Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI

Mike Ounsworth <> Fri, 13 September 2019 14:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AAACA120047 for <>; Fri, 13 Sep 2019 07:03:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p55qVCNmJvsc for <>; Fri, 13 Sep 2019 07:02:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DBFA112002F for <>; Fri, 13 Sep 2019 07:02:57 -0700 (PDT)
IronPort-SDR: nitwSFkXZMbSHXez0Woj3oHLn7ygmr+lofJt2VrofF/uZYVi7rxSAMhv4WX79zs3fIWrRdWEZP 010SfGZuqX1g==
X-IronPort-AV: E=Sophos; i="5.64,501,1559538000"; d="scan'208,217"; a="56941357"
Received: from (HELO ([]) by with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 13 Sep 2019 09:02:57 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 13 Sep 2019 09:02:56 -0500
Received: from ([fe80::8084:293e:7f03:4ab2]) by ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Fri, 13 Sep 2019 09:02:56 -0500
From: Mike Ounsworth <>
To: Kathleen Moriarty <>
CC: "" <>
Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AdVo5XY9fEgsAHwkSEunmRFqOiv5LABXAwiA///03jw=
Date: Fri, 13 Sep 2019 14:02:56 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-CA, en-US
Content-Language: en-CA
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_23FA6A308F3F02C98f40790f5eb6454b8b4d384b9ac18637mailout_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 13 Sep 2019 14:03:01 -0000

Hi Kathleen,

I'm new to IETF, and looking for guidance. If an agenda spot in Singapore is the right next step to get visibility and discussion, then I'm happy to do that.


From: Kathleen Moriarty
Sent: Friday, September 13, 04:42
Subject: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
To: Mike Ounsworth

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.


Are you looking for an agenda spot in Singapore?

Additionally, it would be good to see discussion on list in advance, so thank you for posting your message.

Best regards,

Sent from my mobile device

> On Sep 11, 2019, at 5:11 PM, Mike Ounsworth <> wrote:
> Hi SecDispatch,
> This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution.
> Background / history
> --------------------
> The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives.
> A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU.
> Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach.
> Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions.
> My Opinion
> ----------
> Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE.
> Requested action from SECDISPATCH
> ---------------------------------
> 1. Feedback on the problem statement draft.
> 2. Discussion of how to progress this.
> PS I'm a new IETF'er, please be gentle :P
> Thanks,
> - - -
> Mike Ounsworth | Software Security Architect
> Entrust Datacard
> _______________________________________________
> Secdispatch mailing list