Re: [Pqc] [EXTERNAL] Re: [lamps] PQC X.509 115 Hackathon
Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 21 October 2022 15:03 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85B82C14CE27 for <pqc@ietfa.amsl.com>; Fri, 21 Oct 2022 08:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjjmA-Rdu83j for <pqc@ietfa.amsl.com>; Fri, 21 Oct 2022 08:03:18 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50B13C14F73E for <pqc@ietf.org>; Fri, 21 Oct 2022 08:03:18 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.5) with ESMTP id 29L8JSaL031233; Fri, 21 Oct 2022 10:03:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=aVFKDjjP3rdXc0BQ96py/4iML6zZQncdSjqfiXk34u8=; b=F40qJYulYPhyxu93IYAkG5Q6DusEAwotijCdaDslOjZkCyZ5xMvAOpUPnkt+cZyYXv4b u0zQ2cVvr3Rr4LFlaTI9g/LiMHxaicIB9SjSMkSkSG3eYKMS3K03AtKFF2kxUDx2E5vV /ltkrWHVxkRIlYGonn5yjaFTUqhYkWeePHUswE73MbMPrFFBFQqukYJkpAvwyqdCelPZ sFCkpDO7wCvtML5KRQlQ5SUvgB92Z0DP/sYWFEJ5tuW5/8JzpZ5y+UX1VEBUOpxzfT4L Op1RSOlZEqwzm3HBiOAE1xz7sQVKyXg5ZemNiSrTjRqG7gSSZ225xD9gttQjZAOmSC96 eA==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2172.outbound.protection.outlook.com [104.47.55.172]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3kavsequ9a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Oct 2022 10:03:15 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TTk4Gf2fcdHRABcPbFzxThs0WLaWvAxMmNMHZ3GhIbtWRA3p+r+5bGOgd/Pxhxf4INvju1q+Hy9UfY4UdhruSsClHMIDQCr3MBX3MeT/k3KCw2orxqCwUAFOjMg7Rqb88qN0uTtjlalK5ASct8duSe/oOIbyKwIpBY+rt8rTf7CpAC28DCC15gr8gQfxxTUdDtATA6B5UX2s0AXl0Rtg+zl5sCF6m1++A4auu+m4r6C7xUcyKkj70RkPvSuLGGAQKtBQ1Q9lv/4w1WIP3a6qbp4MaOz1FLh9pgFKNDErP9pSAOMEOhOe0CJcuiaM6oWbgVjn0EQn3ThGKSbUaQF/pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aVFKDjjP3rdXc0BQ96py/4iML6zZQncdSjqfiXk34u8=; b=EfHFfGia4/bkWHo3LxL2fj9mOfRtxlpNlFbwVWBgvQXa5yO94YzBTefhgLbxEOqFzRtVpGyiOZUccSujYD0P1pbV30wjlu7oNQFzzOtC8kvFzh5TBxyReNB6vIK/htfSv+EG1gYWyT9UsK9E+IuBkB200dxdTTOFIsfUxm06HvuO1VDmDgD8Y8zkCmDMVPZmtcegdCORMp5R2SC9u/tcZiq8PCot77hrKqqEwrtbh5JV/U8EWqURRFS3wkN55sK35866jGs1rTj2uziWUfbURndfXDazO1WM79B0ZPPTUxA666UuxhCsJIRInnULIDXa8OuNV2R4t7hmzYMf5o5mLA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.32; Fri, 21 Oct 2022 15:03:11 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21%3]) with mapi id 15.20.5723.034; Fri, 21 Oct 2022 15:03:11 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, "pqc@ietf.org" <pqc@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Pqc] [lamps] PQC X.509 115 Hackathon
Thread-Index: AdjYVOXE6GpE7MN6R9W+NqLxsx9F5gM3IEiAAAq+lbA=
Date: Fri, 21 Oct 2022 15:03:11 +0000
Message-ID: <CH0PR11MB5739572AC6ECE45AE9CD46BD9F2D9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB5739E98B69C5AD88745F539E9F5D9@CH0PR11MB5739.namprd11.prod.outlook.com> <d79b617c-0333-d672-b9ee-0a4b7d330806@gmail.com>
In-Reply-To: <d79b617c-0333-d672-b9ee-0a4b7d330806@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DS0PR11MB6399:EE_
x-ms-office365-filtering-correlation-id: 91685cf7-6a00-46cf-ba9e-08dab3755ef4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gk1pTYHdkYWtDoKBBu8GIhvyvnLaHGjgd2YgBUgeLuuAegOcg2v9/IsvsYSUUHI6z7mZixmfgSnqv+6eYff+k5GsyOhDiGkz7VhjhfQSFYHUFFx+sAnfFtF8jkRMCQzS3Eq1Tg8z0WRcD2cQ98AofwhL+KVOQizVhQKuuxv/ANFl8L/ZZEweeKKcHWkZSZ8z3HODUG+UvxX4gPakw2UZhNzx2Y+hQhpUF5IVVSfQmpRx/Rt/XrdMhhzn8NZIbQXrtZVCfxxqWighac0IcvLCegVWvzFuJ27qQvTt3vhVo/etsBkvf3qmII1Cct4hF2Zg/we7xwBJSmI1+Z5p9iTTNlvzHJpcZDgpLAzTEzCBDjkn0wlpABN4jsW0jcOiqN9zgTz/lymnUGXaX5NuZsfO5PO3ZiayDW/K1xuGdt2u0li60+16eY5EhEmoCUrsFnMaOPWXcGhu89V4ZSwb9Nl7EDBqOua39KM7kISbKYfmBhjW3s9AOfuM/GxDOmU4xYuYvlaESR7mqHmW5bKzwFiVNQ4acB0/XzuXLnDSLcdZXEX0bn7WqFQV+0DXSNK2R3wZhIz8WNPoowR+6QvezKzncMbUYAkMlfDCHQAwpOw+BRb9a60p2l+hrB2z8f95Diml3n9k5IsXlhfH1+arWoceUNjGcPF1sGgsybL4JKLRi0or/HxWt3s/ILrXAOLqOJIebYTye63xKJVVDrM9xc3D8qr2PxXrtZvUs47V/bz7LfeTYbsiaeemKwPVCwTA7CthFE68ZUYubn8RNL5jaAZw1AcYURrXFw4OW1UfLxOV241bQpQfRy6tbOcc9SCGRo4ggc2t3K56/l03ERA0+yNdLQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(346002)(366004)(39860400002)(376002)(136003)(396003)(451199015)(8936002)(64756008)(66446008)(2906002)(33656002)(76116006)(86362001)(5660300002)(52536014)(66476007)(41300700001)(38100700002)(66946007)(6506007)(66556008)(8676002)(110136005)(316002)(55016003)(38070700005)(122000001)(7696005)(186003)(66574015)(71200400001)(53546011)(966005)(26005)(9686003)(83380400001)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oBGDqfJrGIIcCBb888A+/T32BcLhqgO+JIzbMc4+eM9nzrTNjGalgmb3JOr0DBv0VW+m18l9aMiJPzVd+cPnwFWMmif17CDPjdBGeFfb5ZBzsEGrNs1IKMtmyX1mM+FgKK5rOZyz1urZNDa+GD6RP2huCQEm2UBG1C5kXmeZM1krUDvrxBJ9IvqBnJeUohxrWHCRo0JV4jT/zmOF8WlZryJR/0WXYqBqbbycZJ64QwIhaw71EqoxJD710T4bYoud+b+Iuoa4J+iccG8EtbB55LNjm//9CBbgXetSPYoHYrkuj3ZRIw366ErovpmoybKWZ13KO29EZUoyeok5c5JMaY7ILaBWsKFmy6mp2hO38v+7uIPFICFAoXcHLy/nF/oDc3nTyeDkBjKzVgboGFcKcdF0aPvKwwI1BgePLoX9jTs2QO6yoVcq/AnY+PXCQrfwV10tVmgigUdYeqjZzkFPRxj9EnfkVPCTddeUiE6Q3SjXh34NVrGTfKQyZHcBKXlVZ/8PkK3h3mEcSvNMZNRpehBKdFlrA1SvG6EIW2OLPQ9iLXwY5S88L7NZFi5W2AuVkOEuKM2f8pMFhXf7kGiA73U3kjR+ZmUvZk9ao7gga44WwW2BhGiJyOSpuSfr2TXU4FXhuGhQZI5/p00h4Kwt8P/Pn7AoKWhcDPtxlmWsJEg6jg1srA2FIoIz5U3Fg0E3YFWCHZGOmu64fRdmVYMV/w9enr2ch+tdWxjZWYRYD463YQK9chHwGEVLu+f9BvIgWVQQcI5W9aOJBbhBybam+heJ+MO2gpftcNrWCJFGVhSjaUuQ9DP6LEtVBtMGy8l8CNjp/LbsoAD70+ov37M/hk1OM31IGUnbqgbLjgfHxfOb7YPWZkUAc8DBbUg3orzzJeaBA82WgbL+CXCLKfvC2wI2BvfqrSiDW8+0xOFkJ97yNnVtmW8wGWX0JKkAs+pVvOot/bhzjk+ANYJIbEPNkPjur5BATrx8lryZQ693gY5C0MQfhUEfO/7iVmtJAw/9PQEFpYqGSWPOwsHxoNfIzK59KUsRULZsz5+PhOuUPSjINecLKdgxM2WvpLAkiaH93D7y9EIyyU4PHLgVsh1zLoAslVApY68ETjOyTTqGrmxmWW4uErLlbmU2HaKQIUGeymRvKA8qL4JQKFX0yCu208CSOQzy3aIENMUh64mECZPdVRE0O/ZCVWmQp/mjcR4CJEPXIGpwCnae0DiqCF7ehkMefLeS5l+aFJsRuIO6lcZNtPn/y/HiMY3NhyNGlaPyMzb5//1jfbUepzdp6Cf1bNrtVbk1hvgMH/q6fYnQkq4OB9/h6sfsF7aZDBwX5dh9mgnnzqvu8ZblDkXE0S9mc3sbV0pgA1ZmmFqDafMhMTFJeXhZ9pBRtnYMPHK+/xU0NRIsmJYHowYyei4XASM6BRavlLgfmF6gSWSDIZiEkmAKvOiQ8SwAYbcDfgMwBWpj1Yd1xZLcVtMvt0/LLlkcaC9ciTZk3FURaKvcy63qjLpJWKCfeBIG+jbcbbG3WjZERUWSHz7sjjSKOOGD009er6wMN5CN0QAKOjOTHCXqm+NfJBEYGiAklrdbkZJyC2cCSSFXRyIV4fU2ZFdig1QqWg==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 91685cf7-6a00-46cf-ba9e-08dab3755ef4
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2022 15:03:11.1520 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ZXbBrx5L6LMuLPgzYkuAmB0BaQo4emsLxXNApjvRfNKHSP79AR6hado9JQejlatKSVYYFL85Q0WnzexkD+w5rQs5Ycp6Hmu1dlICTPFew1Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB6399
X-Proofpoint-ORIG-GUID: PWIufCzChIQbNSfn5SPgjeH7lYrq0-kY
X-Proofpoint-GUID: PWIufCzChIQbNSfn5SPgjeH7lYrq0-kY
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-21_04,2022-10-21_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 bulkscore=0 malwarescore=0 adultscore=0 mlxscore=0 impostorscore=0 priorityscore=1501 clxscore=1011 lowpriorityscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210210090
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/eGsHFpP3ux1Sb9XXUCigjVrKKg8>
Subject: Re: [Pqc] [EXTERNAL] Re: [lamps] PQC X.509 115 Hackathon
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 15:03:22 -0000
Hi Alex, Correct, X.509 is only part of the problem. Security protocols use crypto in various ways besides the X.509 certificates themselves. You raise the example that the protocol needs to support signature algorithms that are compatible with the provided X.509 certificate. For example IPSec can only make use of a Dilithium3 certificate if IPSec support the Dilithium3-SHA256 signature algorithm. Another example is the key exchange portion of TLS- and IPSec-like handshakes. Both of those protocols have added mechanisms for hybrid key exchange so that they are ready to drop in the final NIST winner when it is ready [1], [2]. Of course, all security protocols need to do similar work; you don't get it for free by using PQ X.509. If there are protocols that are not yet making enough progress on this, then go pester their respective working groups. [1]: https://datatracker.ietf.org/doc/html/rfc8784 [2]: https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design --- Mike Ounsworth -----Original Message----- From: Pqc <pqc-bounces@ietf.org> On Behalf Of Alexandre Petrescu Sent: October 21, 2022 4:42 AM To: pqc@ietf.org Subject: [EXTERNAL] Re: [Pqc] [lamps] PQC X.509 115 Hackathon WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ Assuming X.509 is made to work with quantum-resistant crypto implementations, does that mean that, by consequence, IPsec and further down - IPv6, will become quantum-resistant? Intuitively, I would think X.509 is just one little part of IPsec and there would be a need of more. But I am not entirely sure. For example, one would appreciate the entire chain of security overall. A quantum-resistant X.509 payload of an IPv6 packet with an MD5 AH signature would still be non-resistant overall, I would say. Sorry if this message is too naïve about the respective technology. Alex Le 05/10/2022 à 03:00, Mike Ounsworth a écrit : > Hi LAMPS and people interested in PQC! > > As suggested at 114, my colleague John Gray and I would like to do a > 115 Hackathon on PQ keys and signatures in X.509 / PKIX. > > We are suggesting to play with Dilithium, Falcon, Sphincs+, and > Composite signing algorithms in Certs, CRLs, CSRs, PKCS#12s, CMS > SignedData, maybe OCSP Responses, maybe Timestamping, maybe CMP. We > can > bring: the Entrust Toolkit (which we can hack at), Bounce Castle, > OpenQuantumSafe-openssl, OpenCA (easier if Max Pala is there, but we > can probably figure out how to build it). > > The point of the hackathon, I think, is going to be OIDs, and public > key / private key formats (ex.: the differences between Dilithium and > Falcon encodings in draft-uni-qsckeys, and > draft-massimo-lamps-pq-sig-certificates). > > Question 1: are others interested in joining us at the hackathon? (no > point is signing up for a hackathon spot if we’re the only ones there) > > Question 2: whether or not you're joining, what PQ X.509 / PKIX things > would you like to see working with Dilithium, Falcon, Sphincs+, Composite? > > --- > Mike Ounsworth > Software Security Architect, Entrust > > /Any email and files/attachments transmitted with it are confidential > and are intended solely for the use of the individual or entity to > whom they are addressed. If this message has been sent to you in > error, you must not copy, distribute or disclose of the information it contains. > _Please notify Entrust immediately_ and delete the message from your > system./ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas > m__;!!FJ-Y8qCqXTj2!bzbwIL6T5synzK5V4YgqIRoHeIT2MAbTiPdDXqiDbmA4C6_Am2V > w5Rka41WhtxtA6cAlYJxYf6N2X64Jmk0IRLgL7QReZvY$ -- Pqc mailing list Pqc@ietf.org https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc__;!!FJ-Y8qCqXTj2!bzbwIL6T5synzK5V4YgqIRoHeIT2MAbTiPdDXqiDbmA4C6_Am2Vw5Rka41WhtxtA6cAlYJxYf6N2X64Jmk0IRLgLNl8b89E$ Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
- [Pqc] PQC X.509 115 Hackathon Mike Ounsworth
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Paul Hoffman
- Re: [Pqc] PQC X.509 115 Hackathon Tomas Gustavsson
- Re: [Pqc] PQC X.509 115 Hackathon Sofía Celi
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Tim Hollebeek
- Re: [Pqc] PQC X.509 115 Hackathon Stiepan Kovac
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Paul Hoffman
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Michael Richardson
- Re: [Pqc] [Ext] PQC X.509 115 Hackathon Stiepan Kovac
- Re: [Pqc] PQC X.509 115 Hackathon John Gray
- Re: [Pqc] PQC X.509 115 Hackathon Vaira, Antonio
- Re: [Pqc] PQC X.509 115 Hackathon Michael Baentsch
- Re: [Pqc] [lamps] PQC X.509 115 Hackathon Alexandre Petrescu
- Re: [Pqc] [EXTERNAL] Re: [lamps] PQC X.509 115 Ha… Mike Ounsworth
- Re: [Pqc] [lamps] PQC X.509 115 Hackathon Michael Richardson