Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI

Daniel Van Geest <Daniel.VanGeest@isara.com> Mon, 16 September 2019 18:05 UTC

Return-Path: <Daniel.VanGeest@isara.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7773120047 for <secdispatch@ietfa.amsl.com>; Mon, 16 Sep 2019 11:05:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0UEFmvBWzNx for <secdispatch@ietfa.amsl.com>; Mon, 16 Sep 2019 11:05:47 -0700 (PDT)
Received: from esa1.isaracorp.com (esa1.isaracorp.com [207.107.152.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3437A12003E for <secdispatch@ietf.org>; Mon, 16 Sep 2019 11:05:47 -0700 (PDT)
IronPort-SDR: JuzealxwMv15lZQ1jmCokH0GebE4iEOHOh4ZJX3M9asRouV8X81g5fVthf4Q0Xa0H462AGBnzv TSOG0vlc4uSRBRQx5AgI/5PjTuFm48ksNODFMrLllbpWPBeLOhIlUe9Lzqw+snquTBXYPN0XjV w4Gx9dKz2oeFeSs5g1D8CCzoUeEKFCFS/nGzDfmFMCvyy7LZwUs6KhgyyUh+AeurhWxL3fr3EI f504ro6DqUpL4xfN23Vs6BKA7t/FgfqXvrcayUv0GRc2z2S5rwvdud4Gei3Cca6eyGkE9HeQ4Z MgE=
Received: from unknown (HELO V0501WEXGPR02.isaracorp.com) ([10.5.9.20]) by ip1.isaracorp.com with ESMTP; 16 Sep 2019 18:05:46 +0000
Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR02.isaracorp.com (10.5.9.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1779.2; Mon, 16 Sep 2019 14:06:47 -0400
Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1779.002; Mon, 16 Sep 2019 14:06:47 -0400
From: Daniel Van Geest <Daniel.VanGeest@isara.com>
To: Michael Richardson <mcr@sandelman.ca>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AQHVaXgFtTFwjcz8+E6FXlBxfl7/XqcoqyKAgAIKrYCAAAJcAIAABymAgAPgdIA=
Date: Mon, 16 Sep 2019 18:06:47 +0000
Message-ID: <F7C0894D-1BB0-47A3-B408-4BD828D9EE28@isara.com>
References: <a2e32c33-8589-f3fb-97e5-c5977dfc64b4@openca.org> <BL0PR11MB317285DF599EC58CCF26FD5EC1B00@BL0PR11MB3172.namprd11.prod.outlook.com> <28224.1568427573@dooku.sandelman.ca> <cf1a301c-47d6-7565-ddc7-69048e3c08f3@cs.tcd.ie> <29967.1568429617@dooku.sandelman.ca>
In-Reply-To: <29967.1568429617@dooku.sandelman.ca>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.5.52]
Content-Type: multipart/alternative; boundary="_000_F7C0894D1BB047A3B4084BD828D9EE28isaracom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/A2JXrqKb9wv2G3egBqmDHVJeDME>
Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 18:05:50 -0000

Michael,

On 2019-09-13, 10:54 PM, "Secdispatch on behalf of Michael Richardson" <secdispatch-bounces@ietf.org<mailto:secdispatch-bounces@ietf.org> on behalf of mcr@sandelman.ca<mailto:mcr@sandelman.ca>> wrote:

Can we support multiple signatures inside a certificate? I don't think so.

Why not?  Mike’s problem statement draft has two potential technical solutions doing just that, each with advantages and disadvantages.  Or is there more of a logistical or other issue?  Knowing why you think we can’t support multiple signatures inside a certificate could help refine the problem statement.

Thanks,
Daniel Van Geest