IETF Logo Mail Archive

Re: [Secdispatch] [EXTERNAL] Re: IETF117 - Call for topics

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 23 June 2023 01:00 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DA5C137389 for <secdispatch@ietfa.amsl.com>; Thu, 22 Jun 2023 18:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5CljSkWP1Vt for <secdispatch@ietfa.amsl.com>; Thu, 22 Jun 2023 18:00:28 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2123.outbound.protection.outlook.com [40.107.22.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214C3C13AE48 for <secdispatch@ietf.org>; Thu, 22 Jun 2023 18:00:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mhA0X1sFi4tpiQEi6xh1DMSVtGcCivzsgX2KqGOpRMWBYYXwBLnsn7KSmlUfy5BM4ZLlsrLhwzAxv1mqatvhHQQ0Dgea+xTf7WfUGzBgN/lIhhGguD+8LYiyK2m7OeS+43HUxpg42+JAlb9jPnHxzFYI9Yqt32ogdtQSnlGKyWv/BOd0fQ1nHhGDUXkz3ZGVqeFz2fB6HLo89NIPqEF1cag+76exx8MYHNwaEFx9u9VfUntS3w8JkxMDB5/cZ9Rl+rstwEauKQWv85lbwkDSIRHI/o3Lb5oZ2wqH0QAmcH6JFjhSSS6Bnl7PAaZN+lJ042uaG+5b8Lp1OBk2up7QLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K1vc8zKMwDjNaPoBm+Z9WlztZ+BZ+oFSb5NfmBc0lPA=; b=NhVeMPTynvMhfI9/1Chq0e8082lXu5+ychqE1DOeMVwWYm+3uVRy2jkvlhU8TigzE7+SzI62yvO2k7+StsyGJROFA1fzz6IGDf40MF3ZOnQcxMvejeN0+g3IIz/2ltEq5zwjtLM/94RBAhh872fir4vdUVueBr4p8jMNGf5R68PAvq6pyj3neYSZaRJoce8i2wD888NnqKLASYxvfCtUAkBwGfY6zjzk6hy0rGNjY1TN6akf5IHVUPV1zVb2SWoOsAh95MKslfiPxVuC2A17zfl//gVS4nenEaAiWNgUSKUqCJfJQg4GKPj18zRSiQ5C2hg1vZIoPwbLISVuZ5nP8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K1vc8zKMwDjNaPoBm+Z9WlztZ+BZ+oFSb5NfmBc0lPA=; b=mAJxZ7K86XAc539rm/dujoYFsY+H/6Cs74iALJJg3bdXj3v8WCQ7TaO9gr0UoQFsD5NSM1VcE5h6FbN/Zg1g0u/P09x3jSt1Wu5bIcr3H/JWkUZXEO6h5UdwCxFE8D08uPW4a2L8P9YiVniWAHp2iAS5iAMyZ4HkxAwqdy16X/zhL1LdI+QS4QB0hAhquKnzpldSDuDu2wbgsF2Pp1myWm0+XzlsGMC6iI1CUr1p9yGx8LWjOWADc5pqkc8jHi5gJ3vKpPTuxEP6W24PxWAeR4eZ2lyzjj6EZEyhxOiBewPI+ESuNWIlTYC4eaYdTS++8FWYgslG9s5PSAY+JZ48OA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PA4PR02MB7024.eurprd02.prod.outlook.com (2603:10a6:102:106::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.23; Fri, 23 Jun 2023 01:00:24 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::71c9:a820:59bc:cef4]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::71c9:a820:59bc:cef4%4]) with mapi id 15.20.6521.023; Fri, 23 Jun 2023 01:00:23 +0000
Message-ID: <ea695cef-daef-f517-1597-4f529b83474c@cs.tcd.ie>
Date: Fri, 23 Jun 2023 02:00:21 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>, Yoav Nir <ynir.ietf@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, secdispatch <secdispatch@ietf.org>
References: <CADNypP8D_qp6fPvWkWnw7hDRppHSkaxpTSBtMbcRkE+ZpS+WBw@mail.gmail.com> <3A66635D-6087-4D87-901A-A9C936A01C12@gmail.com> <CADNypP9h7TaC+VnmUihkcq3pWmqzuq3U1E9z4x3F_9PA8Vn8Aw@mail.gmail.com> <5b77f2aa7b39fe8add9bb6459db323609e2671e8.camel@infradead.org> <54209.1687443106@dyas> <1943D5A5-71B2-42CC-8FD8-832CC1971E9D@gmail.com> <CH0PR11MB573982AEAC43E1B40B2F4D4C9F22A@CH0PR11MB5739.namprd11.prod.outlook.com> <10b52b08-c102-329e-dfbd-9e993dcc923e@cs.tcd.ie> <CH0PR11MB573919382B466BCE3F093F3D9F22A@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <CH0PR11MB573919382B466BCE3F093F3D9F22A@CH0PR11MB5739.namprd11.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------RI1mSCS9hOKjfUR0WwIdvXyG"
X-ClientProxiedBy: DU2PR04CA0211.eurprd04.prod.outlook.com (2603:10a6:10:2b1::6) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PA4PR02MB7024:EE_
X-MS-Office365-Filtering-Correlation-Id: 0ade6d74-2b25-491a-87c6-08db7385395c
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: dSOzU5qLN5ST2w9YQ8IjyoLSf8JgGOurvLNa1vj0zR32rtazcvLMtfoCv97WnsRVO4mAbGB6zeo7nqBA/uuNqXscnU0C4rJTP0A4e5gn+S0+zr8vGMiVi5xZ7yJ+RafywthQVeWvL0rlVN3a+Otk48DR3KcLtwF0fKjFZulnyHP8aabrF13Z+AVD8xfxfEMRZabhLy0krwzSCzpJXwTJArWrzSoYxp4MwRW9sVqmB8gaJm3mGvRuP3ojWAFoZ42dvUlasD9YPI1YxOR1IBK8CfZFrAz3RWFEVK7H7KK0+AuoFnIJdQWpR5Hz1HRklfHD5SSOMwBELN+ypyjkh/o1DowEuWHGHpO3MraYc9mXsbBmnThwrMZk15XxCiGKXkIaTPTXZoznOUFA4H5QHu3YLvsgJzCmNShcRQktTK/SLtWmsEZIQArRrrSYuExG6kTYjP+19mrYvlLmdP/daq30e6/XsOCz7Wq+vDfrPUTUgc98VnZBMsHCExdcbQE89eLaECwdt8jxBh/T3OnqBqWjnmT09DiCvELrKZspnfP405Pgy5Ol/Mi2tZy1rlKAdHZxUHA37qPquBLV4kt1J0NUAqj0WmD/RfcNmSc4TiLPhMwBbKgg7LoIJ+DYFkd4ioNaroY9h7l0NfVMk4YdMWPALA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(376002)(39860400002)(396003)(366004)(346002)(451199021)(86362001)(38100700002)(31696002)(83380400001)(31686004)(36756003)(110136005)(54906003)(21480400003)(6486002)(966005)(33964004)(66476007)(316002)(786003)(4326008)(66946007)(66556008)(2616005)(6506007)(6512007)(8676002)(8936002)(53546011)(186003)(41300700001)(2906002)(45080400002)(44832011)(235185007)(478600001)(5660300002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: jXqYJR1SNNE+akQ2gm8aQy53TpWXIbVjgxnynMIhZ7Q5+qTYEikZaU5AEk8UXQsmJYUrp8fsDsKjxbDOrzv+554DTPuacRD70tI0/N/Vr2i46LE0UN2vWp2prjtZOXjWg99xVvduXWyUQ3fSoyiOkHPjVmKuzxkOJPqEGVCrW1fVCNO1AiC3a2okiQbgLX/48f9qHt6hPUCiyt6NkwAgJfYa9ZQTJIQ4YHMhQ7Y2ySBbBvMHeJvB1qUfhzSf8XJrB+aJgRuZKifrNGkwEdxv5m9aSD6x7Pmh4M6hFPK5wgNs+YKNy1bTeCqkpQ2zbDSg7J8UOsO+bKZ0DrIyDOkpidvO3Ah09OLY6D7axYQ9YESu2IxH83JN+Y6pWn5Tj81jvSkzIkV4FlFVepkUHFnOBVI1B4GdIBLjVIdXE4rBHAZyVxDnwVf4lKZ3FWUvUX7rm/zko3yc4yhsvo042FNabyg1VgWvT9ZRqJLpPKPF2lcm1lgM9mrJKHpceEPQ5U4caX2RBaIhCWyv8zfpw3YBMf5iPyhAtFPiS/1IrsFQ8+WbyJb0JYjibQaYCDaomv32R8gO+V5uyDJBPN1VMcKcKXcVCO0mwAO+QgSGCBn7PQZPmixsgczM5cZs+ikWZkTCalbTrOs/4jApfw+he+RhFlW+i4N41a6VR7K1WkGJw760pyMvDMfZTAEiUpsAjN4pz6rPzNVIHBfbHubpxMrXVqCOt+SnPkAJ++N+y7fJmIwZXqXO7snRAWoLVJZ0rcW6oiLoWmRDiBykdlUJGkl3B+CUCe1OevvC3MGYah8isWe1axHBaFrZl+bHyLGqgSyVIh4RZocA5E5e9IpVw/HqbqZIhcsfdaSDtsTYydwYqhk2pnEHIP2iJT0wqtX2I1L2c5brZenmzWchDlc8SoeVg9C6Cmw5ZIpbJX8ssaQ7/bWhSEBrX9N4hDkKZULKs+AG+qpYXMXx/mbg71Ze9/gXtk3fO5IgYjR4p7YMcNYW+rzwb1QeEIfplMUmnF5dTQZGL2VBPWRkH0WfCXxdczvU4cRl7NfOTSBunX5mt2ylRKEjJiNK2vEEzsOGFiip4C8ZJ66MrZ72g+LS5nZnAqFw/ZspijZtCFdtOuR2wzMdhwU9+6KVjXNGcYmuaxBgjcoX4z9jbp9zlLkcQXKh8S0EJi2Ghk32Mf6bgBMma2DtfDwdhb0h3BxlyxmNpm8pBHHOumdGoAMpNXTq2LC8e5vcvW71myrf1RJn0bnneheMNJohKjqrEVm/GrA6HlmwHqSEU++4Yafgh+ByCiBaQAQ3Ku1PjZ3zKD2hmS5xnKhlT7jaiq6w8+YPJ7hICo1aKAnZDmawJ5E1ki3RGvRI2uX+mZ/eZm85DtNMz0ZUqn0WcHyip/g9heLjhuB/qBP6BoqxOp/YGiYqm5XJUvurTn1hI4s+WQkJSXGKAt4s2SFaojatihnNQ1t7sy5rrYh65A/E9P4Bnb5RawtuHk4WREQZvDWfyeOamSzlj31tCIt67/SPliw21mnT3XeuWIE68Ho+CdNDSfJ3JvSMCQ1wWPDG0exd3GUgnkAdWWW3NY10s30xl0vJ+xok3qQvXse1Jr7YTLiHopeXM1QTbf1pDvuB6JtwZwqdjLe79u7Q8HoAv2X+9YTlpxbF24Vrtkpt5wLW
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ade6d74-2b25-491a-87c6-08db7385395c
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jun 2023 01:00:23.5263 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: YCa9AiZpEvDntneMifIFS79XEEthogmWS03bMLeTHMrelJQMnlKiKxPG6Xn+HPxD
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR02MB7024
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/YyMN-suqcDplK_VA50-gf08WoYw>
Subject: Re: [Secdispatch] [EXTERNAL] Re: IETF117 - Call for topics
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 01:00:33 -0000

