Re: [Pqc] Mapping the state of PQC and IETF

[Hannes Tschofenig <Hannes.Tschofenig@gmx.net>]

Let me give you another example.

 

Should the SUIT manifest draft be added to the list because it can use HSS-LMS? In fact, HSS-LMS, as a hash-based signature scheme, fits the firmware update use case well since the size of the signature is small compared to the firmware update itself. With the recent announcement from the NSA in https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF the use of hash-based signatures for software- and firmware-signing is even recommended.

 

Still, I wouldn't list the SUIT manifest since you will run into the problem Mike was given below. It is probably more useful to ask each working group how the use of PQC algorithms will impact their protocols. Most groups have looked into this already.

 

Ciao

Hannes

 

Gesendet: Dienstag, 28. Februar 2023 um 17:08 Uhr
Von: "Kampanakis, Panos" <kpanos@amazon.com>
An: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, "pqc@ietf.org" <pqc@ietf.org>
Betreff: RE: [Pqc] Mapping the state of PQC and IETF

> draft-kampanakis-tls-scas, for example, is about reducing the size of the TLS handshake. It conveniently uses PQC as a motivation but there have been many efforts before that tried to accomplish TLS handshake size reduction before and you wouldn't want to list all of them as well.

Indeed.
I wish the previous mechanisms worked in the PQ auth context because it is an uphill battle to convince the TLS WG that ICA suppression is the most straightforward option we have.


-----Original Message-----
From: Pqc <pqc-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Tuesday, February 28, 2023 6:36 AM
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; Sofía Celi <cherenkov@riseup.net>; pqc@ietf.org
Subject: RE: [EXTERNAL][Pqc] [EXTERNAL] Mapping the state of PQC and IETF

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Mike, you bring up a good point.

draft-kampanakis-tls-scas, for example, is about reducing the size of the TLS handshake. It conveniently uses PQC as a motivation but there have been many efforts before that tried to accomplish TLS handshake size reduction before and you wouldn't want to list all of them as well.


Am 28.02.2023 um 01:16 schrieb Mike Ounsworth:
> Wicked, thanks for starting this github page!
>
> I started this thread asking for, I guess, the converse of this document: IETF (Sec Area) protocols that DON'T need a PQ draft.
>
> For example: SCEP (RFC 8894) does not itself specify any crypto, but embeds CMS (RFC 5652) and PKCS #10 (RFC 2986).
>
> ACME embeds JOSE/JWS (RFC 7515) and PKCS #10 (RFC 2986).
>
> Etc.
>
> It would probably be a service to the community to document those on the PQUIP github page so that people know that "Do Nothing" is the correct action. Basically, every Sec Area protocol probably needs to be on that page under either "Action Needed" or "Action Not Needed". Since I suggested it, I guess I just volunteered to put in a PR starting that table. Barring $distraction, I'll try and get something tonight.
>
> ---
> Mike Ounsworth
>
> -----Original Message-----
> From: Pqc <pqc-bounces@ietf.org> On Behalf Of Sofía Celi
> Sent: Monday, February 27, 2023 9:47 AM
> To: pqc@ietf.org
> Subject: [EXTERNAL] [Pqc] Mapping the state of PQC and IETF
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
>
> ______________________________________________________________________
> Dear, list,
>
> We have started work on mapping the state of PQC (if any draft or RFC
> exists) in the different IETF protocols/WG and IRTF groups:
> https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$" target="_blank" rel="nofollow">https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$ to keep track of where everything is at. Feel free to contribute by sending a PR. We hope this list is useful to many.
>
> Thank you,
>
> Sofía and Paul
>
> --
> Sofía Celi
> @claucece
> Cryptographic research and implementation at many places, specially Brave.
> Chair of hprc at IRTF and anti-fraud at W3C.
> Reach me out at: cherenkov@riseup.net
> Website:
> https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ" target="_blank" rel="nofollow">https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ
> OUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5n
> c3Q4sNLmg_1qK50$ 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6
>
> --
> Pqc mailing list
> Pqc@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_" target="_blank" rel="nofollow">https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_
> _;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCm
> cAqqjMkCcu9ThT9UN5nc3Q4sNLm2Xw6TiA$
> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

--
Pqc mailing list
Pqc@ietf.org
https://www.ietf.org/mailman/listinfo/pqc" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/pqc