Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 12 December 2019 16:33 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD93120939 for <secdispatch@ietfa.amsl.com>; Thu, 12 Dec 2019 08:33:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=VIM9vbqX; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=vChzxuaD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yw6EWv6ZVFbs for <secdispatch@ietfa.amsl.com>; Thu, 12 Dec 2019 08:33:06 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E79BD120826 for <secdispatch@ietf.org>; Thu, 12 Dec 2019 08:32:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2386; q=dns/txt; s=iport; t=1576168363; x=1577377963; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=VIM9vbqXap14YcoFbH+62BsDVV7MBWIX6+VqxOl2xC/DGO6O+eoyKJRZ 9DxGhuzaiCeyASGE01kJ9d6pUEn/29q9jPLx0K0fdoBs4O/vmbWtiJK/y 0mDp7+h4sO46nlu+vHa8VCHldBFh017quvhHfuBVwj+Jfa6liyWGl/MJs E=;
IronPort-PHdr: =?us-ascii?q?9a23=3ANA0WwhORhp46o/eOJrAl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DDCAAPa/Jd/4UNJK1lHgELHIFzC4F?= =?us-ascii?q?LJAUnBYFEIAQLKgqDeYNGA4sKgl+YBoJSA1QJAQEBDAEBLQIBAYRAAheBcyQ?= =?us-ascii?q?3Bg4CAw0BAQQBAQECAQUEbYU3DIVeAQEBAQIBEgsGEQwBATcBBAcEAgEIEQQ?= =?us-ascii?q?BAQECAiYCAgIwFQgIAgQOBQgTB4VHAw4gAQKjRgKBOIhhdYEygn4BAQWFBxi?= =?us-ascii?q?CFwmBDiiMGBqBQT+BEUeCTD6ESwUQI4JWMoIsjU0gA4I+nkUKgjCWFJpBqQg?= =?us-ascii?q?CBAIEBQIOAQEFgWgjKoEucBWDJ1ARFJAgOG8BAYJKilN0gSiNYAGBDwEB?=
X-IronPort-AV: E=Sophos;i="5.69,306,1571702400"; d="scan'208";a="381676722"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Dec 2019 16:32:43 +0000
Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id xBCGWgVd002291 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 12 Dec 2019 16:32:42 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 10:32:42 -0600
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Dec 2019 10:32:41 -0600
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 12 Dec 2019 11:32:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aXORRDWc+692k8Q9r9dQ+yJtbL6IXKAlrj/YlD4m3yhXXFSUUfYHlWNTSXlhCrioszDCfCMaMRPSQ8+H1n5s/vYcKmTJkm4UeBqWgD0UzWGr3MOJMNJDwERcuFwy8l0RvX/3rLTepMQPQIyfn+6+xrsNK04fHQtVVS/5Q+LL/l6Bdzk2XTWbxX8SUK0ADiU9KOmixPDGeZNi/jVIQGoOSCUJvp20gXTCPpHk4qCFawjL/1E1dSI35N3v3fVq7FIAhhmPNUatK2QqBInve+y/Q/8aStAmspGusLHUh/urJaPtr1e/ZNwelrxVhRkNe4g0B6ZTU5lrYw09Ty2MabIMTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=FtEgsw/mBeK8wVOqasSqI4/Uc0SMYRVUbvZdZ+5V4OEaXhQzbJNxUMRzww6UmL24L7gV6UvKEeHACMJxxGhA/5cZANgKVHjlTxvvt20rBUb44y80F1EQ2AKjtIyvkR3Lub+CDu7H3cZR++zbr/m5LbQRyHBtxMW7TnanjITKVcrRta8ImSC1Pjo39XN8p6Abb/8PBPpcixUOQwObcjyCnUEvyJQBR0vaalejZJaGAXyvHds1qw/6avIPPejXqUdIqPaOSFRHDzAvX7RPPKS+G9R51ZkjlOj8U0O+MXCQ/PVgI6VtdLbFf245paSNZdkvdBNfXF5Rzn16H0Zg9T+Yuw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gbx6i9Q51MW438OZV4FpI41QGmBDl8GrEqg2BQp2daY=; b=vChzxuaD2Og5//dFg4rWjBH5zhlq4sjqHafzHtGhmHAiUHYPYH/sTFRgFvHl4nb9zeHALriePR6iSLNLX4AIpQfWXCa2R439HvHsBeTLM56RJYtykycMGV4bKj7NArcw0JCtc0LecbCgTmbsuQLHYrJmIVViuEvxA1RDvSqyH0U=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2867.namprd11.prod.outlook.com (52.135.242.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.17; Thu, 12 Dec 2019 16:32:40 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::5c82:bb6a:d0f0:b802%6]) with mapi id 15.20.2516.019; Thu, 12 Dec 2019 16:32:40 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: IETF SecDispatch <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (
Thread-Index: AQHVrjKMrM9madKCMEWb+FBPgD9H8KexDWsAgAFDtLA=
Date: Thu, 12 Dec 2019 16:32:40 +0000
Message-ID: <BN7PR11MB2547EA5F6DF70BC2B9C21E64C9550@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <CABcZeBPbAgBfC6Et+OKQi2=GwsyeyKEKfW5GG=StUepQwy+f0g@mail.gmail.com> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <CABcZeBM5WgpcBP4axBvzWaxKU=JA-K-4qiVxhhO1+HzFf246aw@mail.gmail.com> <MN2PR11MB3710195708AAA808B3D08EC29B580@MN2PR11MB3710.namprd11.prod.outlook.com> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie>
In-Reply-To: <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [173.38.117.68]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 97ed61c1-963e-4e22-afef-08d77f20e80d
x-ms-traffictypediagnostic: BN7PR11MB2867:
x-microsoft-antispam-prvs: <BN7PR11MB28675AD52B708F96ACDB7F8AC9550@BN7PR11MB2867.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0249EFCB0B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(136003)(39860400002)(396003)(13464003)(189003)(199004)(9686003)(8936002)(33656002)(71200400001)(52536014)(296002)(316002)(55016002)(478600001)(8676002)(5660300002)(6916009)(186003)(64756008)(86362001)(81166006)(81156014)(7696005)(66946007)(66476007)(66556008)(76116006)(53546011)(66446008)(6506007)(26005)(2906002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2867; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: p3IbIXtw1MRczGSuknlCItld6RhJlQC5G3ip5a0VOtwvQmQOPATL/UfMjtR0LSZehOUwFy5WHTIrK2RKpe2ZkMsZoePY12+oTLKa04rb0Gnxl4IglFGX9k9qW/x6nwxd3EJChi6BJKWJAxYlthcxBDl0FcAxhV+Ai59kBaQlgibNOXTp1lRQHZLmgp59zkx6H3FZK2DUiWQ5gfsquzC1Z2ZzSXouwnYXFHvH1BsyOlUu5dTsIG7a9eW+moBu2qpukiKcvpG95Qtf/rTTuzNmUN2nmPvRt6sc+KmsNI1Z3w55/rQO7hJLQvQkjMWfdqGYpdiN+cpqlfT2mF70izOQeg4COFvWd/6YrIjmWhGexngVmc7RSIquQnsu2otSoKaRkYA2RPJ1E+3+uqIZX5gi7wuVnZ7dcnuWqMkSAjQyFEy9KVN/TAO0W/h6sE0pbSGSCV8mNiIvxS4BMfH6VcyHOWkWi8ad/G0yidVlfaI+hXsGW406KdPGIpsAuT/U+k7G
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 97ed61c1-963e-4e22-afef-08d77f20e80d
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Dec 2019 16:32:40.3127 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dFNqivEhWbK5gv+ufDeI+h5/6pNJAbjuI8DtKDyAP5CJzlmab+cR6GCuqguyLrNYLRNMOAIP1ttFLPoueqvtpA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2867
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/gPCfP5JBCVR4sXx99OgBlLyojvw>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 16:33:09 -0000

