Re: [saag] About the "Draft text for a PQ Maintenance WG"

Hi Roman,

Yes, the “tentative” CURDLE text is IMO more reasoned.

Thanks,

                Yaron

From: Roman Danyliw <rdd@cert.org>
Date: Thursday, August 5, 2021 at 22:31
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Ludovic Perret <ludovic.perret@cryptonext-security.com>, "saag@ietf.org" <saag@ietf.org>
Subject: RE: [saag] About the "Draft text for a PQ Maintenance WG"

Hi Yaron!

Thanks for the feedback.  More inline …

From: saag <saag-bounces@ietf.org> On Behalf Of Yaron Sheffer
Sent: Thursday, July 29, 2021 4:51 PM
To: Ludovic Perret <ludovic.perret@cryptonext-security.com>; saag@ietf.org
Subject: Re: [saag] About the "Draft text for a PQ Maintenance WG"

I support Ludovic’s second point. Also:

[Roman] Agreed. Fixed and further discussed in response to him/

* "Maintenance" is not a great name, because of course we're not doing any maintenance on PQ algorithms/protocols. Maybe "PQ Ops"?

[Roman] No question that we need a good WG name.  The maintenance was targeted at the IETF protocols, not PQ algorithms/protocols, as the primary output of the WG was to updated specifications of existing protocols.

The charter only uses “maintenance” is one place:

“The [Planned WG Name] working group ([Planned WG Acronym]) is chartered as a maintenance WG to analyze; and adapt or update IETF protocols, registries, and associated code points with PQ cryptographic mechanism.”

The intent still stands with s/maintenance WG/WG/ so I’ll remove that word and we can ruminate further on the WG name.

* "And the WG may propose deprecation of such algorithms" - can be read as "the WG will deprecate algorithms" which IMO should be left to the per-protocol working groups. Even where such WGs do not exist, it is *still* not a good idea for this WG to deprecate algorithms in specific protocols since it doesn't have the operational experience required to do that.

[Roman] I can see the risk you are highlighting.  That sentiment is borrowed from the CURDLE charter (https://datatracker.ietf.org/doc/charter-ietf-curdle/) which gave itself the same latitude when updating those documents for EC.  Would you feel more comfortable with more tentative text similar to CURDLE?

The CURDLE working group will be handling changes to protocols and registries

some of which include what are now considered outdated algorithm options, and

may propose deprecation of such algorithms. Such deprecation needs to be done

with care, ensuring that interoperability and the needs of existing

implementers and deployments are properly considered. Where deprecation is

practical, the working group is encouraged to deprecate.

Regards,

Roman

Thanks,

                Yaron

From: saag <saag-bounces@ietf.org> on behalf of Ludovic Perret <ludovic.perret@cryptonext-security.com>
Reply-To: Ludovic Perret <ludovic.perret@cryptonext-security.com>
Date: Wednesday, July 28, 2021 at 23:03
To: "saag@ietf.org" <saag@ietf.org>
Subject: [saag] About the "Draft text for a PQ Maintenance WG"

Dear,  

Following the meeting of yesterday and the discussion on post-quantum, I have few comments on the  draft text for a PQ Maintenance WG :  

https://datatracker.ietf.org/meeting/111/materials/slides-111-saag-companion-to-how-should-the-ietf-approach-pq-security-draft-pq-maintenance-charter-00

·          [Post Quantum work collaborators] --> what is exactly the semantic behind that ? Do you expect a commitment from pq people ?  

·         The [Planned WG Acronym] WG will not define new PQ algorithms and methods --> What do you mean by method ?  

·         I would suggest "The [Planned WG Acronym] WG will rely on future NIST or international pq  standards" 

Best Regards, 

Ludovic Perret, 

CPO, co-founder, CryptoNext Security

https://cryptonext-security.com/

_______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag 