Re: [Pqc] Mapping the state of PQC and IETF
Sofía Celi <cherenkov@riseup.net> Wed, 01 March 2023 18:16 UTC
Return-Path: <cherenkov@riseup.net>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE3AC151AED for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 10:16:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pAL907BjmVf for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 10:16:10 -0800 (PST)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63BE0C14CE27 for <pqc@ietf.org>; Wed, 1 Mar 2023 10:16:10 -0800 (PST)
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4PRj955MRQzDrbC for <pqc@ietf.org>; Wed, 1 Mar 2023 18:15:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1677694569; bh=MYTN0HAMXSCaQMwyNBlGZ2qwIpxkt7lfZhYgFnUV5LA=; h=Date:Subject:To:References:From:In-Reply-To:From; b=n12j9j46slbxZrkzlQblMCIi945bmS4EAwjj20FIPznKmvrCrkcsu5ausG9gJkU11 p8RalcAitpjnZ1+AYvcnI5cRYZFQAdSX+VivWnym2U1aDxdjcv1mVXmiQ46UdPict3 wqe3W9Nb/gWObNrmjBtLjLS1nYvlEcoQfZAn8qFs=
X-Riseup-User-ID: 3B206B39A3BCA2F994D09855A7FECAAC4673C7507B7DB307EEF6ABF63590D9C4
Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4PRj8h20QZz5vbk for <pqc@ietf.org>; Wed, 1 Mar 2023 18:15:48 +0000 (UTC)
Message-ID: <6ccab69c-9f9f-3870-581f-db1858f57e35@riseup.net>
Date: Wed, 01 Mar 2023 19:15:45 +0100
MIME-Version: 1.0
To: pqc@ietf.org
References: <667bd090-1a3e-82d0-f663-8950fcd6dd38@riseup.net> <CH0PR11MB5739F3AA7FB5C3E808B1699A9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <6481c370-4509-7a30-ac0c-d780e9ffaa52@gmx.net> <7b369b8ba2364cff939046dfc5d4ec7b@amazon.com> <trinity-2eb24a98-ae4e-408f-b4c3-0d076dce88c2-1677650102054@3c-app-gmx-bap14>
From: Sofía Celi <cherenkov@riseup.net>
In-Reply-To: <trinity-2eb24a98-ae4e-408f-b4c3-0d076dce88c2-1677650102054@3c-app-gmx-bap14>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/owQZFsz59Jgt3YfkVTMrgPF2Sp4>
Subject: Re: [Pqc] Mapping the state of PQC and IETF
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 18:16:14 -0000
Dear, list, I think for the moment we should keep the covienient-for-PQC drafts out of the list. It is true that they can potentially help PQC migration (which has to still be examined and deployed) but they are not PQC-per-se; but rather serve other goals such as improving efficiency. It think these drafts have to be carefully considered in their corresponding WGs. We can potentially create later a list of covienient-for-PQC drafts. Thank you, On 01/03/2023 06:55, Hannes Tschofenig wrote: > Let me give you another example. > Should the SUIT manifest draft be added to the list because it can use > HSS-LMS? In fact, HSS-LMS, as a hash-based signature scheme, fits the > firmware update use case well since the size of the signature is small > compared to the firmware update itself. With the recent announcement > from the NSA in > https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF the use of hash-based signatures for software- and firmware-signing is even recommended. > Still, I wouldn't list the SUIT manifest since you will run into the > problem Mike was given below. It is probably more useful to ask each > working group how the use of PQC algorithms will impact their protocols. > Most groups have looked into this already. > Ciao > Hannes > *Gesendet:* Dienstag, 28. Februar 2023 um 17:08 Uhr > *Von:* "Kampanakis, Panos" <kpanos@amazon.com> > *An:* "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, "pqc@ietf.org" > <pqc@ietf.org> > *Betreff:* RE: [Pqc] Mapping the state of PQC and IETF > > > draft-kampanakis-tls-scas, for example, is about reducing the size of > the TLS handshake. It conveniently uses PQC as a motivation but there > have been many efforts before that tried to accomplish TLS handshake > size reduction before and you wouldn't want to list all of them as well. > > Indeed. > I wish the previous mechanisms worked in the PQ auth context because it > is an uphill battle to convince the TLS WG that ICA suppression is the > most straightforward option we have. > > > -----Original Message----- > From: Pqc <pqc-bounces@ietf.org> On Behalf Of Hannes Tschofenig > Sent: Tuesday, February 28, 2023 6:36 AM > To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; Sofía > Celi <cherenkov@riseup.net>; pqc@ietf.org > Subject: RE: [EXTERNAL][Pqc] [EXTERNAL] Mapping the state of PQC and IETF > > CAUTION: This email originated from outside of the organization. Do not > click links or open attachments unless you can confirm the sender and > know the content is safe. > > > > Mike, you bring up a good point. > > draft-kampanakis-tls-scas, for example, is about reducing the size of > the TLS handshake. It conveniently uses PQC as a motivation but there > have been many efforts before that tried to accomplish TLS handshake > size reduction before and you wouldn't want to list all of them as well. > > > Am 28.02.2023 um 01:16 schrieb Mike Ounsworth: > > Wicked, thanks for starting this github page! > > > > I started this thread asking for, I guess, the converse of this > document: IETF (Sec Area) protocols that DON'T need a PQ draft. > > > > For example: SCEP (RFC 8894) does not itself specify any crypto, but > embeds CMS (RFC 5652) and PKCS #10 (RFC 2986). > > > > ACME embeds JOSE/JWS (RFC 7515) and PKCS #10 (RFC 2986). > > > > Etc. > > > > It would probably be a service to the community to document those on > the PQUIP github page so that people know that "Do Nothing" is the > correct action. Basically, every Sec Area protocol probably needs to be > on that page under either "Action Needed" or "Action Not Needed". Since > I suggested it, I guess I just volunteered to put in a PR starting that > table. Barring $distraction, I'll try and get something tonight. > > > > --- > > Mike Ounsworth > > > > -----Original Message----- > > From: Pqc <pqc-bounces@ietf.org> On Behalf Of Sofía Celi > > Sent: Monday, February 27, 2023 9:47 AM > > To: pqc@ietf.org > > Subject: [EXTERNAL] [Pqc] Mapping the state of PQC and IETF > > > > WARNING: This email originated outside of Entrust. > > DO NOT CLICK links or attachments unless you trust the sender and > know the content is safe. > > > > ______________________________________________________________________ > > Dear, list, > > > > We have started work on mapping the state of PQC (if any draft or RFC > > exists) in the different IETF protocols/WG and IRTF groups: > > > https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$ <https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$> to keep track of where everything is at. Feel free to contribute by sending a PR. We hope this list is useful to many. > > > > Thank you, > > > > Sofía and Paul > > > > -- > > Sofía Celi > > @claucece > > Cryptographic research and implementation at many places, specially > Brave. > > Chair of hprc at IRTF and anti-fraud at W3C. > > Reach me out at: cherenkov@riseup.net > > Website: > > > https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ > <https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ> > > OUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5n > > c3Q4sNLmg_1qK50$ 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6 > > > > -- > > Pqc mailing list > > Pqc@ietf.org > > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_ > <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_> > > _;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCm > > cAqqjMkCcu9ThT9UN5nc3Q4sNLm2Xw6TiA$ > > Any email and files/attachments transmitted with it are confidential > and are intended solely for the use of the individual or entity to whom > they are addressed. If this message has been sent to you in error, you > must not copy, distribute or disclose of the information it contains. > Please notify Entrust immediately and delete the message from your system. > > -- > Pqc mailing list > Pqc@ietf.org > https://www.ietf.org/mailman/listinfo/pqc > <https://www.ietf.org/mailman/listinfo/pqc> > -- Sofía Celi @claucece Cryptographic research and implementation at many places, specially Brave. Chair of hprc at IRTF and anti-fraud at W3C. Reach me out at: cherenkov@riseup.net Website: https://sofiaceli.com/ 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6
- [Pqc] Mapping the state of PQC and IETF Sofía Celi
- Re: [Pqc] [Ext] Mapping the state of PQC and IETF Paul Hoffman
- Re: [Pqc] [Ext] Mapping the state of PQC and IETF Alexandre Petrescu
- Re: [Pqc] [Ext] Mapping the state of PQC and IETF Behcet Sarikaya
- Re: [Pqc] Mapping the state of PQC and IETF Rebecca Guthrie
- Re: [Pqc] [Ext] Mapping the state of PQC and IETF Paul Hoffman
- Re: [Pqc] Mapping the state of PQC and IETF John Gray
- Re: [Pqc] [EXTERNAL] Mapping the state of PQC and… Mike Ounsworth
- Re: [Pqc] [EXTERNAL] Mapping the state of PQC and… Mike Ounsworth
- Re: [Pqc] [Ext] [EXTERNAL] Mapping the state of P… Paul Hoffman
- Re: [Pqc] [EXTERNAL] Mapping the state of PQC and… Hannes Tschofenig
- Re: [Pqc] Mapping the state of PQC and IETF Kampanakis, Panos
- Re: [Pqc] Mapping the state of PQC and IETF Hannes Tschofenig
- Re: [Pqc] [EXTERNAL] Mapping the state of PQC and… Alexandre Petrescu
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Kampanakis, Panos
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Bas Westerbaan
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Kampanakis, Panos
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Behcet Sarikaya
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Bas Westerbaan
- Re: [Pqc] Mapping the state of PQC and IETF Sofía Celi
- Re: [Pqc] [Ext] [EXTERNAL] Mapping the state of P… Sofía Celi
- Re: [Pqc] Mapping the state of PQC and IETF Sofía Celi
- Re: [Pqc] [Ext] [EXTERNAL] Mapping the state of P… Mike Ounsworth
- Re: [Pqc] Mapping the state of PQC and IETF - ssh D. J. Bernstein
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Eric Rescorla
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Alexandre Petrescu
- Re: [Pqc] Mapping the state of PQC and IETF - ssh D. J. Bernstein
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Alexandre Petrescu
- Re: [Pqc] Mapping the state of PQC and IETF - ssh D. J. Bernstein
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Blumenthal, Uri - 0553 - MITLL
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Alexandre Petrescu
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Thom Wiggers
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Alexandre Petrescu
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Thom Wiggers
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Behcet Sarikaya
- Re: [Pqc] Mapping the state of PQC and IETF - ssh Alexandre Petrescu