IETF Logo Mail Archive

Re: [Pqc] PQC X.509 115 Hackathon

Michael Baentsch <info@baentsch.ch> Thu, 20 October 2022 07:29 UTC

Return-Path: <info@baentsch.ch>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56077C14F733 for <pqc@ietfa.amsl.com>; Thu, 20 Oct 2022 00:29:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoCGv5TkFYB3 for <pqc@ietfa.amsl.com>; Thu, 20 Oct 2022 00:28:59 -0700 (PDT)
Received: from www14.servertown.ch (www14.servertown.ch [IPv6:2a00:41c0:94:231:94::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A087DC1522CC for <pqc@ietf.org>; Thu, 20 Oct 2022 00:28:57 -0700 (PDT)
Received: from [IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9] (unknown [IPv6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]) by www14.servertown.ch (Postfix) with ESMTPSA id 80B5816249D1 for <pqc@ietf.org>; Thu, 20 Oct 2022 09:28:53 +0200 (CEST)
Authentication-Results: www14.servertown.ch; spf=pass (sender IP is 2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9) smtp.mailfrom=info@baentsch.ch smtp.helo=[IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]
Received-SPF: pass (www14.servertown.ch: connection is authenticated)
Content-Type: multipart/alternative; boundary="------------qDJA8kWUPQwqivMatlZsANGW"
Message-ID: <e1334090-e90d-3e4b-9e12-ae67832f02b9@baentsch.ch>
Date: Thu, 20 Oct 2022 09:28:53 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
References: <mailman.2833.1665659925.15745.pqc@ietf.org>
From: Michael Baentsch <info@baentsch.ch>
To: pqc@ietf.org
In-Reply-To: <mailman.2833.1665659925.15745.pqc@ietf.org>
X-PPP-Message-ID: <166625093411.36012.8410771666837610230@www14.servertown.ch>
X-PPP-Vhost: baentsch.ch
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/4wHi0ewRRLjY3SfedJEPDxbbIbA>
Subject: Re: [Pqc] PQC X.509 115 Hackathon
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 07:29:04 -0000

Am 13.10.22 um 13:18 schrieb pqc-request@ietf.org:
>
> Hi LAMPS and people interested in PQC!
>
> As suggested at 114, my colleague John Gray and I would like to do a 
> 115 Hackathon on PQ keys and signatures in X.509 / PKIX.
>
> We are suggesting to play with Dilithium, Falcon, Sphincs+, and 
> Composite signing algorithms in Certs, CRLs, CSRs, PKCS#12s, CMS 
> SignedData, maybe OCSP Responses, maybe Timestamping, maybe CMP. We 
> can bring: the Entrust Toolkit (which we can hack at), Bounce Castle, 
> OpenQuantumSafe-openssl, OpenCA (easier if Max Pala is there, but we 
> can probably figure out how to build it).
>
> The point of the hackathon, I think, is going to be OIDs, and public 
> key / private key formats (ex.: the differences between Dilithium and 
> Falcon encodings in draft-uni-qsckeys, and 
> draft-massimo-lamps-pq-sig-certificates).
>
> Question 1: are others interested in joining us at the hackathon? (no 
> point is signing up for a hackathon spot if we’re the only ones there)
>
> Question 2: whether or not you're joining, what PQ X.509 / PKIX things 
> would you like to see working with Dilithium, Falcon, Sphincs+, Composite?
>
> ---
> Mike Ounsworth
> Software Security Architect, Entrust
>
The above is a great initiative that we understand to be a bit late to 
voice support for. So please take the below as a statement of interest 
and FWIW & FYI:

Q2: oqsprovider is an OpenSSL3 provider plugin able to support plain and 
composite PQ algorithms. It aims to  provide interoperability at all 
levels of TLS(1.3) without the need to fork OpenSSL. It has been 
especially equipped to support interop testing at various levels: See 
mechanisms supported at 
https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md

Build information: 
https://github.com/open-quantum-safe/oqs-provider#building-and-testing----quick-start 


Use information: https://github.com/open-quantum-safe/oqs-provider#using

Ready-made docker image at 
https://hub.docker.com/repository/docker/openquantumsafe/oqs-ossl3

Q1: If necessary, I'd be glad to lend a (remote) hand to anyone 
interested in using this at a hackathon. But then again, X.509 interop 
testing should be directly possible by using the standard OpenSSL 
commands. Samples at 
https://github.com/open-quantum-safe/oqs-provider#signing-data

As far as "live" PQ-X.509 certificates are concerned, a final FYI 
pointing to https://test.openquantumsafe.org: This site has been set up 
quite some time ago to facilitate ongoing & open interop testing for all 
PQ/hybrid algorithms in the NIST competition. It also has been used to 
check proper oqsprovider operation.

Regards,

--Michael

v2.23.0 | Report a Bug | By Email