IETF Logo Mail Archive

Re: [Pqc] Mapping the state of PQC and IETF

Sofía Celi <cherenkov@riseup.net> Wed, 01 March 2023 18:16 UTC

Return-Path: <cherenkov@riseup.net>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE3AC151AED for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 10:16:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2pAL907BjmVf for <pqc@ietfa.amsl.com>; Wed, 1 Mar 2023 10:16:10 -0800 (PST)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63BE0C14CE27 for <pqc@ietf.org>; Wed, 1 Mar 2023 10:16:10 -0800 (PST)
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.riseup.net", Issuer "R3" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4PRj955MRQzDrbC for <pqc@ietf.org>; Wed, 1 Mar 2023 18:15:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1677694569; bh=MYTN0HAMXSCaQMwyNBlGZ2qwIpxkt7lfZhYgFnUV5LA=; h=Date:Subject:To:References:From:In-Reply-To:From; b=n12j9j46slbxZrkzlQblMCIi945bmS4EAwjj20FIPznKmvrCrkcsu5ausG9gJkU11 p8RalcAitpjnZ1+AYvcnI5cRYZFQAdSX+VivWnym2U1aDxdjcv1mVXmiQ46UdPict3 wqe3W9Nb/gWObNrmjBtLjLS1nYvlEcoQfZAn8qFs=
X-Riseup-User-ID: 3B206B39A3BCA2F994D09855A7FECAAC4673C7507B7DB307EEF6ABF63590D9C4
Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews1.riseup.net (Postfix) with ESMTPSA id 4PRj8h20QZz5vbk for <pqc@ietf.org>; Wed, 1 Mar 2023 18:15:48 +0000 (UTC)
Message-ID: <6ccab69c-9f9f-3870-581f-db1858f57e35@riseup.net>
Date: Wed, 01 Mar 2023 19:15:45 +0100
MIME-Version: 1.0
To: pqc@ietf.org
References: <667bd090-1a3e-82d0-f663-8950fcd6dd38@riseup.net> <CH0PR11MB5739F3AA7FB5C3E808B1699A9FAC9@CH0PR11MB5739.namprd11.prod.outlook.com> <6481c370-4509-7a30-ac0c-d780e9ffaa52@gmx.net> <7b369b8ba2364cff939046dfc5d4ec7b@amazon.com> <trinity-2eb24a98-ae4e-408f-b4c3-0d076dce88c2-1677650102054@3c-app-gmx-bap14>
From: Sofía Celi <cherenkov@riseup.net>
In-Reply-To: <trinity-2eb24a98-ae4e-408f-b4c3-0d076dce88c2-1677650102054@3c-app-gmx-bap14>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/owQZFsz59Jgt3YfkVTMrgPF2Sp4>
Subject: Re: [Pqc] Mapping the state of PQC and IETF
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2023 18:16:14 -0000

Dear, list,

I think for the moment we should keep the covienient-for-PQC drafts out 
of the list. It is true that they can potentially help PQC migration 
(which has to still be examined and deployed) but they are not 
PQC-per-se; but rather serve other goals such as improving efficiency. 
It think these drafts have to be carefully considered in their 
corresponding WGs. We can potentially create later a list of 
covienient-for-PQC drafts.

