[openpgp] Re: ML-KEM and ML-DSA secret key format
Andrew Gallagher <andrewg@andrewg.com> Sun, 02 March 2025 10:43 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 139ED4CDD4C for <openpgp@mail2.ietf.org>; Sun, 2 Mar 2025 02:43:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CciukJFFgD9v for <openpgp@mail2.ietf.org>; Sun, 2 Mar 2025 02:43:56 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D8B3B4CDD3C for <openpgp@ietf.org>; Sun, 2 Mar 2025 02:43:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1740912234; bh=iY56Y2MFjcD7s5YKXnlwfcJzKkszee2yTr8/9HHsBcE=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=OvVj1hEpJJ7T5mjUl8QqIbAYJ4JgVu0Ma6osfh6Kh/mICidxTkkc2mdaYUYyMjSeN jzsueF4T52yxZNqI3yB+2Q6CVTybHd4W4zyOfDwcx53X8fi9zvUZTLnre/4HjFD3rr wmxvQs9iYe0qO8/BcnOXAJLwt2l1bCygBK+JtIVn1XKyq+2h6DE5c7LQ+F/5wWG5p3 qkEmb04XifjruGLhKe8iSVqgtlx+BL/n4U0fD/dWlRGSL6E85Z8+I8EZs2UK8TIL1F duSZOwsUQ77JIl5LRTqH6VpQltOioVPP+QeV7zLFBInYh+rUDKHZ4INUZmM4iWbptG 8Y8YHEiUNLQsw==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 152D85E0D0; Sun, 2 Mar 2025 10:43:54 +0000 (UTC)
From: Andrew Gallagher <andrewg@andrewg.com>
Message-Id: <4CD8B71E-1323-4C42-98EC-81858440C7BE@andrewg.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_65B94682-BDC6-4690-9E02-1B75EDF42D09"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.9\))
Date: Sun, 02 Mar 2025 10:43:35 +0000
In-Reply-To: <25586bad-ade4-4745-9077-63deebdb5937@posteo.de>
To: Heiko Schäfer <heiko.schaefer@posteo.de>
References: <vN75HSFXALBJQMd1A60IEhI_gqmw27cvjvVTK6APPoK-NjROf5a0KTPiRtUC3G04hrX_pb1Yzpu7n2R90yIVYbqJZpRPkkyxLbH6cy7tpjw=@wussler.it> <9ca7ac72-e56b-4ac8-a894-44e31718c046@cs.tcd.ie> <oa-f1kLfj5SY47NIE1x6kqQxWfe-oQZUOsKevSWMfmafdVuLPL06GEWJR9wIjny9tb6FuaGd98pTESiVGrHP2tzWTCYgg_chitIqcGF2Eks=@wussler.it> <2d1d43103913268d6a6e4d1257ff6c842535ac51.camel@redhat.com> <Vng9thV-ERMDuIUawJIDLdf1BWWMl_fIBrSnEYJJ_aEVtw3VM-450tDZEZp0WXgzVokxcawyKPpcuRyqbdzDaL9NN5mJJogYPsQjiynVygI=@wussler.it> <2484.1740769703@obiwan.sandelman.ca> <dyqPyn1cRMvwM3rEiTJjgrPDFCQYaiJx9j9cP4NCpUB-9SxCXLvx2hMP3qOI4BkC-fAJVYp7BRBquo2so7eNkuj-nPcBpKdBNba31Oy9YqE=@protonmail.com> <25586bad-ade4-4745-9077-63deebdb5937@posteo.de>
X-Mailer: Apple Mail (2.3731.700.6.1.9)
Message-ID-Hash: DNMWZLISSF4QTZZK7GRWZGBQTZSUSRAJ
X-Message-ID-Hash: DNMWZLISSF4QTZZK7GRWZGBQTZSUSRAJ
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: ML-KEM and ML-DSA secret key format
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vlhHoBFhB6R5UTddWjGHBOpgxhs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi, Heiko. > On 2 Mar 2025, at 10:37, Heiko Schäfer <heiko.schaefer@posteo.de> wrote: > > Separately, like Daniel, I think we should not try to support the exotic use case of exporting private key material from some other type of HSM and transforming it into OpenPGP framing. Expending format-complexity on this use case seems like a bad tradeoff to me. Speaking as someone who has wrangled hardware HSMs on behalf of corporate clients in the past, the export format of such devices is not normally optimised for transformation into a software-backed store. The only operation normally supported is importing the blob into an identical device from the same manufacturer. I am sure it is possible to reverse-engineer an HSM exported vault to extract the secrets, but I would strongly discourage anyone (and particularly a large corporate client) from attempting to do so. Supporting such a use case in the OpenPGP spec will only encourage bad security practice IMO. A
- [openpgp] ML-KEM and ML-DSA secret key format Aron Wussler
- [openpgp] Re: ML-KEM and ML-DSA secret key format Stephen Farrell
- [openpgp] Re: ML-KEM and ML-DSA secret key format Aron Wussler
- [openpgp] Re: ML-KEM and ML-DSA secret key format Simo Sorce
- [openpgp] Re: ML-KEM and ML-DSA secret key format Aron Wussler
- [openpgp] Re: ML-KEM and ML-DSA secret key format Simo Sorce
- [openpgp] Re: ML-KEM and ML-DSA secret key format Michael Richardson
- [openpgp] Re: ML-KEM and ML-DSA secret key format Daniel Huigens
- [openpgp] Re: ML-KEM and ML-DSA secret key format Heiko Schäfer
- [openpgp] Re: ML-KEM and ML-DSA secret key format Andrew Gallagher