Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla (

Carrick Bartle <cbartle891@icloud.com> Tue, 24 December 2019 04:38 UTC

Return-Path: <cbartle891@icloud.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 938BB120045 for <secdispatch@ietfa.amsl.com>; Mon, 23 Dec 2019 20:38:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4Gj5KsvTwzD for <secdispatch@ietfa.amsl.com>; Mon, 23 Dec 2019 20:38:51 -0800 (PST)
Received: from mr85p00im-ztdg06021801.me.com (mr85p00im-ztdg06021801.me.com [17.58.23.195]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE4C5120041 for <secdispatch@ietf.org>; Mon, 23 Dec 2019 20:38:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1577162331; bh=7qiOZvE6d6woxNIZ0YTOJp5MqUiD+dw4WcfGrlMSHUw=; h=From:Message-Id:Content-Type:Subject:Date:To; b=B/7iwI44NKbHWARD7BZw/K9kuvzr4wIGjHmRzTpPjMbT/73SU3DxyI8kYujvxYx0O KOsmml+Xvf/KgQ226r3kRFEqVagb2TazOdOYm26L8d9hOOUnNtU2sa97dDfwfUib6/ JCWXzjXMgDaniyMte4Qi5wXqKQrNAI5gA1zQUAzHsIfGGGpMKIlqWLNnYNIn7PerY/ 6p8u3JYVHz3WYJAjnJLOf1OL2GPzLMQaUIq5FrRSJ8/sNVtjyFjupGJPpFfD1Vm5d1 S3YZG57jBDxdZx2w5z1pPL4g85NG5Xs7re0eX+AaNiU3v30Ff4BzFx+K+dO6f8UsO/ CXsTy2f9nWz9g==
Received: from [17.234.126.120] (unknown [17.234.126.120]) by mr85p00im-ztdg06021801.me.com (Postfix) with ESMTPSA id 22A921809C0; Tue, 24 Dec 2019 04:38:51 +0000 (UTC)
From: Carrick Bartle <cbartle891@icloud.com>
Message-Id: <07119213-1702-4742-A34F-EDEDBF294FCF@icloud.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B4C28A95-A9D8-4CB7-9F22-02EB59394A9E"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.3\))
Date: Mon, 23 Dec 2019 20:38:46 -0800
In-Reply-To: <CABcZeBM06FEiMkDVhOPnQggHCG7DeOVkNLNn1w2wDnhy6rJuhg@mail.gmail.com>
Cc: "Salz, Rich" <rsalz@akamai.com>, "Dr. Pala" <madwolf@openca.org>, IETF SecDispatch <secdispatch@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: Eric Rescorla <ekr@rtfm.com>
References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <CABcZeBPbAgBfC6Et+OKQi2=GwsyeyKEKfW5GG=StUepQwy+f0g@mail.gmail.com> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <CABcZeBM5WgpcBP4axBvzWaxKU=JA-K-4qiVxhhO1+HzFf246aw@mail.gmail.com> <95B2FAB7-66FA-44F2-84F8-FA23737AA38F@akamai.com> <CABcZeBM06FEiMkDVhOPnQggHCG7DeOVkNLNn1w2wDnhy6rJuhg@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.80.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-23_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1912240038
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/joL1jrri-Xjd5-nQVOyg4B3qqSM>
Subject: Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla (
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Dec 2019 04:38:54 -0000

> WebPKI doesn't want it


How can it be true that it's too early to start developing a protocol for composite keys and signatures for Web PKI when Cloudflare and Google have already finished a round of experiments with hybrid key exchanges? Maybe I'm reading too much into it, but the existence of those experiments suggested to me that the need for hybrid/composite implementations was imminent. (I understand that the draft in question concerns signatures, not key exchanges, but apparently there isn't even a draft for the latter yet.)

If not now, when? After NIST crowns a winner? I don't see why it's necessary to wait that long given that the proposed solutions are algorithm-independent. And since the standardization process takes a while, won't waiting until then mean that there won't be a standard until after it's needed?

Carrick



> On Nov 19, 2019, at 11:37 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> 
> 
> On Tue, Nov 19, 2019 at 11:34 PM Salz, Rich <rsalz@akamai.com <mailto:rsalz@akamai.com>> wrote:
> What I was trying to say in the meeting is that I don't think this is probably to be of much use in the WebPKI at this time.
>  
> 
> I agree with that.
> 
>  
> 
> But of course that’s not a “veto” on doing this work, which OF COURSE you are not saying.
> 
> 
> Agreed. I think the relevant question is if there is enough demand, so just because WebPKI doesn't want it doesn't mean that someone doesn't.
> 
> -Ekr
> 
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org <mailto:Secdispatch@ietf.org>
> https://www.ietf.org/mailman/listinfo/secdispatch <https://www.ietf.org/mailman/listinfo/secdispatch>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org <mailto:Secdispatch@ietf.org>
> https://www.ietf.org/mailman/listinfo/secdispatch <https://www.ietf.org/mailman/listinfo/secdispatch>