Re: [Pqc] [Ext] Listing pointers to not-yet-standardized PQC algorithms

[Russ Housley <housley@vigilsec.com>]

> On May 15, 2023, at 2:53 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> On May 15, 2023, at 11:30 AM, D. J. Bernstein <djb@cr.yp.to> wrote:
>> 
>>>> Also, to clarify, are you saying it was out of PQUIP's scope for the UK
>>>> NCSC to write "I think we should focus on the NIST algorithms"?
>>> People can choose what to focus their time and energy on within the WG
>>> on things that are in scope.
>> 
>> Please clarify. If making "any choices of PQ algorithms" is supposed to
>> be out of scope then how can "focus on the NIST algorithms" be in scope?
> 
> I'll respond as one of the co-chairs. Anyone can contribute opinions to the list. If the ensuing discussion goes far afield from the charter, then it is the chair's responsibility to try to gently rein it back in.
> 
> There is a large difference between the WG making choices for other WGs and us discussing how the other WGs make their choices. That was part of my motivation for starting this thread. If one WG wants to wait for NIST to standardize its first KEM before standardizing that WG's protocol, and another WG wants to wait for NIST to standardize additional KEMs because that WG knows now that it won't like the first KEM (even though that means delaying and thus more traffic will be captured), and yet another WG wants to standardize a non-NIST KEM for some reason (which might make finishing the protocol go faster or slower): all of that is reasonable to discuss in the PQUIP charter. In particular, discussing how delaying standardization affects the amount of traffic captured is in scope.

The LAMPS WG charter sets the scope of PQ algorithms that can be considered.  They need to be NIST-approved or GFRG-approved. I hope we can have the same criteria across the IETF.

Russ