IETF Logo Mail Archive

Re: [Pqc] Mapping the state of PQC and IETF - ssh

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 01 March 2023 16:24 UTC

Return-Path: <prvs=41718d255=kpanos@amazon.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52792C151545 for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 08:24:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.9
X-Spam-Level:
X-Spam-Status: No, score=-11.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQw9zhzhwO3y for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 08:24:57 -0800 (PST)
Received: from smtp-fw-6001.amazon.com (smtp-fw-6001.amazon.com [52.95.48.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77B61C14CEFC for <pqc@ietf.org>; Wed, 1 Mar 2023 08:24:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1677687898; x=1709223898; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=9hfh453l9+O77vLGQ1uXWR4bsWOYTciWrVCUvLPwPko=; b=m406I5do61Po7sYsZCHmDvLR3o0/0VU+AtpWiktssmJbizyJLlRNbI/0 wLGlYFFt5oaG/YNG8Elx5LISl6i/075IiCnF6R3JU8nYGNpXWgjuMeHDI m0uxUZwAd1PihsWLPOSNIgOVm3NDqFGSGPBgWXuFgheT1rJExCgFIgY8I k=;
X-IronPort-AV: E=Sophos;i="5.98,225,1673913600"; d="scan'208,217";a="304357439"
Thread-Topic: [Pqc] Mapping the state of PQC and IETF - ssh
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-pdx-2a-m6i4x-21d8d9f4.us-west-2.amazon.com) ([10.43.8.2]) by smtp-border-fw-6001.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2023 16:24:54 +0000
Received: from EX13MTAUWB002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2a-m6i4x-21d8d9f4.us-west-2.amazon.com (Postfix) with ESMTPS id D5BA581CEF; Wed, 1 Mar 2023 16:24:52 +0000 (UTC)
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX13MTAUWB002.ant.amazon.com (10.43.161.202) with Microsoft SMTP Server (TLS) id 15.0.1497.45; Wed, 1 Mar 2023 16:24:52 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA001.ant.amazon.com (10.37.240.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.24; Wed, 1 Mar 2023 16:24:51 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.024; Wed, 1 Mar 2023 16:24:51 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
CC: "pqc@ietf.org" <pqc@ietf.org>
Thread-Index: AQHZTFEM5QFZ+qtCCkuhKdBAufrIy67mDtNg
Date: Wed, 01 Mar 2023 16:24:50 +0000
Message-ID: <0001a8f270d044788a84bae1e31c6262@amazon.com>
References: <667bd090-1a3e-82d0-f663-8950fcd6dd38@riseup.net> <CH0PR11MB5739F3AA7FB5C3E808B1699A9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739D19B472801B58D70900B9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <dcbfda5a-3bda-ce06-129e-93b9a164bd86@gmail.com> <28c503bff662497381ac87063106ce96@amazon.com> <CAMjbhoWT2Xf_+FCE8cPsHT80+D=AzFgWXLJUanQuuJYuMPqD_A@mail.gmail.com>
In-Reply-To: <CAMjbhoWT2Xf_+FCE8cPsHT80+D=AzFgWXLJUanQuuJYuMPqD_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: multipart/alternative; boundary="_000_0001a8f270d044788a84bae1e31c6262amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/5vkNRrOXtaam_TXqC4-x3TJnBpc>
Subject: Re: [Pqc] Mapping the state of PQC and IETF - ssh
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 16:24:58 -0000

Hi Bas,
True, but we need a few years until a module will be able to validate its Kyber implementation. Someone needing quantum-safe FIPS compliance today could just do P256+Kyber.

From: Pqc <pqc-bounces@ietf.org> On Behalf Of Bas Westerbaan
Sent: Wednesday, March 1, 2023 10:17 AM
To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>
Cc: Alexandre Petrescu <alexandre.petrescu@gmail.com>; pqc@ietf.org
Subject: RE: [EXTERNAL][Pqc] Mapping the state of PQC and IETF - ssh


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



OpenSSH currently does not support ECDH+PQ for "quantum-safe FIPS" compliance.

Once NIST puts the bow on Kyber, Kyber+Anything, eg, Kyber+x25519 will be FIPS.

Best,

 Bas

v2.23.0 | Report a Bug | By Email