Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI

Mike Ounsworth <> Tue, 17 September 2019 19:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 645FF120A2B for <>; Tue, 17 Sep 2019 12:04:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TSOBuDjCjDne for <>; Tue, 17 Sep 2019 12:04:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E3F61209C2 for <>; Tue, 17 Sep 2019 12:04:08 -0700 (PDT)
IronPort-SDR: jPO8eXxks0wNbERxP7hbM2uzrqcOJjusVXmSwklaZfwpjpAIJgkzTGd1R63XlKnSFoV8l8wbvD WuXxfbTc2+XA==
X-IronPort-AV: E=Sophos;i="5.64,517,1559538000"; d="scan'208";a="1524870"
Received: from (HELO ([]) by with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Sep 2019 14:04:07 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Sep 2019 14:04:07 -0500
Received: from ([fe80::8084:293e:7f03:4ab2]) by ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 17 Sep 2019 14:04:06 -0500
From: Mike Ounsworth <>
To: Michael Richardson <>, "" <>
Thread-Topic: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AQHVbYRxJG27EQIGIUe3TF2r2sIifKcwN6Wg
Date: Tue, 17 Sep 2019 19:04:06 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <19799.1568744365@localhost>
In-Reply-To: <19799.1568744365@localhost>
Accept-Language: en-CA, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Sep 2019 19:04:20 -0000

Hi Michael,

Yup, Those are the general ideas, with one small correction; for 1) what we've proposed in draft-ounsworth-pq-composite-sigs is a SubjectPublicKeyInfo that has the algorithmID "Composite", and then the octet string for its public key data is an encoded SEQUENCE of SubjectPublicKeyInfos for RSA, PQ1, etc, -- basically the SPKI contains a list of SPKIs. Same trick for signatureAlgorithm and signatureValue.

This subtle difference avoids the explosion of pairwise OIDs "RSA+PQ1", "ECDSA+PQ2", etc. Also, this allows a legacy client to continue processing if it doesn't understand the OID for PQ2, but its local policy says that ECDSA alone is still ok for now, so there's a crypto agility win.

- - -
Mike Ounsworth | Office: +1 (613) 270-2873

-----Original Message-----
From: Michael Richardson <> 
Sent: Tuesday, September 17, 2019 1:19 PM
To: Mike Ounsworth <>om>;
Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI

Mike Ounsworth <> wrote:
    > I've posted a new version with minor tweaks to make that more clear.


Thank you. I understand much better the three possibilities now.

As I understand it:
1) new algorithm numbers, "RSA+PQ1", "ECDSA+PQ2", etc.  works with old code
   because old-algorithms are negotiated.  Requires negotiation.

2) multiple certificate chains: seems to work well with web servers, but
   in my experience fails with everything else.  The "weak" chain fails
   and then what?

3) new certificates; the v3-extension hack is just that, a hack to do
   multiple certificate chains in a single object.   I assume that the PQx
   signature would cover the legacy public key value as well?

I prefer (3), btw.  (1) hadn't occured to me, as I don't think it works well with objects at rest, such as firmware updates.

Michael Richardson <>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-