Thank you,

On 01/03/2023 06:55, Hannes Tschofenig wrote:
> Let me give you another example.
> Should the SUIT manifest draft be added to the list because it can use 
> HSS-LMS? In fact, HSS-LMS, as a hash-based signature scheme, fits the 
> firmware update use case well since the size of the signature is small 
> compared to the firmware update itself. With the recent announcement 
> from the NSA in 
> https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF the use of hash-based signatures for software- and firmware-signing is even recommended.
> Still, I wouldn't list the SUIT manifest since you will run into the 
> problem Mike was given below. It is probably more useful to ask each 
> working group how the use of PQC algorithms will impact their protocols. 
> Most groups have looked into this already.
> Ciao
> Hannes
> *Gesendet:* Dienstag, 28. Februar 2023 um 17:08 Uhr
> *Von:* "Kampanakis, Panos" <kpanos@amazon.com>
> *An:* "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, "pqc@ietf.org" 
> <pqc@ietf.org>
> *Betreff:* RE: [Pqc] Mapping the state of PQC and IETF
> 
>  > draft-kampanakis-tls-scas, for example, is about reducing the size of 
> the TLS handshake. It conveniently uses PQC as a motivation but there 
> have been many efforts before that tried to accomplish TLS handshake 
> size reduction before and you wouldn't want to list all of them as well.
> 
> Indeed.
> I wish the previous mechanisms worked in the PQ auth context because it 
> is an uphill battle to convince the TLS WG that ICA suppression is the 
> most straightforward option we have.
> 
> 
> -----Original Message-----
> From: Pqc <pqc-bounces@ietf.org> On Behalf Of Hannes Tschofenig
> Sent: Tuesday, February 28, 2023 6:36 AM
> To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>; Sofía 
> Celi <cherenkov@riseup.net>; pqc@ietf.org
> Subject: RE: [EXTERNAL][Pqc] [EXTERNAL] Mapping the state of PQC and IETF
> 
> CAUTION: This email originated from outside of the organization. Do not 
> click links or open attachments unless you can confirm the sender and 
> know the content is safe.
> 
> 
> 
> Mike, you bring up a good point.
> 
> draft-kampanakis-tls-scas, for example, is about reducing the size of 
> the TLS handshake. It conveniently uses PQC as a motivation but there 
> have been many efforts before that tried to accomplish TLS handshake 
> size reduction before and you wouldn't want to list all of them as well.
> 
> 
> Am 28.02.2023 um 01:16 schrieb Mike Ounsworth:
>  > Wicked, thanks for starting this github page!
>  >
>  > I started this thread asking for, I guess, the converse of this 
> document: IETF (Sec Area) protocols that DON'T need a PQ draft.
>  >
>  > For example: SCEP (RFC 8894) does not itself specify any crypto, but 
> embeds CMS (RFC 5652) and PKCS #10 (RFC 2986).
>  >
>  > ACME embeds JOSE/JWS (RFC 7515) and PKCS #10 (RFC 2986).
>  >
>  > Etc.
>  >
>  > It would probably be a service to the community to document those on 
> the PQUIP github page so that people know that "Do Nothing" is the 
> correct action. Basically, every Sec Area protocol probably needs to be 
> on that page under either "Action Needed" or "Action Not Needed". Since 
> I suggested it, I guess I just volunteered to put in a PR starting that 
> table. Barring $distraction, I'll try and get something tonight.
>  >
>  > ---
>  > Mike Ounsworth
>  >
>  > -----Original Message-----
>  > From: Pqc <pqc-bounces@ietf.org> On Behalf Of Sofía Celi
>  > Sent: Monday, February 27, 2023 9:47 AM
>  > To: pqc@ietf.org
>  > Subject: [EXTERNAL] [Pqc] Mapping the state of PQC and IETF
>  >
>  > WARNING: This email originated outside of Entrust.
>  > DO NOT CLICK links or attachments unless you trust the sender and 
> know the content is safe.
>  >
>  > ______________________________________________________________________
>  > Dear, list,
>  >
>  > We have started work on mapping the state of PQC (if any draft or RFC
>  > exists) in the different IETF protocols/WG and IRTF groups:
>  > 
> https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$ <https://urldefense.com/v3/__https://github.com/ietf-wg-pquip/state-of-protocols-and-pqc__;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5nc3Q4sNLmPx61zSs$> to keep track of where everything is at. Feel free to contribute by sending a PR. We hope this list is useful to many.
>  >
>  > Thank you,
>  >
>  > Sofía and Paul
>  >
>  > --
>  > Sofía Celi
>  > @claucece
>  > Cryptographic research and implementation at many places, specially 
> Brave.
>  > Chair of hprc at IRTF and anti-fraud at W3C.
>  > Reach me out at: cherenkov@riseup.net
>  > Website:
>  > 
> https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ 
> <https://urldefense.com/v3/__https://sofiaceli.com/__;!!FJ-Y8qCqXTj2!aJ>
>  > OUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCmcAqqjMkCcu9ThT9UN5n
>  > c3Q4sNLmg_1qK50$ 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6
>  >
>  > --
>  > Pqc mailing list
>  > Pqc@ietf.org
>  > 
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_ 
> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/pqc_>
>  > _;!!FJ-Y8qCqXTj2!aJOUSAk6uCUWekoeQOJ2UzMiGwLV2jwgJF9cfNHTloERjfqjU5rCm
>  > cAqqjMkCcu9ThT9UN5nc3Q4sNLm2Xw6TiA$
>  > Any email and files/attachments transmitted with it are confidential 
> and are intended solely for the use of the individual or entity to whom 
> they are addressed. If this message has been sent to you in error, you 
> must not copy, distribute or disclose of the information it contains. 
> Please notify Entrust immediately and delete the message from your system.
> 
> --
> Pqc mailing list
> Pqc@ietf.org
> https://www.ietf.org/mailman/listinfo/pqc 
> <https://www.ietf.org/mailman/listinfo/pqc>
> 

-- 
Sofía Celi
@claucece
Cryptographic research and implementation at many places, specially Brave.
Chair of hprc at IRTF and anti-fraud at W3C.
Reach me out at: cherenkov@riseup.net
Website: https://sofiaceli.com/
3D0B D6E9 4D51 FBC2 CEF7  F004 C835 5EB9 42BF A1D6

v2.23.0 | Report a Bug | By Email