[lamps] FW: New Version Notification for draft-vangeest-x509-hash-sigs-00.txt

[Daniel Van Geest <Daniel.VanGeest@isara.com>]

My employer has seen interest in hash-based signatures for X.509 certificates and is implementing support for them.  This draft adds signature algorithm identifiers for HSS (the key identifier is already defined in draft-ietf-lamps-cms-hash-sig), and key and signature algorithm identifiers for XMSS and XMSS^MT.



Due to their statefulness, these hash-based signatures are not appropriate for EE certs in interactive protocols, but are useful in CA certs and code signing.  Because of the long time needed to deploy CA certs, the potential long life of signed code, and the fact that hash-based signatures are already considered to be secure, it is prudent to enable deployment of hash-based certificates now rather than waiting for the NIST competition to select a PQ signature scheme.



This is a relatively simple draft, basically just assignment of OIDs.  Is there interest in this group for this draft?  If not, should it be an Individual Submission?  I can post this to Secdispatch for their opinion too.



A few other notes on the draft:

- It needs to align KeyUsage with draft-ietf-lamps-cms-hash-sig (this draft currently has MUSTs for the values, while the other has MAYs).

- id-alg-hss-lms-hashsig is repeated from ietf-lamps-cms-hash-sig.  All other OIDs are assigned from ISARA’s arc.  If instead there is a preferred arc to request OIDs from we can look into that.



Any feedback from the group would be appreciated.



Thanks,

Daniel




On 2018-10-10, 8:14 PM, "internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>" <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:


A new version of I-D, draft-vangeest-x509-hash-sigs-00.txt
has been successfully submitted by Daniel Van Geest and posted to the
IETF repository.

Name:                   draft-vangeest-x509-hash-sigs
Revision:              00
Title:                      Algorithm Identifiers for HSS and XMSS for Use in the Internet X.509 Public Key Infrastructure
Document date:                2018-10-10
Group:                  Individual Submission
Pages:                   13
URL:            https://www.ietf.org/internet-drafts/draft-vangeest-x509-hash-sigs-00.txt
Status:         https://datatracker.ietf.org/doc/draft-vangeest-x509-hash-sigs/
Htmlized:       https://tools.ietf.org/html/draft-vangeest-x509-hash-sigs-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-vangeest-x509-hash-sigs


Abstract:
   This document specifies algorithm identifiers and ASN.1 encoding
   formats for the Hierarchical Signature System (HSS), eXtended Merkle
   Signature Scheme (XMSS), and XMSS^MT, a multi-tree variant of XMSS.
   This specification applies to the Internet X.509 Public Key
   infrastructure (PKI) when digital signatures are used to sign
   certificates and certificate revocation lists (CRLs).




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat