Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?
"Markku-Juhani O. Saarinen" <mjos@pqshield.com> Fri, 17 January 2020 23:05 UTC
Return-Path: <mjos@pqshield.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1C3212008A for <secdispatch@ietfa.amsl.com>; Fri, 17 Jan 2020 15:05:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pqshield-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zCWKrChr3T1 for <secdispatch@ietfa.amsl.com>; Fri, 17 Jan 2020 15:05:05 -0800 (PST)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CD82120086 for <secdispatch@ietf.org>; Fri, 17 Jan 2020 15:05:05 -0800 (PST)
Received: by mail-qk1-x734.google.com with SMTP id d71so24421726qkc.0 for <secdispatch@ietf.org>; Fri, 17 Jan 2020 15:05:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pqshield-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Mdf3VKOKJNm/qDfbbvOTU8Y0pwhp0Zc19Vj8g4Esek=; b=kbbRhk5GRmrRnxOL7+GoYGDBenmNaLOixgOF2mlXSVIY4dkE05gT9u4cgSKEnGZsyG uCDiVV7Fok88dK9tuFXBCgOXquudH1+G0yMj1M5uOVFFrqfUs8XF7d4RimK0FLosaneu YU9l8tbCpACvn/8b46kBG9+IQmGKvylfW4O16/XnY+r8pkdBRu4PQgOW31BU97QFOgUp SaEovZVpEb/NK0WiXdgYiwJ1EAPJOuNeW/74a/k3RtGP38H0904sLQ9AjptnJOGqqFzp XPTbvADNmxNocCfs6mgsXonIxli/1bbNPxlUAenUrw//uS+bj7XJeJiEYCTTQB6WJlYP KvDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Mdf3VKOKJNm/qDfbbvOTU8Y0pwhp0Zc19Vj8g4Esek=; b=hFPSTKBbDggg/mMJM8HRxIkNehhxSCP/5fzyUWskaGEl+zgjnbYOO3OwFPD7GKK61j b6AYXsA9P3CLVAXlSLpaSFkU+MV7EwvHrlaWJ7gnkX07Yu8Cek2viMs/Co0Z6XIORaJD fz2xJgH3R1nHk8ySSdvbp4Ixe7mW272UAD0yfBIUMXy8yVsWscL9+2p2C+Eq65HlBSCg obWF2sRTmdBtn5IKVL1N5nc834Nnpb716xk8WKeZEL2FrcA464Mdu1d8rPFl3NweIlWC ZusldrD7Mmg6EmBGtyO5ON3TyFM7yHvxh9AkjQ1kPTpXiunHDawP16J3n9nAI4/QyXJj 7ayQ==
X-Gm-Message-State: APjAAAVGcvycGjktxModXDs4gjKdHtFfBYk8OJGiMMi7sx9XZ45VL7oZ 1022mgL77ugJkxg6JxxbOgJalpOHKyHlIBBYotexPA==
X-Google-Smtp-Source: APXvYqxR4bay+qWfGnxjkWvAuLEm0vuVdk3R9Lg8u+urTaCd4p0owZqkEORgRReXO3iHoRWtqyGQT/Q0mehVXSljCP4=
X-Received: by 2002:a37:f514:: with SMTP id l20mr39564152qkk.421.1579302304218; Fri, 17 Jan 2020 15:05:04 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR11MB388377406A1AAEDCA397749C9B360@DM6PR11MB3883.namprd11.prod.outlook.com> <70b221bb-bc39-52cc-f9e0-a84261afe473@cs.tcd.ie> <09B0CA53-BAAF-4139-8179-2A70ADE58632@isara.com> <c0f620d7-4e22-18a5-c168-f66b737cae86@cs.tcd.ie> <CAPwdP4PG3i5-_BuVMdH0iMcJCT40xejoM=J3dH=pPO61T-F4Aw@mail.gmail.com> <3f9de00e-85ad-48ed-ba97-e1b5418e3867@cs.tcd.ie> <BYAPR11MB3478E8F964A34EDD232CFB03EE310@BYAPR11MB3478.namprd11.prod.outlook.com> <052d3ee0-41ae-c4f4-7013-6286942c468a@cs.tcd.ie> <DM6PR11MB3883DB8289E4EE1CDEFE7BA89B310@DM6PR11MB3883.namprd11.prod.outlook.com> <58549908-d472-20f7-6026-52adb088a62d@cs.tcd.ie>
In-Reply-To: <58549908-d472-20f7-6026-52adb088a62d@cs.tcd.ie>
From: "Markku-Juhani O. Saarinen" <mjos@pqshield.com>
Date: Fri, 17 Jan 2020 23:04:53 +0000
Message-ID: <CAPwdP4P8XLM23uMY3kMCxsM0SGNVcSoTiNbsJnK4=fg_vmzFwQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>, John Gray <John.Gray@entrustdatacard.com>, IETF SecDispatch <secdispatch@ietf.org>, Daniel Van Geest <Daniel.VanGeest@isara.com>
Content-Type: multipart/alternative; boundary="000000000000d615d8059c5df880"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/2KsX7JMjIUusF38OStbA-HUIRWo>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 23:05:07 -0000
On Fri, Jan 17, 2020 at 10:21 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 17/01/2020 22:17, Mike Ounsworth wrote: > > You keep mentioning parameter sets and "what if they change?". I > > really don't see why that's relevant. > > Running code. Introduction of new failure modes in already- > notoriously brittle code. It may be easy to write the ASN.1 > module, but that's only a tiny bit of the work and (from > experience) easy to get wrong in the absence of real code. Most people here know that we've had running code for "hybrid/composite certificates" for years, e.g. an open one via OQS ( you go and play with those certs at https://github.com/open-quantum-safe/openssl/tree/OQS-OpenSSL_1_1_1-stable ) and a proprietary ones via Isara and DigiCert. The problem is not that there is no running code, the problem is that there is too much running code and it does not talk to each other due to lack of IETF-supported standardization. Anyway, as Mike noted, we'll just do the spec, interop with industry partners and go from there. Cheers, - markku Dr. Markku-Juhani O. Saarinen <mjos@pqshield.com> PQShield, Oxford UK.
- [Secdispatch] Can Composite sigs move back to LAM… Mike Ounsworth
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] Can Composite sigs move back to… Markku-Juhani O. Saarinen
- Re: [Secdispatch] Can Composite sigs move back to… Daniel Van Geest
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] Can Composite sigs move back to… Markku-Juhani O. Saarinen
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Mike Ounsworth
- Re: [Secdispatch] Can Composite sigs move back to… Carrick Bartle
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… John Gray
- Re: [Secdispatch] Can Composite sigs move back to… Valery Smyslov
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Benjamin Kaduk