IETF Logo Mail Archive

Re: [lamps] Proposed recharter text

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Thu, 18 February 2021 16:55 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 254A23A1964 for <spasm@ietfa.amsl.com>; Thu, 18 Feb 2021 08:55:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lqh3AoMG; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=ImlYmLEy
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OByStwpBCdD9 for <spasm@ietfa.amsl.com>; Thu, 18 Feb 2021 08:55:52 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B99B03A17D6 for <spasm@ietf.org>; Thu, 18 Feb 2021 08:55:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13353; q=dns/txt; s=iport; t=1613667307; x=1614876907; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=UKn0yoJdJ3fKuSbrtzDsx01BaoWOBk/M7hl9J1c2qJM=; b=lqh3AoMGMfe+3BF1J7PUhQpUM8FA2yDyGLY77yj5CdcFyvYs/XLphBSA 6xqE7EMCCXGLQ98LSnZ6gjACWBrkSGdgzXMpuUaYn698SF2ChxdYQkwRG 4Fagk2R200JVUUTvvL2WXN7o3pG5DV3tc3LYgeGQ+AAhZSdp0iDgjkGTe E=;
X-Files: smime.p7s : 4024
IronPort-PHdr: 9a23:sUrCkh0adjHXh+JIsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWFvadzjVDIWZ7W4LRPjO+F+6zjWGlV55GHvThCdZFXTBYKhI0QmBBoG8+KD0D3bZuIJyw3FchPThlpqne8N0UGBsfxZlnJr3b05jkXSV3zMANvLbHzHYjfx828y+G1/cjVZANFzDqwaL9/NlO4twLU48IXmoBlbK02z0jE
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ABCwAAmy5g/5xdJa1iHQEBAQEJARIBBQUBQIFPgVNRB3YsLjYxCod/A44JA4EFjhOKBoFCgREDVAQHAQEBCgMBAR0LCgIEAQGETQKCCwIlOBMCAwEBCwEBBQEBAQIBBgRxhWENhkQBAQEDAQEBPgEBLAsBBAcEAgEIEQQBAQEuAiULHQgCBA4FCAaCXoF+VwMOEQ8BDqNvAooldIE0gwQBAQaFIxiCCwcDBoE4gVOBI4pKJhyBQUGBEUOCIjU+gl0BAQKBHwkBCwYCASKDSIIrgVgRHUMQCCcmAQMGFzYUOwkDPRwbBAECA00FGgIeD491V4wInE4KgnuEZ4JqlF+DMaAFhk+IJodVn3sCBAIEBQIOAQEGgWsjZ3BwFTuCaVAXAg2OH4NvhRSFRXMCNQIGCgEBAwl8iFMqgQsBgQ4BAQ
X-IronPort-AV: E=Sophos;i="5.81,187,1610409600"; d="p7s'?scan'208";a="592916018"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Feb 2021 16:55:06 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 11IGt5vl007725 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 Feb 2021 16:55:06 GMT
Received: from xfe-aln-002.cisco.com (173.37.135.122) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 18 Feb 2021 10:55:05 -0600
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 18 Feb 2021 10:54:51 -0600
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Thu, 18 Feb 2021 10:54:51 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KMcHV/uWVwocvg1DckGKtfgzL9tHJQGnQjOQmPWvLgvJAiSHQYV1XX9BxJ8eRefY7ppoAZs6ThdWd3M+kilu0rqghmzYdbmLmjmFrR5jUkWqgE+whns+4Te8ptZw9sTAZML1pUqkaeha2yZQtQ+8ju4CgI8pChJRtoX4ila+PBtoPw/ULM7zHvCZjjYF92XxkJ7PaeTVi/sGYzzH1mzE9Ooe62coMD0eTZGs+J5ues44kwelgRCQT/ORVNERzOL+fuV5G1NnGrMRYOG4ywN/Rh1PFq3Wk1I8x33iDKd1CtZZ4c0zFXAh8dPll+Vd/yexvqpGDBq5Ng+RHhfrZvJ2mQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0sNdsaVlCUk2TvshzJHgt138F9NjVeni4CcHNidqdWw=; b=PPAkA0C2gvauauO1iIl675HikYa50jstLMe8CzBWJwZzu5yuXksRNwU2hnA210cddYKQObVtAKzEM7u4Ba4Aoc0IwsvP3KRIRHUUOCrvNO0Ug5tEoSYXKESZBrBgkyPFhFWeQdHQyFcCr4cMwvDKCPPHWUJKBfEtKd7N76ysTW8rs3/l6qjy4YklNL9YFfGvFDjoM6wxpp9g/tUHRSNi3J1q3KuqMHCUAZ1msoO3/OFx0HqqHZcyn02DkOuJzva3ntHDHrB/Qvzf++BKzhNQ2UKDX2CpP0xMaAep6C+DwCG+mGzohznZBTqBN82y9LCkl767yEkQx8s8CNS11OVqjQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0sNdsaVlCUk2TvshzJHgt138F9NjVeni4CcHNidqdWw=; b=ImlYmLEyWzgaRuijoYxZoGyMJT/C1sfl9ohqh1eB/Qg2zJymNitZUdY/Ww6BWip6kywesYrKIgleAYQo9Tv2oSj/BMix0eljomdwKVtCCXx+pQ6u2rkVqcza8W2/T/su8VG2vkOWAZS13s7ZPTZwNz5CbqYfvWNkk1vNaom0bjM=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (2603:10b6:406:af::18) by BN6PR11MB1778.namprd11.prod.outlook.com (2603:10b6:404:102::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.29; Thu, 18 Feb 2021 16:54:50 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::d835:66a9:f60c:3567]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::d835:66a9:f60c:3567%5]) with mapi id 15.20.3846.043; Thu, 18 Feb 2021 16:54:50 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Proposed recharter text
Thread-Index: AQHW/+qA3mPsDtgkDUix/7Da0AMtLqpbwtgAgACkfQCAABgaIA==
Date: Thu, 18 Feb 2021 16:54:50 +0000
Message-ID: <BN7PR11MB2547FC17A10948A912FEF6B8C9859@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <9D01B155-6BB8-4438-8FAA-149686B69B64@vigilsec.com> <BN7PR11MB254762EDB050588E65B423B2C9869@BN7PR11MB2547.namprd11.prod.outlook.com> <038A4AA3-96A5-4827-BEEB-12B58F49102B@vigilsec.com>
In-Reply-To: <038A4AA3-96A5-4827-BEEB-12B58F49102B@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [68.93.142.48]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 31e756a2-bf98-428d-81f6-08d8d42de816
x-ms-traffictypediagnostic: BN6PR11MB1778:
x-microsoft-antispam-prvs: <BN6PR11MB17789140CF8FBC43413D9400C9859@BN6PR11MB1778.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H6dCoicTZeb4XFHQGUMDNSfPCHxhT0bh8UE/zXIdcTLVW4a0+GPgvoai7yyTPIaBKDVw8gNuiLmwbWtELWsxvtqSjeT6LMR7F+AuAE24Fno/E2iYcmzcyJKWo2R93vVw9+ve5D9dZnSf7kfs5o9N5PD1OU/LR0NjCaKd4CzKjAWHaPhV7m2Ogy6wejQNpIXETh3tdXeTzEkHWXg+RxgoxlvYtq8p25fKpJK9vXcOYrjZ+KQ/5fD0Qub/jppDtb/Kw4U8Dj47MnkRvBp9nk6lCnRT+ijscRGI9HTLO0qAHCY7Y0v2m2kPV+F1YYdlyzSi4cawItGYQlf3l0kN7PQDj5ElDmjgvelMKGB8c3mGKUAAd/0ZEJCnFEfCLm3yb7v66BiRqREyyIpuZwA9Y1pWtoSWn5ulloY5XZxEu88ZIeUUCCZv6XB0S0P13Qp7jf0ZXePqwqcHIbLthB5cQDiuWz3+Lf3KfC54RlZSaQ7a/qmJemEyYoALeaG2FGElQFfBI0VCEypnXBoQB+rVVpuoF4uyWwX8uJucKddYgT4eOHb1csbdVN/ZQjghMDpmTxZC2b76TZeD6ZVerdnJ+PqGZOFknd7AHbuqChKoGjDU750=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2547.