IETF Logo Mail Archive

[saag] Follow-up to IETF 111 discussion on PQC agility

Roman Danyliw <rdd@cert.org> Wed, 20 October 2021 20:26 UTC

Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 735533A0FD9 for <saag@ietfa.amsl.com>; Wed, 20 Oct 2021 13:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJVcnD1LUwsR for <saag@ietfa.amsl.com>; Wed, 20 Oct 2021 13:26:18 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0110.outbound.protection.office365.us [23.103.208.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 656FD3A0FD3 for <saag@ietf.org>; Wed, 20 Oct 2021 13:26:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=IeYaI3T08ec9+cgQ72iaBbvteK+HCc9vUYoYNrDe6ckCTzxWzlyLi3qarHy9gVcQJfxkDriEEtITgDqmXLchN2pGh7mdqIgI7vuSbbCjfqwFYOXQys3e5poCgyMlrq/ImogcrZI+WNhklNH8XpGPeOO+nA9/XuyTivQmRgqSMtJeuv7tubU+qQ72eywgTRi6hgRuxrN1/GLj1wNtOiW2fNXQ31nf/8Y+yLdz7TBTo5KtHpHcQ4P6yWYkLMX63UpFxQYy3NMjgOmnFhqUdo1WZ40iW+8G2spplrcdGLaIevAT10GL0+aUUvHVl7saQ/bmjxxhv79+j3dlWjIF//wnuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CE3Cv7Nn7lfq9NEGGGyHyKK0a02m6PXyydWa5dOepVU=; b=EtsbtxPSlnVxJwZrslQ2s9rcJZm5HkGlx5Fc/8BU/vm5goD0W6hrR2DYYjC0luEmRq4uFooXtTVMDMFE5pAGSbdPPgoGLC7GTDCJvDhXCwD4OfEEeoxauSKiVu58kNBP2PtRdvGenjRL9UcneFF1XQ8U2dv8/B2ctod+a6y5rv35oAuMZqw5xcm//Tl1MGTensVwmTE6ZIa6BZo5t89nzD8JiYTLEQA9RdEXRSAgQoAX1DH03l/DyXIUWNOgLh/EedeKUQcwCmBBfvlpqQINHKJbtdvVmuajgRjUf2MOW/2KAKwBDzHhWcGA3+NqZSphvrC4ZxbBpXbLRCg/gJmtnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CE3Cv7Nn7lfq9NEGGGyHyKK0a02m6PXyydWa5dOepVU=; b=eEK8ybG1bvicIc/r38ZqYzPiFyOuy33XbnOxa5yCXbFcf8eeYz8Z7dRq+JTCvZVVwDkei6dheguV7sXOJ0iuOvfFHjs33aJ+B2uc8lBKLHWWhrQry3UEbYRbMC+M1GEXmSfx50dUJRBrNgg17G92Mk/AP5a1zgCMgTMFW5u6M0Y=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0707.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Wed, 20 Oct 2021 20:26:07 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4608.018; Wed, 20 Oct 2021 20:26:07 +0000
From: Roman Danyliw <rdd@cert.org>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: Follow-up to IETF 111 discussion on PQC agility
Thread-Index: AdfF22xsCTUa/STJRlOWaHNtcH7tSA==
Date: Wed, 20 Oct 2021 20:26:06 +0000
Message-ID: <BN1P110MB0939B4BB660DFCDBB598B44EDCBE9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6468c0ee-fa7a-4a49-04b1-08d99407d8af
x-ms-traffictypediagnostic: BN1P110MB0707:
x-microsoft-antispam-prvs: <BN1P110MB0707493C2B20C0909A636709DCBE9@BN1P110MB0707.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /Nu4X06yIBXYwbNzv9UzpiM1bstaru6SAgWjNuqnYdXt+hcH2j2wFp06q/wEUpFyb1DGLwmi1XT5ZWeo4ifHbwdkJn8F3uqqmyRWsbKLm64tb3z1mjSYGJBJPX7YSihRY6QNRRzjzZT4SvVnMcZaQlQoPC0jM+7wWRYlcx8jqqlYjQjKTBTdk67nu+2o4LFPKOsJWxIotI5PhmAnkteZZjzK3kg4hIAC5IjEn1IJRhC7nOkbVuXicMsaZAsdAu/G/mcAc8h+XtP1nYBVNMiLthEsAivmcFkapwuEryIaseEkZoWRl52vi+6H44X52f9Abs5RxXeKsyyf6ihVw2SKXNreVei4BC0hZVuNNg2yTRaHjtlQddEOa0qGfG/h7n+jG1rBvZ0PbKKvf/5vcmmQ91wfxW+z/8g/H6I0D/tiKYimSycP87sIgSLS8L/MqGL62blJM+xcDBM5bcoLZzwXAmZT1B3K10yjul9mrhwduV6LwRFGqE55DKtbkh6rWINPfCkus3DR6TLx8sind2k2ZpEGyoMbNCDtKf2d6kIR75v2V8Ddk7stOZmUHurYKr6v4vrrn1vEU7EEisl2lHkfqNmVHqJnReqmwhoX6MMbzBbBCLac5eVPD0T+3GNDqIiJFPLJ4gMHJ/btBLEUzjDAvaBOD9BMmMVkmtXsXJrJYdxPwVtPeCCHDLVDyj/esio9GH+Ri2y7gKl5SNtv/u8g9w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(8676002)(9686003)(122000001)(33656002)(82960400001)(8936002)(64756008)(38100700002)(66556008)(52536014)(7696005)(966005)(498600001)(5660300002)(66446008)(26005)(2906002)(71200400001)(66476007)(76116006)(38070700005)(66946007)(83380400001)(55016002)(6916009)(186003)(6506007)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: v/RYwyb1yVb5N5CBu8CCaqRNKMkchet6QoR36vY9mN0hbM+BsKVDuwf7ndNwufgGEBKpOvlkV1peATGf0NNAmzIu3Xf4mvKOiucG4DRofiGILG7OeXyK+hiwXn0CFF/ZQtvNLdu2fZdp4vpyxxKfld+rjXhGT6/QC4JA2WYYyu+ybsqgrnET4wH3VUY+nOKMlxxjFy3DjFAkUCvSrIBofC7rbjDy0dmVmQeor22Lzb3uLP0dek1GvKO8aEBB12hmzz7ps5W/fXl7Ockhvu2aZT8/y63b+iErdqNp5THJsMZBtC3Cynwl55CRYFMX8093i9gjERVf6+Wvnursv6ho8XvyoYO1sP0/Xt8zzChUYGN1PyPHvtPDKs5WGAy85h5AdaHvlSrbLs74kTMoZ3MtB1iUfm8fIWh8b5yMkXWUyx44VTtvVtvvxEwBjTgb4oY9LAHsoQHvhhJrI7CBHhwyWZAu3nB3EBSw6fFljS15Ox+fLZLmr8syap8AV7f2bYRI2g0ReOwkfe7vfu3s6+6iMqEZoaA41/LSwJwbZ7aONolCKU2g/KG0PCMstb5X6QTDuyAfRonP4l3ObagOMXjGL15dZ5HrRIXNcQfc9n0+1cGIFtrT1a1hihYmiEmJLlvleHmFHkx/5s36LuTdFAT7EX3FDKsp6BM+Ax19nCrrvhimD64eSFFUzBLNYaqIAbcVrO+1uyE5wbkNrgkbmg2uh9xwHeUdDdRvJhnPOjBk8iY=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6468c0ee-fa7a-4a49-04b1-08d99407d8af
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2021 20:26:06.9736 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0707
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c>
Subject: [saag] Follow-up to IETF 111 discussion on PQC agility
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 20:26:24 -0000