Hiya,

On 22/06/2023 21:31, Mike Ounsworth wrote:
> Hey Stephen,
> 
> We've been at this for months 

Months? Feels a lot more like decades have been taken up with
folk pushing back against PKI complexity:-)

> and I clearly still don't have any idea
> what you mean by "evolving PKI in the face of a CRQC". Maybe I'm
> overly dense and this is perfectly clear to everyone else, but I
> suspect not.

I apologise for being unclear of course.

> (Nearly) everyone else seems to agree that that means adding OIDs /
> codepoints / JWA names for NIST PQC algs, 

That bit's fine.

> with hybrid version of them
> as a bridge, 

That bit's not convincing for me, for signatures.

> and otherwise carrying on as usual. But you seem to have
> something completely different in mind. I can't decypher what it is
> you're looking for because you seem to be taking a "I'll know it when
> I see it" approach, which is a borderline useless thing to put as an
> engineering design requirement.

I don't agree with the above, but it is fair to describe me
as somewhat of a hurler on the ditch(*). OTOH, sometimes that
perspective has value.

> You obviously see something that the rest of us are missing, 

Were I alone in thinking adding more complexity to x.509
based code is a good plan, that'd be fair. I doubt I am
though.

> and I
> strongly value your experience here. So can you please write down
> concretely and specifically (maybe in the form of an I-D) what
> "evolving PKI in the face of a CRQC" means to you so that we can all
> get on the same page?

That however is fair. If a relevantly scoped BoF looks like
happening, I'm happy to commit to writing down ideas.

Cheers,
S.

(*) https://www.yourdictionary.com/hurler-on-the-ditch


> 
> --- Mike Ounsworth
> 
> -----Original Message----- From: Stephen Farrell
> <stephen.farrell@cs.tcd.ie> Sent: Thursday, June 22, 2023 1:06 PM To:
> Mike Ounsworth <Mike.Ounsworth@entrust.com>; Yoav Nir
> <ynir.ietf@gmail.com>; Michael Richardson <mcr+ietf@sandelman.ca> Cc:
> David Woodhouse <dwmw2@infradead.org>; Rifaat Shekh-Yusef
> <rifaat.s.ietf@gmail.com>; secdispatch <secdispatch@ietf.org> 
> Subject: Re: [Secdispatch] [EXTERNAL] Re: IETF117 - Call for topics
> 
> 
> Hiya,
> 
> On 22/06/2023 19:01, Mike Ounsworth wrote:
>> I also support a BoF about hybrid signatures.
> 
> FWIW: I would not support the above. The BoF I think we need would
> address evolving PKI in the face of a CRQC.
> 
> Discussion of hybrid signatures would be a part of that, but just a
> part.
> 
> Cheers, S. Any email and files/attachments transmitted with it are
> confidential and are intended solely for the use of the individual or
> entity to whom they are addressed. If this message has been sent to
> you in error, you must not copy, distribute or disclose of the
> information it contains. Please notify Entrust immediately and delete
> the message from your system.

v2.23.0 | Report a Bug | By Email