Re: [Pqc] PQC X.509 115 Hackathon
Michael Baentsch <info@baentsch.ch> Thu, 20 October 2022 07:29 UTC
Return-Path: <info@baentsch.ch>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56077C14F733 for <pqc@ietfa.amsl.com>; Thu, 20 Oct 2022 00:29:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoCGv5TkFYB3 for <pqc@ietfa.amsl.com>; Thu, 20 Oct 2022 00:28:59 -0700 (PDT)
Received: from www14.servertown.ch (www14.servertown.ch [IPv6:2a00:41c0:94:231:94::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A087DC1522CC for <pqc@ietf.org>; Thu, 20 Oct 2022 00:28:57 -0700 (PDT)
Received: from [IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9] (unknown [IPv6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]) by www14.servertown.ch (Postfix) with ESMTPSA id 80B5816249D1 for <pqc@ietf.org>; Thu, 20 Oct 2022 09:28:53 +0200 (CEST)
Authentication-Results: www14.servertown.ch; spf=pass (sender IP is 2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9) smtp.mailfrom=info@baentsch.ch smtp.helo=[IPV6:2a01:2ac:51dd:d483:5c28:ca86:fcfc:46e9]
Received-SPF: pass (www14.servertown.ch: connection is authenticated)
Content-Type: multipart/alternative; boundary="------------qDJA8kWUPQwqivMatlZsANGW"
Message-ID: <e1334090-e90d-3e4b-9e12-ae67832f02b9@baentsch.ch>
Date: Thu, 20 Oct 2022 09:28:53 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
References: <mailman.2833.1665659925.15745.pqc@ietf.org>
From: Michael Baentsch <info@baentsch.ch>
To: pqc@ietf.org
In-Reply-To: <mailman.2833.1665659925.15745.pqc@ietf.org>
X-PPP-Message-ID: <166625093411.36012.8410771666837610230@www14.servertown.ch>
X-PPP-Vhost: baentsch.ch
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/4wHi0ewRRLjY3SfedJEPDxbbIbA>
Subject: Re: [Pqc] PQC X.509 115 Hackathon
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 07:29:04 -0000
Am 13.10.22 um 13:18 schrieb pqc-request@ietf.org: > > Hi LAMPS and people interested in PQC! > > As suggested at 114, my colleague John Gray and I would like to do a > 115 Hackathon on PQ keys and signatures in X.509 / PKIX. > > We are suggesting to play with Dilithium, Falcon, Sphincs+, and > Composite signing algorithms in Certs, CRLs, CSRs, PKCS#12s, CMS > SignedData, maybe OCSP Responses, maybe Timestamping, maybe CMP. We > can bring: the Entrust Toolkit (which we can hack at), Bounce Castle, > OpenQuantumSafe-openssl, OpenCA (easier if Max Pala is there, but we > can probably figure out how to build it). > > The point of the hackathon, I think, is going to be OIDs, and public > key / private key formats (ex.: the differences between Dilithium and > Falcon encodings in draft-uni-qsckeys, and > draft-massimo-lamps-pq-sig-certificates). > > Question 1: are others interested in joining us at the hackathon? (no > point is signing up for a hackathon spot if we’re the only ones there) > > Question 2: whether or not you're joining, what PQ X.509 / PKIX things > would you like to see working with Dilithium, Falcon, Sphincs+, Composite? > > --- > Mike Ounsworth > Software Security Architect, Entrust > The above is a great initiative that we understand to be a bit late to voice support for. So please take the below as a statement of interest and FWIW & FYI: Q2: oqsprovider is an OpenSSL3 provider plugin able to support plain and composite PQ algorithms. It aims to provide interoperability at all levels of TLS(1.3) without the need to fork OpenSSL. It has been especially equipped to support interop testing at various levels: See mechanisms supported at https://github.com/open-quantum-safe/oqs-provider/blob/main/ALGORITHMS.md Build information: https://github.com/open-quantum-safe/oqs-provider#building-and-testing----quick-start Use information: https://github.com/open-quantum-safe/oqs-provider#using Ready-made docker image at https://hub.docker.com/repository/docker/openquantumsafe/oqs-ossl3 Q1: If necessary, I'd be glad to lend a (remote) hand to anyone interested in using this at a hackathon. But then again, X.509 interop testing should be directly possible by using the standard OpenSSL commands. Samples at https://github.com/open-quantum-safe/oqs-provider#signing-data As far as "live" PQ-X.509 certificates are concerned, a final FYI pointing to https://test.openquantumsafe.org: This site has been set up quite some time ago to facilitate ongoing & open interop testing for all PQ/hybrid algorithms in the NIST competition. It also has been used to check proper oqsprovider operation. Regards, --Michael
- [Pqc] PQC X.509 115 Hackathon Mike Ounsworth
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Paul Hoffman
- Re: [Pqc] PQC X.509 115 Hackathon Tomas Gustavsson
- Re: [Pqc] PQC X.509 115 Hackathon Sofía Celi
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Tim Hollebeek
- Re: [Pqc] PQC X.509 115 Hackathon Stiepan Kovac
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Paul Hoffman
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Michael Richardson
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Stiepan Kovac
- Re: [Pqc] PQC X.509 115 Hackathon John Gray
- Re: [Pqc] PQC X.509 115 Hackathon Vaira, Antonio
- Re: [Pqc] PQC X.509 115 Hackathon Michael Baentsch
- Re: [Pqc] [lamps] PQC X.509 115 Hackathon Alexandre Petrescu
- Re: [Pqc] [EXTERNAL] Re: [lamps] PQC X.509 115 Ha… Mike Ounsworth
- Re: [Pqc] [lamps] PQC X.509 115 Hackathon Michael Richardson