Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 13 September 2019 09:42 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 235F2120288 for <secdispatch@ietfa.amsl.com>; Fri, 13 Sep 2019 02:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RSGzjBAmXhT for <secdispatch@ietfa.amsl.com>; Fri, 13 Sep 2019 02:42:50 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBEF512006A for <secdispatch@ietf.org>; Fri, 13 Sep 2019 02:42:49 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id s18so27557569qkj.3 for <secdispatch@ietf.org>; Fri, 13 Sep 2019 02:42:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gL4dz3y4EHy8QP32frVbB7wk5R8hqMEyiycly0AR/Ik=; b=kk7x2JTsm7ZdouDaf8ysG4MVNRMqF5vnNh3eY+jAlcbfTpTZ7OBHRSjTl15Pa7BY+R /vt9IaJTqgJ/c3WHmd4KACITuSzcUVeMNn0am0iRcOve2q4mSEWJLKDIENRDyU28sHLb gj0jjWSvAQ7hq04P3bDBhu2QRjuS177yuH7+jH/wb0tmz9g31Y+3qClWXh0OLBoQ+Ixr lldTVWr7I4eDL9sE2H5IAOTjnhSu3OO64PNSxBfxWuix92NxVOW32pO4rHVw4spV7YJi V1oNrGy1kRaK3zcjJ46BshzY614GrGVtfjfu98eWEJfrvZ8eHKuB2nZl539+AN3TQRRb 1E9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gL4dz3y4EHy8QP32frVbB7wk5R8hqMEyiycly0AR/Ik=; b=HOe8RDcy8tYEpiuHeW2DBL8V5dY599K2Al9K3LCGLj7F/PlHT5pbfDR66cEaEtJHvk jLkVuyT1LWBdCUt9NfBKqnnv2FbQMPXWaEOhn6XOeJALdTqG67wwusoSpdYa4tuYHBxT epdxDe6zkJXzAO+DE6xybhqXjnpzF28cI4KhvvVRqE1kKeZILIrL6zlSbScjsIIZM8rp nBoUI6DuKqJtuvlNO/Ww4hV0NeYWwGHjF98JEj9nW9J17EPA4JjucsqHpwWbrikDKt4P wsOlNHcVDSQ2+bj25oM+fKpkwl3+o8/iD1LrAcEAo3YdPABid3lqqD4IIiPh515mofkP 4yAg==
X-Gm-Message-State: APjAAAV7nvlvabzrfdlxJ8sHhCFsT/MJy3hIMOnjv7CQ0a3TUR6O+0cJ 6g9N4tMb3V7Xo6QGvLCOGIJLYkcRZQk=
X-Google-Smtp-Source: APXvYqyeGqtP7kkIOZC0RNFLmPkabSn9Z3tcMNKR2Gt7yBbCTA8d1sgVk6zNTEz/UUh7NESkEelqZA==
X-Received: by 2002:a37:a545:: with SMTP id o66mr45149063qke.96.1568367768907; Fri, 13 Sep 2019 02:42:48 -0700 (PDT)
Received: from [192.168.1.4] (146-115-73-78.s5196.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.73.78]) by smtp.gmail.com with ESMTPSA id v12sm10635963qtb.5.2019.09.13.02.42.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Sep 2019 02:42:48 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: iPhone Mail (16G102)
In-Reply-To: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com>
Date: Fri, 13 Sep 2019 05:42:47 -0400
Cc: "secdispatch@ietf.org" <secdispatch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DD40B95C-CB99-402F-837C-C1A603EBDAAB@gmail.com>
References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com>
To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/CO2QjQAdZjhTAhyvX4GXpONTTig>
Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 09:42:52 -0000

Mike,

Are you looking for an agenda spot in Singapore?

Additionally, it would be good to see discussion on list in advance, so thank you for posting your message.

Best regards,
Kathleen 

Sent from my mobile device

> On Sep 11, 2019, at 5:11 PM, Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> wrote:
> 
> Hi SecDispatch,
> 
> This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution.
> 
> 
> 
> Background / history
> --------------------
> 
> The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives.
> 
> 
> A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU.
> https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/
> 
> 
> Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach.
> https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/
> 
> 
> Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions.
> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/
> 
> 
> 
> 
> My Opinion
> ----------
> 
> Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE.
> 
> 
> 
> 
> Requested action from SECDISPATCH
> ---------------------------------
> 
> 1. Feedback on the problem statement draft. https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/
> 
> 2. Discussion of how to progress this.
> 
> 
> 
> 
> PS I'm a new IETF'er, please be gentle :P
> 
> Thanks,
> - - -
> Mike Ounsworth | Software Security Architect
> Entrust Datacard
> 
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch