Re: [lamps] Call for adoption for the composite-related Internet-Drafts
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 14 June 2023 15:22 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBC5C151B23 for <spasm@ietfa.amsl.com>; Wed, 14 Jun 2023 08:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8DpSStwde8rF for <spasm@ietfa.amsl.com>; Wed, 14 Jun 2023 08:22:09 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4b.welho.com [83.102.41.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71FE6C151B15 for <spasm@ietf.org>; Wed, 14 Jun 2023 08:22:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id C495E67A81 for <spasm@ietf.org>; Wed, 14 Jun 2023 18:22:06 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id 4V9844qlfwA9 for <spasm@ietf.org>; Wed, 14 Jun 2023 18:22:06 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-94-129-82.rev.dnainternet.fi [87.94.129.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 843F37A for <spasm@ietf.org>; Wed, 14 Jun 2023 18:22:05 +0300 (EEST)
Date: Wed, 14 Jun 2023 18:22:05 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: LAMPS <spasm@ietf.org>
Message-ID: <ZInbHaZAFDACe346@LK-Perkele-VII2.locald>
References: <C5B6AE84-DF32-4A80-92CF-DD51FB622C20@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <C5B6AE84-DF32-4A80-92CF-DD51FB622C20@vigilsec.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/JacwSqez2vtaKhx8sHjGYAKLxas>
Subject: Re: [lamps] Call for adoption for the composite-related Internet-Drafts
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jun 2023 15:22:15 -0000
On Tue, May 30, 2023 at 03:42:54PM -0400, Russ Housley wrote: > Should the LAMPS WG adopt these three Internet-Drafts ... > > 1) "Composite Signatures For Use In Internet PKI" in draft-ounsworth-pq-composite-sigs-09? No. Any work on this is premature until NIST publishes the NISTPQC specifications. The transition long pole can not even begin before that point, and all that would likely result from this draft is zombie algorithms causing problems. If some application requires very long-term security, it should be using non-hybrid hash signatures. That is actually why NSA published the very premature CNSA 2.0 specification with major missing references. > 2) "Composite Public and Private Keys For Use In Internet PKI" in draft-ounsworth-pq-composite-keys-05? No. The key formats should be simple enough to define in the KEM / signature specifications. Any sort of common "framework" is a major red flag about excessive complexity that will lead into security bugs. > 3) "Composite KEM For Use In Internet PKI" in draft-ounsworth-pq-composite-kem-02? No. While KEMs are much more time-critical, so one could justify the effort before NISTQPC specifications are available, this draft does not seem to be even a good starting point. It adopts predefined table approach (which I think is acceptable as it does not involve ciphersuites) but then all data formats seem to assume generic composition, leading to excessive complexity that is just asking for security bugs. Fixing this seems to amount to pretty much total redesign (not that it would be complicated). -Ilari
- [lamps] Call for adoption for the composite-relat… Russ Housley
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] Call for adoption for the composite-r… Michael Markowitz
- Re: [lamps] Call for adoption for the composite-r… Salz, Rich
- Re: [lamps] Call for adoption for the composite-r… Carl Wallace
- Re: [lamps] Call for adoption for the composite-r… Salz, Rich
- Re: [lamps] Call for adoption for the composite-r… Tim Hollebeek
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] Call for adoption for the composite-r… Watson Ladd
- Re: [lamps] Call for adoption for the composite-r… Klaußner, Jan
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Call for adoption for the … Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Michael Richardson
- Re: [lamps] [EXTERNAL] Call for adoption for the … Stephen Farrell
- Re: [lamps] [EXT] Re: Call for adoption for the c… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Stephen Farrell
- Re: [lamps] [EXT] Re: Call for adoption for the c… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for the composite-r… Watson Ladd
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Watson Ladd
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Seo Suchan
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Falko Strenzke
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Bruckert, Leonie
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Russ Housley
- Re: [lamps] Call for adoption for the composite-r… ietf@gazdag.de
- Re: [lamps] Call for adoption for the composite-r… Salz, Rich
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] Call for adoption for the composite-r… antonio.vaira@siemens.com
- Re: [lamps] Call for adoption for the composite-r… Tim Hollebeek
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] Call for adoption for the composite-r… Ilari Liusvaara
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Scott Fluhrer (sfluhrer)
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Ilari Liusvaara
- Re: [lamps] Call for adoption for the composite-r… Ilari Liusvaara
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Call for adoption for the … Hubert Kario
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … John Gray
- Re: [lamps] Call for adoption for the composite-r… Tomofumi Okubo
- Re: [lamps] Call for adoption for the composite-r… Russ Housley
- [lamps] Call for adoption for draft-ounsworth-pq-… Russ Housley
- Re: [lamps] [EXTERNAL] Call for adoption for draf… John Gray
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] Call for adoption for the composite-r… Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for the composite-r… Russ Housley
- Re: [lamps] Call for adoption for draft-ounsworth… Stephen Farrell
- Re: [lamps] Call for adoption for the composite-r… Michael Richardson
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ounsworth… Peter C
- Re: [lamps] Call for adoption for draft-ounsworth… John Gray
- Re: [lamps] Call for adoption for draft-ounsworth… Russ Housley
- Re: [lamps] Call for adoption for draft-ounsworth… Peter C
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Tim Hollebeek
- Re: [lamps] Call for adoption for draft-ounsworth… John Gray
- Re: [lamps] Call for adoption for draft-ounsworth… Klaußner, Jan
- Re: [lamps] Call for adoption for the composite-r… Ilari Liusvaara
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … John Gray
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Ilari Liusvaara
- Re: [lamps] Call for adoption for draft-ounsworth… Peter C
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Peter C
- Re: [lamps] Call for adoption for draft-ounsworth… antonio.vaira@siemens.com
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ounsworth… Russ Housley
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth