IETF Logo Mail Archive

[Secdispatch] Re: proposal to try for a PQ guidance BCP

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 18 October 2025 23:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdispatch@mail2.ietf.org
Delivered-To: secdispatch@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8742376B79A9 for <secdispatch@mail2.ietf.org>; Sat, 18 Oct 2025 16:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3PeEBzEAnMs5 for <secdispatch@mail2.ietf.org>; Sat, 18 Oct 2025 16:43:45 -0700 (PDT)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11020110.outbound.protection.outlook.com [52.101.69.110]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3A04A76B799D for <secdispatch@ietf.org>; Sat, 18 Oct 2025 16:43:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Y+Gj42s5VGD8+xefgKyUaimbGehXwssr7qFVCv2oYCBLZRa3zys90p3T5eqxoRFP1TfSmE8ISrQEqc79wdtiSAuu5KCmNJF9KefdWEvL13sqppT6/6m0y2pxy9WOUVNnarHlzQGGaOFmzfz6xRidoXA8G2jSyEklGqR/jFh61uys/AjoZJpmUqtg3a3uZJ3mdThIf0/CksfrzJt3+A3ZMVrcYTsya0ZjFvFD16Vy1Ii+zOExRYW4o4JlZI8w/lJUVPbqDxAC23jfTVW6ZvT8qRRwOrMj88VLZIWPhwEQdU+JjwfiP70dTUYeydaYs4L5/O/OjoF7gz8RbqVDtCQxpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FR++MA8Hsns2hCWpXNV74VClgBA49d1RoKk6k2/T80E=; b=TWdhyM2IoNQsXTvQytXItMTtaU7GgcNAg5pZjvdnc+nNWizcWA2XZ8qMiDvgFnwrPObJ7QxOamtoDDFDghITudZqtJCGEKdD3ed85jDqsih47aA1fPVBSGFY5xJHxG1D/lFPS90cvqihXek5HzWOIxfYR4w0r3IrMIrwIEP+/DdLt0VO5ZTcEVAt9hJe8qdmYIk6QczpkII2Ex2ZjaPfFCQgZhpq2Zlpfn3cApgdi9aLPlzF8UAhVjkjDd3WLckoXyxrDnpmxr+jON2ZtD5xdUOyBJLbxjp5bnnZupN8vo3jClck4qyxCf0UTs4UcnojmBohKdP55LAdGXv6XnkTXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FR++MA8Hsns2hCWpXNV74VClgBA49d1RoKk6k2/T80E=; b=phb4xYyhWGLpd5EHL8tdTvqzhcHDuLIIB1yh1q5o/ftzZDcSOTt0dN0u26+0V0nZuRWBiLCNL7j/EqNxY7BgI0pQ+04H4MRwuQHDb54TzFF9xXCkEsPryc9MPDhc62ZV4s9VPsd3fDneAsY8zAqCFopGSORhzHiwDEVXfN3HueXkjOp3rSYrKRWqb6kzUkgf/nnHBMamahHLdbuKmcZ345TF+WBIYQihAnDDnU5xil5r99BEgEoj5Cxqf2nWXRC3/vjusJEOks1ZCuO3jO3+U/RwVQ3zemJv/mR+zd+ARVa7E3jdEFvragkJxTMIQDCuL3sZkFykDLn7xGcGxDGjUw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19) by PA1PR02MB11212.eurprd02.prod.outlook.com (2603:10a6:102:4f0::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9228.10; Sat, 18 Oct 2025 23:43:35 +0000
Received: from PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::d308:cb8d:9d3d:31b1]) by PA3PR02MB11163.eurprd02.prod.outlook.com ([fe80::d308:cb8d:9d3d:31b1%5]) with mapi id 15.20.9228.014; Sat, 18 Oct 2025 23:43:35 +0000
Message-ID: <a81393ec-febf-42a3-92f6-b6ead1448853@cs.tcd.ie>
Date: Sun, 19 Oct 2025 00:43:33 +0100
User-Agent: Mozilla Thunderbird
To: Eric Rescorla <ekr@rtfm.com>
References: <d00253c6-046f-4ed5-83b3-0b64bf53c88c@cs.tcd.ie> <GVXPR07MB967896588258B10AA3F878A489F7A@GVXPR07MB9678.eurprd07.prod.outlook.com> <8ed55977-f17b-4149-810c-82983a10f4ae@cs.tcd.ie> <CABcZeBPzRd--N+TCHP4ZiDkfc9Q-6q1xwz3PATn+NsHEtvMo7A@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CABcZeBPzRd--N+TCHP4ZiDkfc9Q-6q1xwz3PATn+NsHEtvMo7A@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------dm3U9MXXVpa4xTeVD3pSgFgV"
X-ClientProxiedBy: DU2PR04CA0164.eurprd04.prod.outlook.com (2603:10a6:10:2b0::19) To PA3PR02MB11163.eurprd02.prod.outlook.com (2603:10a6:102:4b4::19)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PA3PR02MB11163:EE_|PA1PR02MB11212:EE_
X-MS-Office365-Filtering-Correlation-Id: 6b32f610-adfc-4b68-7cf2-08de0ea0273b
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|10070799003|1800799024|366016|19092799006|3613699012;
X-Microsoft-Antispam-Message-Info: kfZLuFcsuuzNnHZvl0R4oViZbCsAtMZmzk4TwwZ1q2S/142f8MgfNnXAbWAfx1KwLA9pm31CY29uJ8w3pMHyUJtKKU1OveAIXccVyoyTzj2AfJI4WcXpekXbQgBTZCGGECPJ19u7CeL0ZP1xmEWSDU+hvEwEYvq4uhk4YWPQLE7nlCfE5NrYHhdrJ/UO7eGDawjMD0p5a2Soa10XOJ/0jcbJ9DFlV+K1ai4da+mmvIkQJhmbroENeYCYQCW6MzZ1CryIZVmRJEHeEqMDZZuxZAYml7sOLn6gT5on7xlETS+0RO0Qo2kBe6DQu93jJuZzGppZfStyTdcrFQIVQjxCU98MsDi3J+y1SGDKsuz6RuzoAzBxGOAbiP4FRBSTaPT3iGV5c2UgLvQja1R0AEnTIh+T7SIr52W/XUvFbuoQe7Z0L+juH0CsCVpOJ7cn57q7hJ81zZ0OSWdPl0mlJecIw7rcaeZXLOiqr8QiZxfPo9d9xbht8ylNxm99bDqlRalwh6xvHt5NVF7HhMU7FXK1gFXYlUTE+deLzZTV4+o8vOBFXwtct5jxIMIg1ZUFY9qRMqnzjh8wyRwRHtXtFKs+VUH18FVu3cJM4z1AOvJ391VOh9tdgc3AuOeQ8s1pvo+TfhwX2LJqyt6/vALSw2naDvtGsFaYaFWm7PrJlvD8bOS05EUiCi3JYJLOosR6Nd04jk8sEN7+f5Rc2LMjx51BLuf+Xoivd4VFKUjxkwSJ/e+mpeLHkvzF1Scdwe+BOuqcldGbWLlVRWA5hZo+/GOVTbTh133JN/CiSIXlrpylNoqolaR2zTDpGJ5bdNnix1HDLZ8MMS1wR84vPixQe19S+mCVjz53XRYJLifuOMYFWuTXNPaLpOav+pAxxfE91M80D714EBdeSwZKLVTwLUIWUIOi6UjjyaLj6mk0jNrVNaa1+5HK+pt7ujMgK7Z0J+89r9kOnwVESE2zytd+WBTyeEYou2CjtMV3dZiNQyfjilQH+uZZCSrU276ITIfx2j4ox3hfUTMoBXmDz812Cn8y664bBtNKpkEF4lg2dizpXEF3lkSJebE+Uk0HU0w1tV5SirQhbEueItdWj5kZC8Zbz2BEjY2U558fOAJ4AX7p07xwORptaNCdxNbYm7oQcLoSgu0ewRv2ODqHqlfGKJ1xUElkiQKFB1QvuXFLySZoCVJt7LCxw+q+JGLUdr2PALW97TOZPas5O1bZ/lhOIkLB/aPtTfHv1RKrmqAetRDYMErTNz3/UKmZdXsI3braqqRart/RtYQBLTKp10cNpFRNE+UmI4emsio0VkG/BuyWdfGbruopfn6HlmujtT6E2gFjAnXzOY1kuqg1rnsGHA556v3PMstBrZA1Aa7z3B410arzJuS8IuNyWOctLvGmNpG7m2p093IVoMA2Dzdh8Xcq1i7NIzYicXBgPZQ6f66NYUUqrFVWLo7fopOEz/kDmducyVi8KglL58KpWiw/Q4tVlHWkPy4M1oiXhtn84F3VipSrhApI5aNd4R/RNC5S0LV7
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA3PR02MB11163.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(1800799024)(366016)(19092799006)(3613699012);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: HDXMAhymh50o+xDjlAjy84MpAOa+pNFT2UNKH9v6LDaahN2hLN+46nLAFRIC42iFYpauCpfkAGDstZPOoG/VCztha4ZILZjLR5ouQAKenrYPxkT4f8s86BJfRzEVMVghNwgQLkBu7J6uOCJFVa/Hxipm2VJWpV4LERfejcl7mfgiq7EWAASePakEJT2PZwyIfYCqrRPxfQ3Hde5hQV+vAPYGwfLYaQrZNroP7IYRLza2idW7zDIWH/KxloOEAXJm0PY0goAn0YIkv+CcE/BA39IZywxryYj4McuW07YfUIoaRAhRjgGRNm4hU0MA7eQELMFL+dzALw1M7sy+WYvdwepm3Dko0rkV2hoB1KvEGLbEAlmTs/y2yfXHiNeuZw8CSoxtSnTvRgB7mkcGx3yvMQi2+IXMlNSXfRodAXOFRjDZJp0n9eFHLp38oNkrsVLjb/aTftM5i7Hoomf2UQ5CedyGtKFOvnCIH5mg2XZk2tk0FYgHvBO12kOaM3UAL0Xvk0YTmNJNbrlSUaUQx+yu8gecjD0OK4jk/hiQXt9ezwVVdKGlGIlxi/4b+b2mHaAIhZirLgEJSAxLKwEEvHCVdPAl07/rk9tAzPx3z8TFVuj8xCN6bJfOkJAmu/c/6zKlmviyfXyaPOJg24TrkPP20wnpSi+GHdIznBMAhwX8YdYi2qhjWi7HZ4G2mmvzChQwBWztVfcHst+/XbZxdlrs2A1ZVxSbd2+hxsoIDEGDr+EyPUFOhfo069MIx4GS8lY0Bv7tN4hzOD69soFFmu2KpcpjpDYO0SSZZnQvQzkD53WhVhe6UE95GlZJRXsneQaW9xVTJBYrNcwMg4uELZ75XemBh90dwwhpUpj2Bhr+2b1x0aU39nKm02cp4k822ss5Li4wHHRY3IdonsdqavL5UkoP9JkEPAxaZY0NiUrLIagxZY/k+nWTLZNgyuefy3IFbpVwFxEbR1w/QX3+vGDCEs5nleiiU0Ied0CYAVQ62InVGN2TS3anSbcAyBLySmHcWuWhrrhlJT7MzGFh423MKo+Sja0IbkiHI3LlUZp2c6nXuEtP22pGBeimtNLqbhBcTu+UNKVBuBjEAOiOzVHo7Vulbo+ofqY4PwKT1hqE3c4NNIlJqrdV32YWCgp43DCutDu0Y3ewiS6neVeH9+kJinUdU1kbhf0OpCi7MyME68c2yfwEzOaVRWLw9a46MdMr0xQR+LIOmJTAnmcGFz/JaLU92mvGEPkIZMr6PM0sUjagEoqcXVJrELAO4B0aiCanylqkAs/8YgiUSwillVlBsmqD1xUxU+k93G30MUZJNp2pfYEbljt1PjpARcfMJ85d2rTI8Y1El9yXK9IIBGpStBzOZClAXbDVpyo1qpo8wfb2MnFr9LnpIn4hsgSsnmHaF35fD7ZK9IMK1Cy2GooAMm9Q6UcIBrC0T5SvMn1GAga+BLe2EDvENZFBj7EZt/LHhkBXVq3xDXFphDdfAzhKO81oPCQXqi4zmChiFbg+mInFPqEScIxtxgFMlLsxWySfeQOHaaZlZ1St3dh73JFlfW4/2h+1gnToZ4voOrWPzph4jH+mhtujFjevkk+/GWfkXgBmCEm0w/relKPRl7EFnpFMqmyn11C7iL7WPpup1Y3l0jI+sb9WLj41VhotsnIy
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 6b32f610-adfc-4b68-7cf2-08de0ea0273b
X-MS-Exchange-CrossTenant-AuthSource: PA3PR02MB11163.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Oct 2025 23:43:35.4219 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: FN9avD/U1udSwgwoN4bUxVzPBe6tI5XywYdWKKY6n+RgD1UYYTl8owxf8iVOiIZw
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR02MB11212
Message-ID-Hash: W7X6LLBE5H6IR3IBXLRWACRHGNFRNFV5
X-Message-ID-Hash: W7X6LLBE5H6IR3IBXLRWACRHGNFRNFV5
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Secdispatch] Re: proposal to try for a PQ guidance BCP
List-Id: Security Dispatch <secdispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/5FAca1kg8t6Kwv2Gitpm-Rl6i3U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Owner: <mailto:secdispatch-owner@ietf.org>
List-Post: <mailto:secdispatch@ietf.org>
List-Subscribe: <mailto:secdispatch-join@ietf.org>
List-Unsubscribe: <mailto:secdispatch-leave@ietf.org>

Hiya

On 18/10/2025 20:10, Eric Rescorla wrote:
> I think you have the burden of proof backwards here.

I don't understand how that legalistic concept applies tbh. But
whatever.
> Right now, we're letting WGs decide for themselves what to do, and
> you're advocating for some IETF-wide guidance. 

There is no inherent conflict between those two. I'm fine that WGs
do what they want, as they will anyway. I'm arguing for a BCP about
deployment not protocol development. I'd hope WGs would continue to
try do better and maybe eventually find some usable PQ-sig schemes.

In the meantime, I think we'd be helping the Internet if we tell
almost everyone to ignore PQ-sigs for now, when it comes to deployment.
And I think that is generally good guidance and not specific to
connection-oriented  situations.

Cheers,
S.

v2.39.1 | Report a Bug | By Email | System Status