Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI

John Mattsson <john.mattsson@ericsson.com> Thu, 28 November 2019 10:41 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E306C120143 for <secdispatch@ietfa.amsl.com>; Thu, 28 Nov 2019 02:41:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjpbXpSSr5oK for <secdispatch@ietfa.amsl.com>; Thu, 28 Nov 2019 02:41:44 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30054.outbound.protection.outlook.com [40.107.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85FE1120132 for <secdispatch@ietf.org>; Thu, 28 Nov 2019 02:41:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HY5A8pAF7ib7fH3yX2niKC5DFesPghQiEQ0jy7TfMV+VIexElxERR5M9SYYcSQ2Lpn9VnMOGSw9hIpCC9As/GadAGnbKEVwC3KP46NovsHdBsZC0dqaLu759RPyRxL5DZnxuO2vGbiOKllvAEQgrERTwABNiK9HoJczZpeiGuglLAQoxKRBodQdNp43oT0JCc33seYEx+WLr3eiMD9ohMUAo4oa2fEXEtQms983UQegt72JEBTzGF65mxxvMaKjrwmOQ1kwWEF5At0zfyUSvVIWTQoAAG93sOZ//0JulV+mRhLtukaQBbpwU6L2q7eqYLPZPdsIefjR23dP07XtIog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8+G0RIgkZyyyGUWm6X7zDhlBtz9/wefV7y1+cfTHzOU=; b=cCDSp5a9YX8f+A0e83mF8/b1vvWSOW9iVTf70rtXOJjKvxsU7l9vkDjvH4pDy1z+8x7tjFrKQigDnYoTfiAbw0pheaNrc4Nd4/YjxzAmaW5uhHvkR4W4a9EA9HRcKEMmtgphfa4nO3FlC32/ogArPp4QnEtRrts9Gx50y2v7H2vZXci1u1XaqSufBpZBVzs4m/h7MB7qBvaLoM3JUFoGI+V4IJ1V80J67PVXSCLH685wekzQanrvFkyLW2PA9jMiryUmlAgorySRy7e1QPB0VvUHXBJdEbXpB1tfsjvKy+7rc5mqenAHnStgDPerG+RaagvnplACA19hd0vEXIzBVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8+G0RIgkZyyyGUWm6X7zDhlBtz9/wefV7y1+cfTHzOU=; b=D+CDU/LCDqB5W03/YNU5yqNz410RmX4iTW5fh/3iwb+gM6fUV+wqk3k6aTg/gj1oLHoJhZTlW1eJ1sD63OX0UDYFMDSwgEx/svODIHDej8P3wZr7DRMhn07OCxtuIWf28pV3J39r86F2JHE9l8W3/sV7MhVUQmZVZGZcg5KsxEQ=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3258.eurprd07.prod.outlook.com (10.170.244.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.10; Thu, 28 Nov 2019 10:41:42 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::21e5:eaae:99ed:41ac]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::21e5:eaae:99ed:41ac%3]) with mapi id 15.20.2495.014; Thu, 28 Nov 2019 10:41:42 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AQHVpdhsu+5j4N8dSke7OXT+fIJOeA==
Date: Thu, 28 Nov 2019 10:41:42 +0000
Message-ID: <FA8A119E-B234-41F5-A55B-989B54668C3C@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [192.176.1.97]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 322d68e2-8b9d-4118-6534-08d773ef8eb4
x-ms-traffictypediagnostic: HE1PR07MB3258:
x-microsoft-antispam-prvs: <HE1PR07MB3258F7A79FA5316493175D2689470@HE1PR07MB3258.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0235CBE7D0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(376002)(366004)(346002)(396003)(199004)(189003)(5660300002)(6436002)(86362001)(8936002)(81166006)(8676002)(966005)(33656002)(1730700003)(36756003)(2351001)(229853002)(81156014)(6486002)(6246003)(71200400001)(71190400001)(6512007)(6306002)(5640700003)(478600001)(14454004)(6116002)(66066001)(3846002)(186003)(2906002)(316002)(6506007)(58126008)(102836004)(7736002)(26005)(66476007)(99286004)(66556008)(305945005)(44832011)(6916009)(2616005)(76116006)(25786009)(256004)(66446008)(64756008)(66946007)(2501003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3258; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ha8VGt46eNUykxaK3NITefDGTd4VwzdGym/5tkGOuHeo+0sOl+NYZwy1vkfK8kFWoXiqBoMybdEDZl7fCrwXWVKnk2xQlNGWqq7eUmP3igFz+SgZHME1FSHkXDFGGyAN6Aj7FtbHmIhs5nWhMU2rf7Jk+Is8E6l9/byZsL6gibnebtcO8QOBYJqNpBGtu5715kYaIKeBt08kzycTKDdjFlzdLzz2cGntbu5KmPRVnJR4jSGlbYOmLN4wr43sLxtijUQ81sQiASPCypEJpEaavHlrhlVZYZ09cDmY2MVpDQvQHxQcJYs46Kkt0dDBicE2VQnjpGuTpcBSrE9ITnTQ98A038O2EPnRkF6Tdk9i9h+DR/B1IfSvcu7uXdF/0X0ciJSpZEpU0U39owuG9KVYqrdLV9X2DdVKa81iArstOVZcf4zNJuDe8eGtTBCt+Jt31Z1HDHiC7UBhuUXcw5Cp6hi26sfslGry5xg631cIB1U=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <330A3144B68FC44D92450CB44CC24562@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 322d68e2-8b9d-4118-6534-08d773ef8eb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Nov 2019 10:41:42.3050 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lH+VrTwS3KtwDvqk6/9GY8/hx/JvUQsiJ7DW5wDLMWakZzmrs+2/KTexURQCsSbjmmIre2NEJagQJEIkCsNo8j6CcwGzv3mZl5Q/6AcUAK4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3258
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/4An5SbVB1cu_RvuaEn1YK_wZuls>
Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 10:41:47 -0000

Hi,

There are now two very different use cases of the word 'hybrid' being discussed in IRTF/IETF. 

Combination of KEM + DEM:

https://tools.ietf.org/html/draft-irtf-cfrg-hpke

Combination of multiple algorithms of the same type (KEM or Signature)

https://tools.ietf.org/html/draft-tjhai-ipsecme-hybrid-qske-ikev2
https://tools.ietf.org/html/draft-stebila-tls-hybrid-design
https://tools.ietf.org/html/draft-campagna-tls-bike-sike-hybrid
https://tools.ietf.org/html/draft-pq-pkix-problem-statement
https://tools.ietf.org/html/draft-truskovsky-lamps-pq-hybrid-x509
https://tools.ietf.org/html/draft-ounsworth-pq-composite-sigs

I would suggest that IRTF/IETF do not use the word 'hybrid' for both of these different meanings. Given that 'hybrid' is quite established for the combination of KEM + DEM

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

and the use of 'hybrid' for PQC is quite new and not yet that established, I would suggest that IRTF/IETF use 'hybrid' for KEM + DEM and agree on another term for the PQC use cases. 'multiple-algorithms' and 'composite' has been mentioned in documents and discussions. I would be fine with both of these. 'Multiple encryption' seem to be the most common term for encrypting with several algorithms.

https://en.wikipedia.org/wiki/Multiple_encryption

Cheers,
John