IETF Logo Mail Archive

Re: [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs

Hubert Kario <hkario@redhat.com> Wed, 17 April 2024 14:25 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E197C14F6E1 for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 07:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.144
X-Spam-Level:
X-Spam-Status: No, score=-4.144 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQQKFCOXktrb for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 07:25:30 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A7CEC14F6BC for <spasm@ietf.org>; Wed, 17 Apr 2024 07:25:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713363929; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u8ii7oSaHycLb+UFKg7/cBOfgPcxOxY+jCjgJ4iCc/o=; b=UnS1BTT4+sk2m7Ol+J20Im2pSMphSWYdsNCUutMQqvGHZ2VgS60+gCVwFmp5VONoTvwJNQ u6G7qsqH15qm9XfAsrsVaOslYH9laJPe63je2hpUK/K2yF4FV48FQIxQRZ8dp0KCMSvF4j txZ2WmYb4us9WKl2ZNkLkoT5drkoKRY=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-148-4-uNrOqkMdin7JbgAhpoeg-1; Wed, 17 Apr 2024 10:25:25 -0400
X-MC-Unique: 4-uNrOqkMdin7JbgAhpoeg-1
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-4183909fec8so25504245e9.0 for <spasm@ietf.org>; Wed, 17 Apr 2024 07:25:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713363924; x=1713968724; h=content-transfer-encoding:user-agent:organization:references :in-reply-to:message-id:mime-version:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u8ii7oSaHycLb+UFKg7/cBOfgPcxOxY+jCjgJ4iCc/o=; b=mDl9Ua89fpM1nRo+cmZXVz0SDBJGhHDRrDWyNpNDUkgOkjSjcGULQt5HoaK695huQU 1a3P4+7o2ssewUeqTnfaqszrqFnsI0F+dLnsX6hjvOB4AUmzVGBHZvGbV6sNmF0gDYpy 0ft69edoizf8TgtLJn60zlfA5KQ/ttviIytHViFkmAdmn3h0VN77aRc3BhOpkjbf/fKV lHNeR3CSq9OC0enm8P8Cypj/M0RKLJuUr3uhs1b43XIIJ5GxQSk1Lm93YJ/xPardXmFF ueD7KsBv02OxKKflcdwe/BeEftuRdjcjgwaZ4ja6DAVhUTglojRNFu/Vfofp99fFqisL oatA==
X-Forwarded-Encrypted: i=1; AJvYcCULmZAc8D4jrJuaW+HgQDv9A3gKUzVoq4WZLtarjmfacOtU+sfcaOVJ+JK3wNq3YBt6mKzHij5n3jYjLeo5kA==
X-Gm-Message-State: AOJu0YxxYEwKwFptOooIknJAe+nuNRyOjFtSCoUGUFWqmhzUYr3+7IOn 0a+fIDg9ok4EB+TXLaLMHS3JTEgvZTZUNcp1SLNXHh7SMA8tsTNrrEWA2E2vM1aiscaeab9URfZ /b/qdKsL2sb0CuWL2etFlW64jE6+cSfvGv2FbQYSRuo8hnFYRpfI=
X-Received: by 2002:a05:600c:b96:b0:418:d391:b0b1 with SMTP id fl22-20020a05600c0b9600b00418d391b0b1mr205144wmb.21.1713363924719; Wed, 17 Apr 2024 07:25:24 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEYDTMqZOw3o1C0OjvEbPUr9fpXeMJI8M2hfon1uXLMakNaYgE5pzjfj+UPJb9JdCkFmhjhZw==
X-Received: by 2002:a05:600c:b96:b0:418:d391:b0b1 with SMTP id fl22-20020a05600c0b9600b00418d391b0b1mr205122wmb.21.1713363924325; Wed, 17 Apr 2024 07:25:24 -0700 (PDT)
Received: from localhost (nat-pool-brq-u.redhat.com. [213.175.37.12]) by smtp.gmail.com with ESMTPSA id h21-20020a05600c351500b0041825f17a71sm2990729wmq.30.2024.04.17.07.25.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 07:25:24 -0700 (PDT)
From: Hubert Kario <hkario@redhat.com>
To: "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Date: Wed, 17 Apr 2024 16:25:23 +0200
MIME-Version: 1.0
Message-ID: <fafe0335-3fa6-486f-a8cf-6dae7074d731@redhat.com>
In-Reply-To: <dfbc62145d004111ac3a55f668e7d00d@amazon.com>
References: <2EE41815-9EF3-4D6B-888A-385C3C91987A@vigilsec.com> <bf61b0ba-543f-4f34-8ae5-a0f5f5030d72@cs.tcd.ie> <dfbc62145d004111ac3a55f668e7d00d@amazon.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.11; xcb; Linux; Fedora release 38 (Thirty Eight)
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/JLcxM7YIlFBIH1NywCg-ARtzAyk>
Subject: Re: [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 14:25:32 -0000

On Wednesday, 17 April 2024 15:59:50 CEST, Kampanakis, Panos wrote:
> I oppose adoption as well. 
>
> Some of the reasons: 
> - Combining sigs is not as urgent of an issue, so we better 
> have trust to whatever we deploy before we need them.
> - We can afford to wait for most signing use-cases, and those 
> that can't, can use SLH-DSA which is conservatively secure. 
> - Classical  and PQ sigs will coexist for a long time so any PQ 
> signature security issue could be remediated by swapping back to 
> classical. 

To add to that, signatures that need to remain secure for a long
period of time (legal documents and such) can already use multiple
time-stamps to prove using both classical and post-quantum crypto
that the original classical signature was created before
cryptographically relevant quantum computers were created.

So, in my opinion, it's too early to work on composite signatures.

> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Stephen Farrell
> Sent: Wednesday, April 17, 2024 9:21 AM
> To: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
> Subject: RE: [EXTERNAL] [lamps] Call for Adoption of 
> draft-ounsworth-pq-composite-sigs
>
> CAUTION: This email originated from outside of the 
> organization. Do not click links or open attachments unless you 
> can confirm the sender and know the content is safe.
>
>
>
> Hiya,
>
> On 16/04/2024 19:29, Russ Housley wrote:
>> At IETF 119, there was a short discussion of 
>> draft-ounsworth-pq-composite-sigs.  The authors asked for a call for 
>> adoption, and no one offered any reason not to move forward at that 
>> time.
>> 
>> This message starts a two-week call for adoption of this document.
>> Please say whether you support adoption of this document by Tuesday,
>> 30 April 2024.
>
> (Perhaps unsurprisingly;-) I oppose adoption.
>
> I don't think we have a sufficient understanding of the costs 
> of adding composite sigs to x.509 based PKIs, and how those 
> costs will be distributed amongst the various parties involved, 
> nor about what's likely or unlikely to be deployed, to fire 
> ahead now and define a pile of new composite sig algs. To do 
> proper engineering, we should IMO have such an understanding 
> before we start spraying out new OIDs each of which imposes 
> costs on participants in PKIs.
>
> Cheers,
> S.
>
> PS: I could also raise objections about lower level details of 
> the draft but those could perhaps be handled after adoption, 
> e.g. whether, and if so what kinds of, RSA sigs to include 
> shouldn't be based on what's possible but on what's likely to 
> get adopted esp. by real CAs, relying parties and key holders.
>
>

-- 
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic

v2.23.0 | Report a Bug | By Email