Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
"Dr. Pala" <madwolf@openca.org> Thu, 12 September 2019 14:38 UTC
Return-Path: <madwolf@openca.org>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20B4C1200FB for <secdispatch@ietfa.amsl.com>; Thu, 12 Sep 2019 07:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.701
X-Spam-Level: *
X-Spam-Status: No, score=1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_A1=3.599, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATCBVcS0TX_u for <secdispatch@ietfa.amsl.com>; Thu, 12 Sep 2019 07:38:54 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 2313F12003E for <secdispatch@ietf.org>; Thu, 12 Sep 2019 07:38:54 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id DCEEC3740FDF for <secdispatch@ietf.org>; Thu, 12 Sep 2019 14:38:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fKcaP5JAayuZ for <secdispatch@ietf.org>; Thu, 12 Sep 2019 10:38:52 -0400 (EDT)
Received: from Maxs-MBP-2.cablelabs.com (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id BEEBD37407EA for <secdispatch@ietf.org>; Thu, 12 Sep 2019 10:38:52 -0400 (EDT)
To: secdispatch@ietf.org
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <a2e32c33-8589-f3fb-97e5-c5977dfc64b4@openca.org>
Date: Thu, 12 Sep 2019 08:38:52 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------D308A0837F60766149A82AF7"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/mgPEz0pCbxuS2_IcLErtH9WS26s>
Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 14:38:56 -0000
Hi SecDispatch, Mike, Our industry (Cable) is working on this problem already - some of our members have started investigating few things in the post-quantum field and in particular how to protect our PKIs in this uncertain environment. With few billions certificates issued across the industry, we heavily rely on certificates for device authentication and, therefore, we need to work on a solution today. For us, the use of Composite Crypto is quite an interesting path to pursue because it provides an easy way to protect today our PKIs against the factorization threat (not only certificates, but all the data structures for PKIX) thus allowing to verify the authentication with Post-Quantum algorithms when we will need to make the switch (deferred Algorithm Agility). We intend to support this idea and actively deploy it for our PKIs and eventually expand the adoption of this approach in other environments we are engaged in (e.g., medical devices, cellular networks, WiFi Alliance and WBA, etc.) Looking forward to find a good home for this project within the IETF - a simple but powerful tool for our "PKI toolboxes" Cheers, Max > Hi SecDispatch, > > This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution. > > > > Background / history > -------------------- > > The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives. > > > A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU. > https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ > > > Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach. > https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ > > > Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > > > > > My Opinion > ---------- > > Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE. > > > > > Requested action from SECDISPATCH > --------------------------------- > > 1. Feedback on the problem statement draft.https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > > 2. Discussion of how to progress this. > > > > > PS I'm a new IETF'er, please be gentle :P > > Thanks, > - - - > Mike Ounsworth | Software Security Architect > Entrust Datacard -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo
- Re: [Secdispatch] Problem statement for post-quan… Dr. Pala
- [Secdispatch] Problem statement for post-quantum … Mike Ounsworth
- Re: [Secdispatch] Problem statement for post-quan… Scott Fluhrer (sfluhrer)
- Re: [Secdispatch] Problem statement for post-quan… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Daniel Van Geest
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Panos Kampanakis (pkampana)
- Re: [Secdispatch] Problem statement for post-quan… Kathleen Moriarty
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Michael Richardson
- Re: [Secdispatch] Problem statement for post-quan… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Salz, Rich
- Re: [Secdispatch] Problem statement for post-quan… Michael Richardson
- Re: [Secdispatch] Problem statement for post-quan… Mohit Sethi M
- Re: [Secdispatch] Problem statement for post-quan… Ira McDonald
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] Problem statement for post-quan… Daniel Van Geest
- Re: [Secdispatch] Problem statement for post-quan… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Panos Kampanakis (pkampana)
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] Problem statement for post-quan… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Ira McDonald
- Re: [Secdispatch] Problem statement for post-quan… Salz, Rich
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Ira McDonald
- Re: [Secdispatch] Problem statement for post-quan… Salz, Rich
- Re: [Secdispatch] Problem statement for post-quan… Ira McDonald
- Re: [Secdispatch] Problem statement for post-quan… Douglas Stebila
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Richard Barnes
- Re: [Secdispatch] Problem statement for post-quan… Michael Richardson
- Re: [Secdispatch] Problem statement for post-quan… Ira McDonald
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Michael Richardson
- Re: [Secdispatch] Problem statement for post-quan… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Stephen Farrell
- Re: [Secdispatch] Problem statement for post-quan… Martin Thomson
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Phillip Hallam-Baker
- Re: [Secdispatch] Problem statement for post-quan… Phillip Hallam-Baker
- Re: [Secdispatch] [EXTERNAL]Re: Problem statement… Dr. Pala
- Re: [Secdispatch] Problem statement for post-quan… John Mattsson
- Re: [Secdispatch] Problem statement for post-quan… Markku-Juhani O. Saarinen
- Re: [Secdispatch] Problem statement for post-quan… John Mattsson
- Re: [Secdispatch] Problem statement for post-quan… Mike Ounsworth
- Re: [Secdispatch] Problem statement for post-quan… Benjamin Kaduk