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(396003)(376002)(366004)(136003)(39860400002)(2906002)(6506007)(66446008)(66476007)(8936002)(478600001)(66946007)(83380400001)(66574015)(64756008)(86362001)(66556008)(76116006)(53546011)(99936003)(52536014)(5660300002)(316002)(966005)(26005)(186003)(4326008)(55016002)(9686003)(66616009)(33656002)(71200400001)(6916009)(8676002)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ECklz9ODrFuSyIm3brhuW97JI/aanKohE6KIPyCj6peo9JYU0nUfW4hy1xZyZEN6KMQgheM6N4G+mTktUcztlxyiLZ5LkAO4JYGtWpo+c+4UyOvGT4qZC+rf1LJ5Att6O3mSFD22qk0taz2O5/LrKDPjbFEG5iId4akt2ENm2PfKkmXikaIgfVOQUo0boymY8teLR424xEFBN9VtBc00V3L9U1zvsGRVU/AvkK+3FA8fAfi24Hpy8JwlOx+I8KsNidLh1L0KYz0VNIYrCidpcRrVUJEHOwvV4gwvytghmSZjODL0n4kGAyy4eeyRcxPClYoh9qIb8WBVcCyrhifgNGdYTcHGpH8qWMypOTd/bXlctW/PS5ccLDyQIbg0z501zMVBPwUlLTfbHw0qOC+i7bDb9WkUvtoizAQScDKXEMr8Es4kUYhErEIlaNTVJJV125Gyl7NKcwj2FyJSfafYUKcVdK86eSmNNMP2y27ssQv+u8kl+qEpkDssrop3rCGK+MLETP49E4w9gTGA0sXJjBj99CDCbIRXqoS3NXuWZRnFgk2A0erMOyZv3NAuU1Laa72PGM761MTAFQF5Lmk31t81Q1q8J3bJvYCPf+5lASuJR7FVQiNRoHeG0Tr2DY5ToX8cWzz+N/4pzlZgAd62MocV+wZhkfcX/lDF+5GzNd/xITcFIqZZSngqOAS4x8h8RB2mpGLv7UoyfJCihJSH5E7qPhRx0ux8Idew8LXehnTiB24qqYbGwl9aTW/sd4ahrAxgh73FCj/9WkEZXW0WqVXELrIqNwQNGMPapPSMujLmxCJs0sJIQhvZemH/d1TpmpcJ5V+G4ig2yRMxMs2RIXtiZTTIV09xVZMYKB3wQG2ioaQZ+uVMKuQlCvl1qoVvuG8565t+OYlERrhhv5eXlD8fTXsei0KK+uQjoNyOwZAg1+CJFcFcOzriLRT3R4xkYhGpYBe2jowfy9BynmhXuxUsMUpAJnhyNq0nhiY1sKXVx2Y1YdpD9Cedu56nWqIH2iMr2Xlw7Zy88TgFH3LHjuawjbjvUoKOHI82+MwN4FhwHfxLUMS6W0G+dyPxIjptGe5T5dSjg+/BowtSlAHuZBCJxZ7M04hXyAldDeUK/j1BO38LkK8TrDupXjqF0kFRKAJrK5Y8c4Tp/2czoFB2Tclug2oYyVdnq5zxyd2h8nbQ5C0X5JtQqYKKLWFxEbo3vYGhoonE4bPgzq/RSBmNcRnQ2n8cFzNmwHwP1TYcnghXsiq7vSR8HjbXc87057cF70eNco+v4jbDtrENXw5/w9RrRV3HpGuXqklsn3wABbQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0042_01D705EC.DB3DA530"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2547.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 31e756a2-bf98-428d-81f6-08d8d42de816
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2021 16:54:50.4231 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TKRpfpacuFbRqzKh/Zl8ENPIa/1z4VNm0tr5DcvN1Ku3MW/48lSR3PxXsDN4QoqpWgJd4X9GcJ4gkqtCVyz/Hg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1778
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/24ng6WhjUd4ElxRU2dNHOY5RkZE>
Subject: Re: [lamps] Proposed recharter text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 16:55:56 -0000

Sorry to be pedantic Russ. 

If 5a was trying to introduce KEMs for content encryption in CMS, then I am
all for that.  My objection was for using KEMs for singing. I am not sure we
will end up needing to use KEMs for PKIX or CMS signing yet. Especially for
PKIX, I expect this to be discussed in the TLS WG. What I am trying to avoid
here is embarking on a KEMTLS journey (which will be long if it happens)
with the argument being that it is already included in the LAMPS charter. 




-----Original Message-----
From: Russ Housley <housley@vigilsec.com> 
Sent: Wednesday, February 17, 2021 8:49 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>
Cc: LAMPS <spasm@ietf.org>
Subject: Re: [lamps] Proposed recharter text

Panos:

I agree that 5a ought to wait for the NIST completion to complete.  I'll add
that to the text...

a. After the NIST Post-Quantum Cryptography (PQC) effort produces one or
more quantum-resistant public-key cryptographic algorithm standards, the
LAMPS WG will specify the use of PQC public key algorithms with the PKIX
certificates and the Cryptographic Message Syntax (CMS).

Russ

> On Feb 16, 2021, at 11:01 PM, Panos Kampanakis (pkampana)
<pkampana=40cisco.com@dmarc.ietf.org> wrote:
> 
> I don't think 5a should be added in the LAMPS charter at this time. 
> It is too early. And besides, draft-ietf-tls-semistatic-dh does the 
> same thing with classical (EC)DH keys in the leaf cert and it is 
> worked in the TLS WG.
> 
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Wednesday, February 10, 2021 3:22 PM
> To: LAMPS <spasm@ietf.org>
> Subject: [lamps] Proposed recharter text
> 
> I propose the attached recharter text.
> 
> Tasks 1-3 are unchanged from the current charter,
> 
> Task 4 is a slightly edited version of the text proposed by DKG after 
> IETF 109.
> 
> Task 5 is the text that came out of the discussion that followed the 
> virtual interim at the end of last month.
> 
> Task 6 was raised in the discussion that followed the virtual interim 
> at the end of last month.  In my view, it is too early to work on 
> advancement of RFC 8550 and RFC 8551, but putting it in the charter 
> now will allow us to tackle them when they are well deployed.
> 
> Russ
> 
> = = = = = = = =
> 
> The PKIX and S/MIME Working Groups have been closed for some time. 
> Some updates have been proposed to the X.509 certificate documents 
> produced by the PKIX Working Group and the electronic mail security 
> documents produced by the S/MIME Working Group.
> 
> The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working 
> Group is chartered to make updates where there is a known constituency 
> interested in real deployment and there is at least one sufficiently 
> well specified approach to the update so that the working group can 
> sensibly evaluate whether to adopt a proposal.
> 
> The LAMPS WG is now tackling these topics:
> 
> 1. Specify the use of short-lived X.509 certificates for which no 
> revocation information is made available by the Certification Authority.
> Short-lived certificates have a lifespan that is shorter than the time 
> needed to detect, report, and distribute revocation information.  As a 
> result, revoking short-lived certificates is unnecessary and pointless.
> 
> 2. Update the specification for the cryptographic protection of email 
> headers -- both for signatures and encryption -- to improve the 
> implementation situation with respect to privacy, security, usability 
> and interoperability in cryptographically-protected electronic mail.
> Most current implementations of cryptographically-protected electronic 
> mail protect only the body of the message, which leaves significant 
> room for attacks against otherwise-protected messages.
> 
> 3. The Certificate Management Protocol (CMP) is specified in RFC 4210, 
> and it offers a vast range of certificate management options.  CMP is 
> currently being used in many different industrial environments, but it 
> needs to be tailored to the specific needs of such machine-to-machine 
> scenarios and communication among PKI management entities.  The LAMPS 
> WG will develop a "lightweight" profile of CMP to more efficiently 
> support of these environments and better facilitate interoperable 
> implementation, while preserving cryptographic algorithm agility.  In 
> addition, necessary updates and clarifications to CMP will be 
> specified in a separate document.  This work will be coordinated with the
LWIG WG.
> 
> 4. Provide concrete guidance for implementers of email user agents to 
> promote interoperability of end-to-end cryptographic protection of 
> email messages.  This may include guidance about the generation, 
> interpretation, and handling of protected messages; management of the 
> relevant certificates; documentation of how to avoid common failure 
> modes; strategies for deployment in a mixed environment; as well as 
> test vectors and examples that can be used by implementers and 
> interoperability testing.  The resulting robust consensus among email 
> user agent implementers is expected to provide more usable and useful
cryptographic security for email users.
> 
> 5. Recent progress in the development of quantum computers pose a 
> threat to widely deployed public key algorithms.  As a result, there 
> is a need to prepare for a day when cryptosystems such as RSA, 
> Diffie-Hellman, ECDSA, ECDH, and EdDSA cannot be depended upon.  As a 
> result, there are efforts to develop standards for post-quantum 
> cryptosystem (PQC) algorithms that that will be secure if large-scale
quantum computers are ever developed.
> 
> a. Specify the use of PQC public key algorithms with the PKIX 
> certificates and the Cryptographic Message Syntax (CMS).
> 
> b. Develop specifications to facilitate a lengthy transition from 
> today's public key algorithms to PQC public key algorithms.  Unlike 
> previous algorithm transitions, time will be needed before there is 
> full confidence in the PQC public key algorithms.  Therefore, 
> transition mechanisms that combine traditional algorithms with PQC 
> algorithms will be needed for "hybrid key establishment" and "dual 
> signatures".  NIST defines "hybrid key establishment" as any key 
> establishment scheme that is a combination of two or more components 
> that are themselves cryptographic key-establishment schemes.  NIST 
> defines "dual signatures" as any signature scheme that consists of two 
> or more signatures on a common message.  The specifications developed 
> will enable PKIX and S/MIME protocols to support hybrid key establishment
and dual signature mechanisms.
> 
> 6. Progress RFC 5280, RFC 6960, RFC 8550, and RFC 8551 to Internet 
> Standard status.
> 
> In addition, the LAMPS WG may investigate other updates to documents 
> produced by the PKIX and S/MIME WG. The LAMPS WG may produce 
> clarifications where needed, but the LAMPS WG shall not adopt anything 
> beyond clarifications without rechartering.
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email