[Secdispatch] Problem statement for post-quantum multi-algorithm PKI

Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Wed, 11 September 2019 21:11 UTC

Return-Path: <prvs=15098db91=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBED1202DD for <secdispatch@ietfa.amsl.com>; Wed, 11 Sep 2019 14:11:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AP_WmqteFIxx for <secdispatch@ietfa.amsl.com>; Wed, 11 Sep 2019 14:11:25 -0700 (PDT)
Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA797120289 for <secdispatch@ietf.org>; Wed, 11 Sep 2019 14:11:24 -0700 (PDT)
IronPort-SDR: 5hbpcxWcjHWP+nx53qhhqXqjcA1hOQk/cJSvrDhBayocDui/oWhXUY8H+02PXmCd32iNXRtBcH RTWb2d4AtY9g==
X-IronPort-AV: E=Sophos;i="5.64,494,1559538000"; d="scan'208";a="56788060"
Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 11 Sep 2019 16:11:23 -0500
Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 11 Sep 2019 16:11:23 -0500
Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Wed, 11 Sep 2019 16:11:23 -0500
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AdVo5XY9fEgsAHwkSEunmRFqOiv5LA==
Date: Wed, 11 Sep 2019 21:11:23 +0000
Message-ID: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.1.43.131]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/bShD4lyu_cgiS6LeBemGKb8_ZCQ>
Subject: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2019 21:11:27 -0000

Hi SecDispatch,

This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution.



Background / history
--------------------

The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives.


A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU.
https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/


Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach.
https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/


Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions.
https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/




My Opinion
----------

Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE.




Requested action from SECDISPATCH
---------------------------------

1. Feedback on the problem statement draft. https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/

2. Discussion of how to progress this.




PS I'm a new IETF'er, please be gentle :P

Thanks,
- - -
Mike Ounsworth | Software Security Architect
Entrust Datacard