IETF Logo Mail Archive

Re: [lamps] SKID extensions Re: PQ-hybrid or PQ-Composite?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 27 October 2022 15:00 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61550C1522DF for <spasm@ietfa.amsl.com>; Thu, 27 Oct 2022 08:00:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zR_Jm5w9OhGz for <spasm@ietfa.amsl.com>; Thu, 27 Oct 2022 08:00:37 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8887C1522DA for <spasm@ietf.org>; Thu, 27 Oct 2022 08:00:36 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 29RESTY9018443; Thu, 27 Oct 2022 10:00:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=b1iSh5Y27IJwqMaclFbkzpCBcUMyjYXSskceYDeIP6E=; b=hpCL5pGHkv9jjceaJys25dNU2lSqEQAP8pHoXRMfypHGvfTAYpu2KS5FLUgt9X6SEnkG uxZLnAMIXfuAD9L1I4Oz1UPam2iGzaJ+FMAXIAfgjNeF+G7A5i5N8kznmeFagM3wL2JD AsXJr220uWjGnNomETh5uCiOwz4cQSjrkeYgIvCGjYki4rC4r+nfs+L/FRT5yxdt8mEr 6UcrMmnTKSz/7K1v4dHnusWeeeCk6asX5x+RK/ZBvE84yBZ7jRIDoqctztqzAlLk56HQ JpVjECUWrC9MT202IqA6+nrzgrdSMxa5e0om4HoDjuHeNt7iqSrmg6T48M8sK2QAg9mh RQ==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2176.outbound.protection.outlook.com [104.47.56.176]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3kfajekmdj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 27 Oct 2022 10:00:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ibLknSl9eH4cbdrWTrvr324YJ87L4/hHJg/P0w9t/x1YiEw0lHVTD3O2fA1iu8CU1ugo91CawlptJrT/UP4PsoT6CkTUF27r/pkseuhqaFHE0ZLtPm5lGswL4zykm/ZdibJ8il1nfp1VOT1eLn+TXKK1jupBW/JnsmmXSs4BBZrWcKXpMj9KhBU7/5bzlq4rvDV0FX5EVDFOImIR5HimRjrTHKnV+bgDQIHv7Y1BPyvVho3yOGAavfVsd8Pp07k1SMh1dB5S1nCGd8v80xoiv8TYpIPj0RhapZJxt56oEtvkOLcZkseCiTtpny7oVqljqbRHHTENNwJS/V5VUM6tFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b1iSh5Y27IJwqMaclFbkzpCBcUMyjYXSskceYDeIP6E=; b=WzQAnXQqYiaOQtGRtzwcSJkUad/QatDMkp0hvb9pcVycVZagvRi0WyrgvpgxPhiIuqCyOqb3UT/DTALeKt2tTtCeIhsJA5NU0LELhjqBYaA9/I0WisHvusqfu/zKBKh/fZIX/D6xipOcFZ800uBooriMDSNcfBive/i/U1KtYcW8ZeicVp7vgLME+q6khXDIxAmzZXrLFHPIz4KSIZKrd9yBDn+4Ch6V/QU2TdLie8tVOK99Ov/g54II6KY9dnpOrro5/NHvulpxy4IFsb4QiOMT5+ED2XOfBEc5zozJVPgPDHQ9hZ4N41tEWrmWRCpvXwGyIxwntF7WVlSJwwhhTQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by SJ1PR11MB6132.namprd11.prod.outlook.com (2603:10b6:a03:45d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.41; Thu, 27 Oct 2022 15:00:21 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f83:1213:1f6a:2e21%4]) with mapi id 15.20.5746.028; Thu, 27 Oct 2022 15:00:21 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Carl Wallace <carl@redhoundsoftware.com>, "Kampanakis, Panos" <kpanos@amazon.com>, 'LAMPS' <spasm@ietf.org>, Philip Lafrance <Philip.Lafrance@isara.com>, Max Pala <m.pala@cablelabs.com>, "Klaußner, Jan" <Jan.Klaussner@d-trust.net>
Thread-Topic: SKID extensions Re: [lamps] PQ-hybrid or PQ-Composite?
Thread-Index: AQHY6gRLIlpfWnKmM06k7NdRf/57P64iSn7ggAAIkQCAAACk0A==
Date: Thu, 27 Oct 2022 15:00:21 +0000
Message-ID: <CH0PR11MB5739AD6EA7504E4ABA16A7939F339@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <108E5963-E837-47B4-A18F-ABF6E530C263@redhoundsoftware.com> <CH0PR11MB5739523DE93429F7D5D4A4309F339@CH0PR11MB5739.namprd11.prod.outlook.com> <8051B8EB-DDA8-4E26-8245-CECAE2EF730A@redhoundsoftware.com>
In-Reply-To: <8051B8EB-DDA8-4E26-8245-CECAE2EF730A@redhoundsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: m.pala@cablelabs.com,Jan.Klaussner@d-trust.net
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|SJ1PR11MB6132:EE_
x-ms-office365-filtering-correlation-id: 39cb3070-d5e7-42a0-ee47-08dab82bf816
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: snhJrEB0t/7WXW9NkwPFalRzVPXeOpBh4ua77Fe6yImltpVcnXhhGNRmPzV7ghT8ufsO0txKZKl4vw6YwC75ixNKZ2CQNF70mKsZLb97ryegivvOmSbUCHg/EhMrxqGi7hUmGOViRuJtYL7pYz5Ru7bl7G2zzDIG7RHxHv4Q685KLRZOBXqu5U2BvbJQFPCB52UOiJxv/g1q2oQdkvibeWnUmTOO64N9Ln0zzicJa03tZST4dNp6Cnm/t82bjlKz7hzB1Q89DfznuKmx0LbZgy22Bw5RA6+9GNcJbny/rtniNZR6xEP5lTERZmkoswcX8dP5+DyCAg+/OOfZbYANhUPL2oxopC3yK1HwZaMMxdOonGJ9vLrqzKtXUazyxo2HV9RAlMjS7mwY3qX/dqzBvAtXiAjhK65bwi6lolvFVC2WSElrd3wJwbCTI/zyxCOzXY3/zxOAIhcN+jku7kFalkXZXG1qKoZuIztRaY7QYYCImaay4Wqh2jtg6lPAavptwvmVU96/mBUg8lvQz4TUyHWEemYEblk8YO5A5UNqtYQm39/j/kF8F3yaBNT13DwJlBTjDjH61kOW33ZH6+YVauYBFDHOsoIqegBcIQ7gug7XBuhVgGkcj84EpG1Sxv0dFqWF4OIKYtMcYj02rYcyrRdCkUuTmFQ9KTFDmQTBXYPypvdxQ+nNnQQ+gaEJJ7fbNi8kV4jvUb6BQo3F/oneX/vfdJWPmLPJG67XJNNPol6TJYOUCi3oCuTJUUleVk/6a/AXa4dkdFxdNbPC4abvrgFg9XxV0aHg3Sdfg5nx4YE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(39860400002)(346002)(136003)(376002)(366004)(396003)(451199015)(64756008)(38100700002)(66946007)(66556008)(76116006)(66476007)(66446008)(8676002)(186003)(2906002)(55016003)(26005)(86362001)(33656002)(83380400001)(66574015)(41300700001)(9686003)(53546011)(7696005)(122000001)(6506007)(52536014)(8936002)(5660300002)(38070700005)(966005)(478600001)(71200400001)(316002)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vMkhd3HOdw4e10KSHJsKm7Gtkakz6uPCndZTqxX7XDk7MrNAV05nqO2d9d5LBGisR4biMztx0sT3wFs5xTD3bcZ15x/fGBlgzClcIAiWHxKbcT6l67xaT8eYax0Z7yeQRbXcHEgyZzcIZb0MhyD0Vu9glM00y00NJqNLGbtzDTwpqxJhs7qc/s7eh895WZa06fFrVScUfE+m2S/5WBHkmhfUTmMl98hlWWlKeCVarVfZqfhNlL66ayxAklMgoamk73pkbaaeud21ybz+4e7h5YC2UtwKs3JxFY/mqya3Y0n6SzgitdPUkjcRx0Ni1m+JjHOfIpz07ZUhZn9pA8+SKXt9ZMnbR1UdWGUw6qtHrxcdzelIFfDEM3kSZm7GfQBwjic2BKssFG8P6xb36AGLEAiMdTKKGIVvefFzQtTubFrSMW2U7Zc5FsA06wljphFpy6FLMVhrfTwC5VKr751IfA7kqOYdrVgUhkniElTO+fXmf6SkrxRy8PI7W+P8PynM8MSnzitO50hosZA7o+YxFlRwcy3b8cChxQvjfE66j80bir0RjtzVx/ETm2cAEANXidKCwrM2VoqKvZDCMVAAsvjtzDvlbtbFMp2wz+Ez+ASbCWsvvH5SbN8fMIFsJcoRhDtmTpYQvvVeWrSEmL99sLAVyeOWSl2JfqMoStjsYNLEaDASlWLxTFsrzGrYdFXnvKVm9i0X7a7pNDFQSrEhBSUsD7sTbSsBXu8kmlAc6fMk9qATiUK9u5rBPeFP5Mxv4R/U32gxe+/D8rwbwcObQwmcqKWFgRnqDfemad73LoVtrwGOhDAR46HKN+zrVRFmLmjcJpOMUHnUGghNYr+UEu34dOzKrg8DAy2mouVe6JQn0LMqgGaiBXoQZU+fVyhHAtquce2CmaxJqgSy3XusA6SkAByCTpmmNIqftJYDdMqtsb/blzhcWRmDkrW09ko6xQgvv72j5Rkh08ZC5pp+Q4zYyN38il+bhxpEcSu5NiWPLnTnQuqbhw4GAmrXEpq2gzN/vS0uzserL12JBZQlRsCqS7oTGrSr0Si+ArAlihoGokCFOU57sSNq7dvDxFlASIoPlkCm6TJDJerl5WwPSmidu/3QWc5EVriD6qpCYRVlO7O9nKD2p6HVtEi+55E2EEn1rD3UPmJJTVVKAt2BRMuZPauOZUDZs7aG1HNGi/2m2XrslnEWRsbaZy/rd64PcsDW622gREpYHrSt7Mrp2MCrm7u0rubZT7qi20/bvrqhyaLAuHvX8EaOf12RvS/Ecbi+etnipS+h6g6dAefDm2uviWIuBfmEMCEtqAZfeYUaWjqVjVjyLL//pl7nQoe+jZ/Son5Trk05YCk0H6pMx6CNdca+nUWtjO+5bUJ/sqZqmokVvQ3b039JdWJ+2ZUu7q9oA3VB0rWvxNMk1vR5lZoati1NDZ47LZXh87RoqmcBedYCcjP5jWClsQU+/5nz3eV+PydypIORY6uZ5Sjb7MrNEt6o0b2M71nQNAkjzSUSQW5S2c4CzeTOEAEMtszMMGoQxxhgqfRhrSlhYQst93MMwp7q5DA28RAKpB0q2R5obmmF9JKzXLzuA1dzdS4WrmYG9Kd2QTeXN12llKE0LA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39cb3070-d5e7-42a0-ee47-08dab82bf816
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2022 15:00:21.1234 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Oo7e8JHqMwLzqlgBIXFjHMg0ZLWpW02U3i2B1v0rC5ueBcLJsUo8UTACSXJhGo+GGKPjSdS1ZGqv/6U1AYWQqz9xwZY6RPHwyXz4o7WSnBQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR11MB6132
X-Proofpoint-GUID: zRmG6AqsaVQ_B5eQw5nLcTxoBxYr4tDt
X-Proofpoint-ORIG-GUID: zRmG6AqsaVQ_B5eQw5nLcTxoBxYr4tDt
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-27_07,2022-10-27_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1011 mlxscore=0 bulkscore=0 adultscore=0 priorityscore=1501 suspectscore=0 phishscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2210270082
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DNQcR4iRnDlIN94VHt6qXqw529I>
Subject: Re: [lamps] SKID extensions Re: PQ-hybrid or PQ-Composite?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2022 15:00:41 -0000

The composite drafts, as they stand right now, are a hard AND mode: it is one atomic key, it is always used as an atomic key, the fact that it's actually multiple keys inside is none of your concern 😊

@Max Pala and @Jan Klaussner are working on a separate draft with an extension that tells verifiers to treat a composite signature as a K-of-N mode (where 1-of-N is equivalent to OR, and N-of-N is equivalent to AND). Max and Jan: your draft may need to address SKID if component keys are allowed to be used independently.

---
Mike Ounsworth

-----Original Message-----
From: Carl Wallace <carl@redhoundsoftware.com> 
Sent: October 27, 2022 9:51 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Kampanakis, Panos <kpanos@amazon.com>; 'LAMPS' <spasm@ietf.org>; Philip Lafrance <Philip.Lafrance@isara.com>
Subject: [EXTERNAL] Re: SKID extensions Re: [lamps] PQ-hybrid or PQ-Composite?

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Is the intent for composite to verify with only both keys or either key? If either (which is what I was assuming in at least some cases), the composite SKID won't help.

On 10/27/22, 10:36 AM, "Mike Ounsworth" <Mike.Ounsworth@entrust.com> wrote:

    + @Philip Lafrance

    Good point Carl.

    For Composite you still have a single SubjectPublicKeyInfo in the usual place (just that its subjectPublicKey BIT STRING happens to contain a SEQUENCE of other keys). So the SKID method suggested in 5280 (or any other SKID method) should apply cleanly and unambiguously:

    > the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

    So I don't think it needs to be explicitly mentioned in the composite draft?



    For Catalyst Hybrid certs (draft-truskovsky-lamps-pq-hybrid-x509) I agree this is tricky; you have two independent pubkeys: the usual one, plus one in a SubjectAltPublicKeyInfoExt extension. Do you also need an AltSubjectKeyIdentifierExt? Further complicated if you're allowed more than one SubjectAltPublicKeyInfoExt. Maybe we should hold this technical feedback until such time as there is an active I-D for Hybrid Certs?

    ---
    Mike Ounsworth

    -----Original Message-----
    From: Carl Wallace <carl@redhoundsoftware.com> 
    Sent: October 27, 2022 8:02 AM
    To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Kampanakis, Panos <kpanos@amazon.com>; 'LAMPS' <spasm@ietf.org>
    Subject: [EXTERNAL] SKID extensions Re: [lamps] PQ-hybrid or PQ-Composite?

    WARNING: This email originated outside of Entrust.
    DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

    ______________________________________________________________________
    Has there been any discussion of how SKID extensions would work with either hybrid or composite? I saw no mention in the expired hybrid draft cited below nor the current composite key and signature drafts. Seems like a new structure would be required, which would impact path building and backwards compatibility.  

    On 10/26/22, 3:00 PM, "Spasm on behalf of Mike Ounsworth" <spasm-bounces@ietf.org on behalf of Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote:

        Ah, you beat me to it!

        Yes, ISARA has announced intent to dedicate the Hybrid Cert ("Catalyst") IP to the public domain.

        The way I see it is this (off the top of my head, not a carefully researched answer):

        Pros of Catalyst Hybrid:

        * Extends X.509 in "the obvious way" via an extension.
        * Fully backwards compatible because legacy clients will simply ignore the unrecognized non-critical extension.
        * Avoids combinatorial explosion of pairwise OIDs.
        * "Complexity" of checking both signatures lives at the X.509 layer.


        Cons of Catalyst Hybrid (and Pros of composite):

        * Hybrid Catalyst does not provide any encoding for transmitting multiple signatures, so you still need to either modify all the protocols to carry two signatures, or use a composite signature value.
        * You carry the (very large) PQ key and sig over the network whether or not the client uses it (ie very hard to negotiate algs when a hybrid cert is in use).
        * It is very difficult to audit what crypto was actually used at runtime since the server has no way to know whether the client actually checked the PQ part.
        * Compare that with composite where you either negotiate a traditional OID or a composite OID and it's very clear what's being used.
        * Catalyst Hybrid is not resistant to stripping / downgrade attack (ie Catalyst Hybrid certs only really make sense in an OR mode; though I suppose you could make them an AND mode by marking the extension CRITICAL).
        * "Complexity" of checking both signatures lives at the crypto alg layer.



        So as much as I'd like it to be as straight-forward of "We have Hybrid again, so let's drop Composite", I don't think it's that simple. I think there are strong advantages to each. I think I speak for Entrust that see value in supporting both Catalyst Hybrid and Composite certificates (as well as pure PQ / multi-cert), and would keep all three in our toolbox to recommend to customers depending on the details of their migration needs.

        But I agree that they are very similar and this is a good discussion to have.

        ---
        Mike Ounsworth

        -----Original Message-----
        From: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>
        Sent: October 26, 2022 1:24 PM
        To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; 'LAMPS' <spasm@ietf.org>
        Subject: [EXTERNAL] PQ-hybrid or PQ-Composite?

        WARNING: This email originated outside of Entrust.
        DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

        ______________________________________________________________________
        Hi Mike, composite drafts authors, and WG,

        Sorry for the monkey wrench. I am sure you are aware of this https://urldefense.com/v3/__https://www.isara.com/company/newsroom/isara-dedicates-four-hybrid-certificate-patents-to-the-public.html__;!!FJ-Y8qCqXTj2!aztm9JK1STn0XcErfeMf5yXQFR_5MMDuqP3WVKhZK9uu1C041s2dbh6qgNpa4nZj588VU3vhLFDl6BrRRvVIpDYvnCIBq3gm_SO6$  . ISARA seems to have opened up the patents they had on hybrid certs. Hybrid certs do the same thing as composites, but they add the additional algorithm in an optional extension, not concatenated. One advantage of hybrids is that we don't need a bunch PQ-composite OIDs. One disadvantage could be that the PQ-verifier needs to be careful to verify and not ignore the extension.

        If the IPR is indeed open for use now, should the WG be discussing which is the better option?

        Rgs,
        Panos

        Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
        _______________________________________________
        Spasm mailing list
        Spasm@ietf.org
        https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!Y7s7PLJaE5ModAs1T3eP5fpBuLZXuxA3FYcRJA734sJw0C5uxcpnGGvxfRC_xnzzz0CjVh6Aef22xqmakJb-QBt4$

v2.23.0 | Report a Bug | By Email