
> 
> Right now, we have the following list of algorithms (in table 1)
>      +====+===============================+=============+=============+
>      | ID | Algorithm                     | Requirement | Definition  |
>      +====+===============================+=============+=============+
>      | 29 | ML-KEM-768 + X25519           | MUST        | Section 5.2 |
>      +----+-------------------------------+-------------+-------------+
>      | 30 | ML-KEM-1024 + X448            | SHOULD      | Section 5.2 |
>      +----+-------------------------------+-------------+-------------+
>      | 31 | ML-KEM-768 + ECDH-NIST-P-256  | MAY         | Section 5.2 |
>      +----+-------------------------------+-------------+-------------+
>      | 32 | ML-KEM-1024 + ECDH-NIST-P-384 | MAY         | Section 5.2 |
>      +----+-------------------------------+-------------+-------------+
>      | 33 | ML-KEM-768 + ECDH-            | MAY         | Section 5.2 |
>      |    | brainpoolP256r1               |             |             |
>      +----+-------------------------------+-------------+-------------+
>      | 34 | ML-KEM-1024 + ECDH-           | MAY         | Section 5.2 |
>      |    | brainpoolP384r1               |             |             |
>      +----+-------------------------------+-------------+-------------+
> 
> Please provide feedback on the algorithms, and if you think they should be "MUST", "SHOULD", or "MAY". The proposed list is derived from the results of the NIST standardization process, hybrid with the curves already supported from OpenPGP for compliance purposes.
> 
> Finally, please note that this is not the sole opportunity to standardize PQC algorithms: as of the crypto-refresh, new algorithms will need a specification and designated expert review, and not an RFC.
> 
> Cheers and thanks,
> Aron
> 
> 
> [1] https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-00.html#name-algorithm-specifications
> 
> --
> Aron Wussler
> Sent with ProtonMail, OpenPGP key 0x7E6761563EFE3930
> 
> 
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email