Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 12 December 2019 16:50 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40941120998 for <secdispatch@ietfa.amsl.com>; Thu, 12 Dec 2019 08:50:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NeCXfwj1aQhk for <secdispatch@ietfa.amsl.com>; Thu, 12 Dec 2019 08:50:05 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 859F512098F for <secdispatch@ietf.org>; Thu, 12 Dec 2019 08:50:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3D91BE51; Thu, 12 Dec 2019 16:50:03 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YeCIwCVIzcTE; Thu, 12 Dec 2019 16:50:03 +0000 (GMT)
Received: from [134.226.36.133] (unknown [134.226.36.133]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 58F09BE4D; Thu, 12 Dec 2019 16:50:03 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1576169403; bh=ygQ5x+c9hV7NIg1msJp2EtN0FUFqI+PASuli1bvFihw=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=ODYza18Fc45095FoWtrObOgnFoLfGFpiLS5Ee/woBHdA2Odt8rGEfCmDQ5g3hLuVX rQO/YnOpuvx5UfCUNNoZW0xvi6Qr8dLDpRO6Ke0MZbF+Oqpl1bv4p3Oke2INkZ5fiu JDDV+d6zjjyLkYDXKH6OSaJrliSn0XTqQsxL0M2Y=
To: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Cc: IETF SecDispatch <secdispatch@ietf.org>
References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <CABcZeBPbAgBfC6Et+OKQi2=GwsyeyKEKfW5GG=StUepQwy+f0g@mail.gmail.com> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <CABcZeBM5WgpcBP4axBvzWaxKU=JA-K-4qiVxhhO1+HzFf246aw@mail.gmail.com> <MN2PR11MB3710195708AAA808B3D08EC29B580@MN2PR11MB3710.namprd11.prod.outlook.com> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> <BN7PR11MB2547EA5F6DF70BC2B9C21E64C9550@BN7PR11MB2547.namprd11.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <ccc5161a-243a-336e-2615-b156fba98c54@cs.tcd.ie>
Date: Thu, 12 Dec 2019 16:50:02 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <BN7PR11MB2547EA5F6DF70BC2B9C21E64C9550@BN7PR11MB2547.namprd11.prod.outlook.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5lUTZx9BXjkhQDDnZRR7r42sBrC7PmFLu"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/zEcWqzkEdki45FN_ma_1ryf4x8c>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 16:50:08 -0000

Hiya,

On 12/12/2019 16:32, Panos Kampanakis (pkampana) wrote:
> Hi,
> 
>> Sorry if I've missed it, but who do we have that is calling for a
>> post-quantum PKI solution to be developed now, but who is not
>> promoting one such?
> 
> We (Cisco) will need PQ PKI (not WebPKI) solution for image signing.
> When talking about chips that are designed now and will live in the
> field for decades, we would like to design today instead of wait for
> 2030. 

Thanks. It's not at all clear to me that data integrity nor
origin authentication in that timeframe ought be tied to
x.509 certificates at all. (Except for legacy algs/keys
where there's nothing to do.) Or do you envisage using other
approaches instead or as well when you say PKI? Personally,
I'd guess some kind of manifest based approach would be
better, maybe starting from cose or something. I would
be supportive of exploratory work in that space.

But adding multiple key/alg combinations alongside classical
algs/keys into x.509 certificates would create so many new
failure modes for all libraries that handle x.509 that it
seems generally unwise to me. (The failure modes for such
libraries have always been horrible, making 'em worse is
not a plan I'd warm to;-)

> Note we are spending (not making) money on PKI, so we are not
> trying to corner a market.

Fair enough that "corner a market" was a bit pejorative.
Apologies for that.

I'm just not at all convinced that trying to define how
to handle PQ algorithms in x.509 is at all worthwhile
now, especially before we have an outcome from the NIST
competition. Once we do have a standard set of algorithms
that people want to use (bearing in mind how sha-3 has
not set the world alight) then defining OIDs for those
would be fine, and fairly straightforward, but starting
now down a path that leads to x.509 certificates that
contain combinations of keys/algs in one cert seems like
a terrible plan to me.

Cheers,
S.

> I have talked to another vendor interested in them to sign its OS but
> I will not speak for them. I have also talked to at least one HSM
> vendor that has some clients asking for PQ PKI support to be added in
> their HSM but I will not speak for them either. I don't think any of
> these use-cases are trying to corner a market.
> 
> Panos
> 
> 
> -----Original Message----- From: Secdispatch
> <secdispatch-bounces@ietf.org> On Behalf Of Stephen Farrell Sent:
> Sunday, December 08, 2019 9:04 PM To: Mike Ounsworth
> <Mike.Ounsworth@entrustdatacard.com>om>; Eric Rescorla <ekr@rtfm.com>om>;
> Dr. Pala <madwolf@openca.org> Cc: IETF SecDispatch
> <secdispatch@ietf.org> Subject: Re: [Secdispatch] [EXTERNAL]Re:
> Clarification Question for the Comment from Eric Rescorla (
> 
> 
> Hiya,
> 
> Cutting to the nub of my concern...
> 
> On 09/12/2019 01:46, Mike Ounsworth wrote:
>> I hope that doesn’t preclude a push for a more immediate solution.
> 
> ISTM the "push" is less for a solution than for understandably
> attempting to corner a market. I don't think such attempts are "bad"
> things, but I do think following 'em is more likely unwise.
> 
> Sorry if I've missed it, but who do we have that is calling for a
> post-quantum PKI solution to be developed now, but who is not
> promoting one such?
> 
> Thanks, S. _______________________________________________ 
> Secdispatch mailing list Secdispatch@ietf.org 
> https://www.ietf.org/mailman/listinfo/secdispatch
>