Hi,

> Sorry if I've missed it, but who do we have that is calling for a post-quantum PKI solution to be developed now, but who is not promoting one such?

We (Cisco) will need PQ PKI (not WebPKI) solution for image signing. When talking about chips that are designed now and will live in the field for decades, we would like to design today instead of wait for 2030. Note we are spending (not making) money on PKI, so we are not trying to corner a market.

I have talked to another vendor interested in them to sign its OS but I will not speak for them. I have also talked to at least one HSM vendor that has some clients asking for PQ PKI support to be added in their HSM but I will not speak for them either. I don't think any of these use-cases are trying to corner a market.

Panos


-----Original Message-----
From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Stephen Farrell
Sent: Sunday, December 08, 2019 9:04 PM
To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>om>; Eric Rescorla <ekr@rtfm.com>om>; Dr. Pala <madwolf@openca.org>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (


Hiya,

Cutting to the nub of my concern...

On 09/12/2019 01:46, Mike Ounsworth wrote:
> I hope that doesn’t preclude a push for a more immediate solution.

ISTM the "push" is less for a solution than for understandably attempting to corner a market. I don't think such attempts are "bad" things, but I do think following 'em is more likely unwise.

Sorry if I've missed it, but who do we have that is calling for a post-quantum PKI solution to be developed now, but who is not promoting one such?

Thanks,
S.