Hi!

At the past SAAG meeting at IETF 111, we had a discussion on approaches for ensuring post-quantum cryptography (PQC) agility in IETF work [1].  The mic-line and jabber generated a robust discussion about PQC and generic priorities, but didn't get to discussing specific actions.  Also introduced during that SAAG meeting was a draft "CURDLE-style" (i.e., a scope like the CURDLE WG [2]) charter for PQC agility [3].  This charter defined an approach to fill the gap of adapting or updating IETF protocols, registries, and associated code points, for which no other WG exists, with PQ cryptographic mechanisms.  Left for discussion was which specific work and partners should be considered.

Since the IETF 111, we've had some mailing list discussion [4] on refining a proposed approach via [3] and are beginning to define what work might be a candidate for needing PQC agility but doesn't have a natural, existing WG.  More feedback would be helpful on:

(a) Should we be considering an alternative to this kind of "last resort"/"CURDLE-style" WG?

(b) Per the template field "[Post Quantum work collaborators]" in [3], who should be our partners for PQC guidance?  Current suggestions are US NIST and IRTF CFRG.

(c) Per the template field "[Protocols requiring attention without an active WG]" in [3], which work should be considered?  Current suggestions are secure shell (SSH).  Previous protocols considered during CURDLE were JOSE, DNSSEC, XML Digital Signatures and XML Encryption.

Regards,
Roman and Ben

[1] https://datatracker.ietf.org/meeting/111/materials/slides-111-saag-how-should-the-ietf-approach-post-quantum-security-02
[2] https://datatracker.ietf.org/wg/curdle/about/
[3] https://github.com/rdanyliw/ietf-pq-maintenance/blob/main/pqm-charter.md
[4] https://mailarchive.ietf.org/arch/msg/saag/oHqit0O7N7uhucuDAMwWgRPWqIc/

v2.30.2 | Report a Bug | By Email | System Status