IETF Logo Mail Archive

Re: [Pqc] Mapping the state of PQC and IETF - ssh

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 01 March 2023 15:07 UTC

Return-Path: <prvs=41718d255=kpanos@amazon.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E03D4C14F74A for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 07:07:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.899
X-Spam-Level:
X-Spam-Status: No, score=-11.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjnwTlET70lN for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 07:07:29 -0800 (PST)
Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3A54C14F75F for <pqc@ietf.org>; Wed, 1 Mar 2023 07:07:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1677683250; x=1709219250; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=hFXTfsuPHyIP9OkyzvSsAbj6H1wsZ5cJNV+JPKdRwbQ=; b=f9UkFBiv701ACU0ThZd+8po+gIrHCWtsg+7LMwrTEM+iGRzlj2cjVgnn 7z92UBUHgbGMs+lQHk8X1qI5HYfL9GQa+h46pZGyv9rNL5CLv5SV3C+wm a0H4HeC9+m1NBxlIcyU/u1NeP06fOm2gFlv5Vip9EnkVyY8zpTjdNPX0r U=;
X-IronPort-AV: E=Sophos;i="5.98,225,1673913600"; d="scan'208";a="266275362"
Thread-Topic: [Pqc] Mapping the state of PQC and IETF - ssh
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-pdx-2b-m6i4x-ed19f671.us-west-2.amazon.com) ([10.43.8.6]) by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2023 15:07:24 +0000
Received: from EX13MTAUWB002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-pdx-2b-m6i4x-ed19f671.us-west-2.amazon.com (Postfix) with ESMTPS id F2577811B6; Wed, 1 Mar 2023 15:07:21 +0000 (UTC)
Received: from EX19D001ANA002.ant.amazon.com (10.37.240.136) by EX13MTAUWB002.ant.amazon.com (10.43.161.202) with Microsoft SMTP Server (TLS) id 15.0.1497.45; Wed, 1 Mar 2023 15:07:21 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA002.ant.amazon.com (10.37.240.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.24; Wed, 1 Mar 2023 15:07:20 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.024; Wed, 1 Mar 2023 15:07:20 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, "pqc@ietf.org" <pqc@ietf.org>
Thread-Index: AQHZTD9OOUj1JFKnCEiE9VS1978khq7l86rg
Date: Wed, 01 Mar 2023 15:07:20 +0000
Message-ID: <28c503bff662497381ac87063106ce96@amazon.com>
References: <667bd090-1a3e-82d0-f663-8950fcd6dd38@riseup.net> <CH0PR11MB5739F3AA7FB5C3E808B1699A9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739D19B472801B58D70900B9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <dcbfda5a-3bda-ce06-129e-93b9a164bd86@gmail.com>
In-Reply-To: <dcbfda5a-3bda-ce06-129e-93b9a164bd86@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/WopjAufQYr0maSWPtz7S3wVqZdg>
Subject: Re: [Pqc] Mapping the state of PQC and IETF - ssh
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 15:07:34 -0000

Hi Alex, 

OpenSSH supports X25519+SNTRU for some time now. SNTRU is a quantum-safe algorithm that got eliminated earlier in the NIST PQ process. There was nothing wrong with it, it just didn't move forward, so there will be no final spec for it. Also, OpenSSH currently does not support ECDH+PQ for "quantum-safe FIPS" compliance. 

Although it is a great that OpenSSH was an early adopter, in the long run it makes sense to standardize on a consensus-based, peer-reviewed spec instead of complying with the choices one widely-used implementation made. 

Currently SSH is an orphan protocol; there is no IETF WG to work on it and PQUIP will not do any standardizations. So, for now a few collaborators are coding to the living draft spec in https://github.com/csosto-pk/pq-ssh/blob/master/draft-kampanakis-ssh-pq-ke.txt For the record, this spec currently specifies the use of ECDH+Kyber (Kyber is NIST's KEM pick) very similarly to how OpenSSH does it with SNTRU. So, theoretically we could all interop easily by using the same algorithms. 



-----Original Message-----
From: Pqc <pqc-bounces@ietf.org> On Behalf Of Alexandre Petrescu
Sent: Wednesday, March 1, 2023 8:11 AM
To: pqc@ietf.org
Subject: RE: [EXTERNAL][Pqc] [EXTERNAL] Mapping the state of PQC and IETF - ssh

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Le 28/02/2023 à 02:46, Mike Ounsworth a écrit :
> Done.
>
> PR -
> https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc/pull/2
>
> That "No Action Needed" list is shorter than I expected (probably due 
> to my ignorance of the WGs I'm not involved in): ACME, CMC, QUIC, DoH, 
> EST, HTTPS, SCEP, S/MIME
>
> I'm sure I missed a pile of blah-over-tls or blah-over-ssh things.
> Though maybe obvious enough that they'll get PQ when TLS/SSH does?

I was under the impression that the ssh command already runs with a quantum-resistance option, since maybe several months now?  (something like 'ssh -qr' ?  I mean the kind of use of options, but the option name '-qr' I really dont know)

Or am I wrong to assume that ssh runs with quantum resistance somehow?

Alex

>
> --- Mike Ounsworth
>
> -----Original Message----- From: Pqc <pqc-bounces@ietf.org> On Behalf 
> Of Mike Ounsworth Sent: Monday, February 27, 2023 6:16 PM To: Sofía 
> Celi <cherenkov@riseup.net>; pqc@ietf.org Subject: Re: [Pqc] 
> [EXTERNAL] Mapping the state of PQC and IETF
>
> Wicked, thanks for starting this github page!
>
> I started this thread asking for, I guess, the converse of this
> document: IETF (Sec Area) protocols that DON'T need a PQ draft.
>
> For example: SCEP (RFC 8894) does not itself specify any crypto, but 
> embeds CMS (RFC 5652) and PKCS #10 (RFC 2986).
>
> ACME embeds JOSE/JWS (RFC 7515) and PKCS #10 (RFC 2986).
>
> Etc.
>
> It would probably be a service to the community to document those on 
> the PQUIP github page so that people know that "Do Nothing" is the 
> correct action. Basically, every Sec Area protocol probably needs to 
> be on that page under either "Action Needed" or "Action Not Needed".
> Since I suggested it, I guess I just volunteered to put in a PR 
> starting that table. Barring $distraction, I'll try and get something 
> tonight.
>
> --- Mike Ounsworth
>
> -----Original Message----- From: Pqc <pqc-bounces@ietf.org> On Behalf 
> Of Sofía Celi Sent: Monday, February 27, 2023 9:47 AM To:
> pqc@ietf.org Subject: [EXTERNAL] [Pqc] Mapping the state of PQC and 
> IETF
>
> WARNING: This email originated outside of Entrust. DO NOT CLICK links 
> or attachments unless you trust the sender and know the content is 
> safe.
>
> ______________________________________________________________________
>
>
Dear, list,
>
> We have started work on mapping the state of PQC (if any draft or RFC 
> exists) in the different IETF protocols/WG and IRTF groups:
> https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-
> protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9
> cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$
> to keep track of where everything is at. Feel free to contribute by 
> sending a PR. We hope this list is useful to many.
>
> Thank you,
>
> Sofía and Paul
>
> -- Sofía Celi @claucece Cryptographic research and implementation at 
> many places, specially Brave. Chair of hprc at IRTF and anti-fraud at 
> W3C. Reach me out at: cherenkov@riseup.net Website:
> https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ
> OUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5n
> c3Q4sNLmg_1qK50$
>
>
3D0B D6E9 4D51 FBC2 CEF7  F004 C835 5EB9 42BF A1D6
>
> -- Pqc mailing list Pqc@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_
> _;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCm
> cAqqjMkCcu9ThT9UN5nc3Q4sNLm2Xw6TiA$
>
>
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

--
Pqc mailing list
Pqc@ietf.org
https://www.ietf.org/mailman/listinfo/pqc

v2.23.0 | Report a Bug | By Email