Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt

Corey Bonnell <Corey.Bonnell@digicert.com> Mon, 11 July 2022 20:23 UTC

Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4EFC157B5E for <spasm@ietfa.amsl.com>; Mon, 11 Jul 2022 13:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.687
X-Spam-Level:
X-Spam-Status: No, score=-2.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWqbmuzN3_nX for <spasm@ietfa.amsl.com>; Mon, 11 Jul 2022 13:23:10 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2125.outbound.protection.outlook.com [40.107.220.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C041C16ECF4 for <spasm@ietf.org>; Mon, 11 Jul 2022 13:23:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SZ5Wxp73n/+bAYPbRilr4zFidlgz4d6PbC3gPgzNfHOwkwD9ZXxKQztouZdWJfECgDtirfpA0roGl/jHl+2IiBKRQRvFMdVSCKRG3B2asa08nEwGrcDHwOfm2bdXskp4s1u9fTKOM3i9YAyYlpauphBhhr4S1WukF7tLCA1v8pPLtHKgAFw9Lb1S3Dc6NplkdW4mRGbeYJ+n2COEjyd1DemplI8F/UAZN3buVdMMCm0YXnxTgEFcpl4V59xrydLliPaq5BdJTjQLdDY2kPIYFnImoy3cUUKJCHs6jobgbzWkZ0nfzOJKG5rESNftFplKggkUeVtE5JC5cXhyjZx6uA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3SRGebHFIjD7k9O6YLf5zPLvlApTRf5Ak6GTUiYpCw8=; b=JlX4edpgcrwP+SJJaysLJOw+9EHgdabrw//Pf3YbVv81gb1vtEvEodvbsGcP9putjR+3MMIVNZKRsH/6SOvpBfz8aipDX0bFtaPMNpRPvOgCgaQm2CEzSQL9DvkPyTkM1aLfWtAO6fvPBRfbRJeNai9jpuzTi9itEkbDJnBV0Jq+/xbspQY94T2j9TMOzBMUHIC6JV9S9dsJ5tvuR/tyjU2gFAlrO2knKhiF+KM79e8pTgUIo6TwMLZ6SkCrhNZrJHpc+snbk2Mzn8CTYKPL0bObAw0wDH08U6UzWJz6eO31fRCcuN1LbcxhQyWcKMM6Boxdr7PGWl8dtiY/m46nxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3SRGebHFIjD7k9O6YLf5zPLvlApTRf5Ak6GTUiYpCw8=; b=my99L8c8C3mUrvU9jrhWFiH9hr990dqW1a8bpdDdFlFz1YmkBDH0ar8L+D0XPaTvAqOo2TU3RvAidxGlCqJcbJ2gA68bzdjYDuygd3bj9Q6jqeASedqtD26O0bsbyAXn7EoRStkaQ+KZB6BmK3B/V1c7ESZWmzDwj0S0Vp0Qxq8uujCal0wM+wvlKY2N+RcxgyYNjAf5dVfvsESzm2kilWshSXO22SUWe6Dyo+JdAOJLSSvAA08GABGnVo7FElOwvvcIUVOYUBVhdd/A0VONpl7ybETbpPYFrbKr+VT5rjKQwnhJ0jyTnVWDaD1ggDNXCy0yyPSFRGEZsEPJqUWhPQ==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by MN2PR14MB3392.namprd14.prod.outlook.com (2603:10b6:208:1a2::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.16; Mon, 11 Jul 2022 20:23:06 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::917d:f110:c79a:efb1]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::917d:f110:c79a:efb1%6]) with mapi id 15.20.5417.026; Mon, 11 Jul 2022 20:23:06 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: John Gray <John.Gray=40entrust.com@dmarc.ietf.org>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
CC: "Massimo, Jake" <jakemas@amazon.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
Thread-Index: AQHYkvm/+Voqsss3lECP5NDeNCPk4q10cagAgAPW+SCAAAzvgIAAzKrwgAB+lYA=
Date: Mon, 11 Jul 2022 20:23:06 +0000
Message-ID: <DM6PR14MB21861E2EADC64DBC10AEEF2892879@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <DM6PR11MB2585CB30B5A19BDB39400B95EA879@DM6PR11MB2585.namprd11.prod.outlook.com> <00AF3B52-729F-4E14-B69D-83E4D4B35863@ll.mit.edu> <DM6PR11MB2585E20AE659FB328C6D13FAEA879@DM6PR11MB2585.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB2585E20AE659FB328C6D13FAEA879@DM6PR11MB2585.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 301f822c-373a-4127-e973-08da637b2a08
x-ms-traffictypediagnostic: MN2PR14MB3392:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0Xc+j/WCBCJswnvrF+i5rORt/gFzU9YfaAkg7HYw7X8mnBVOwgnVNZknHc4JQ8DzB8Fj4SV+c7DkC/eNZd7jRwMp4gulRVhUZ0CoCn5wr6YVC1ngshlwUmblUWx8tZizenB52+n+0ONENieqbAsNLgPZaZBIa5Vx8BohyZEAS0jbGNqHKXTyYcflLF43FyoDy0lHbSrXDKqhM0uMZ55VymwjS1gCdW+zfjzLuQtNplY8nITe+r4jM5x4ofma1RsGF0Qe8lAS9db+RSAkAUKg0NXYce5DlinG4XOIWLmjc/nGzzejz2GxdqcXYKPPP8ZuewYCxLYZo22LdXIwOqfoLQFfmvhx9xaYPxoSt2qtAnZrmQeV2TkhkxFPS9MhEEL5WfcIjTPjU8T9vNfObp0q7dk8V0Y0g5tS8/yuT+kCwfJN+Jvp59xKYILuypl6UB4WVckuKx5VcfMkJSRRKEdhLpESOSW62ijqN7AzZd/oM6gJs9F8xw4raUiBudRCjS+wPfLojineOBNc9QbaXFxxwFrScG8GiXY1UrzrjkIYsM8sewJTZQPz1i9b3ixiVQT9poasAEEbjFYtPpjSNbRHzXNRsmQ2TQx29kqdOQ834xUvCp1uyOtOx03hG6JwDXxnLbwIffN/Rp9p8r9mYCeDIf0XXCFCO+ZJKtHmkVHlmD650OYVuhCJjz84NyM4R7u25nk+4G68Sj43Jm89udpdZAWdFVH9W6mxtOgYkzf7Qbr3MGxYrfQL5RatzeN63RfWY83OO72lXpdxJR93gCb6d760yHQebJmN6IvYXHg2P9/pqZb9fEPmBWdVfqXtlNEun3T9mLzxBJOvSPyD89osViF8fmXdOIDQDYzo5gMEO+0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(346002)(376002)(136003)(366004)(39850400004)(396003)(55016003)(99936003)(66556008)(66574015)(122000001)(186003)(76116006)(4326008)(71200400001)(110136005)(83380400001)(38100700002)(316002)(26005)(54906003)(966005)(9686003)(52536014)(15650500001)(6506007)(86362001)(53546011)(66946007)(478600001)(5660300002)(41300700001)(38070700005)(8676002)(7696005)(8936002)(30864003)(66446008)(64756008)(66476007)(2906002)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: A2op3h45G5eXoiCJcyD7nm5maTHNUJCDIUTDRsCRfsnr2zz3dXZIfuUeT4tJvPK0D1qX9c8ZtqLCO3y4xGiV99cLCoUgCdGwjiNLeLRUUF8U4aWLr4UuWNkTX1RZ/dVTmUZlRWFDI4UQX7TorAWhlNEGMaDvLs1OhG7oQKL2Vv390LZik+sDZep1ZOI0f6gPWRJ7SlD4UhLgVk9Ft1IEIND3geuB8V4wAZDj8cLe5AKKA45B1mKQRziDVSiGiYd0Aa7+CJkYpgT19LVmc7Ae5KVEyU7UB+HIubdWiyv7rrpuAAUwbCPZPJ5RRvZQMqw0KyVUM9BM8rI2x+AQO7HQDm0Dhmjd+9lorDKi8Iy4YjnzERg9KKxEi9j/wSDC05Hy5LnbM31iPL58v/h40+m+lqMCera/7hInObTfJs0CqnVfYSlrzSEjwGzAMWBLXbLbZ8z64oS5VyhqAiDjJd/uKSqWbHZKq29NhwRayYGrUj4T4cUKudDuk7jPoacIqA/B/H1UJoS0R38DOb76LUkGqUUvLoSyDnYGzIJvfW+zXsbwsgQDgq8EGE6POtBaBedbwMf1miukMq8pSQYW2U7DwvOkRniO8E1ppaz9dckpgGbZR5y1gCcc79IcypgQIQY+u80mqiAfmsXJZnJNTehhtGbSZkff2KewsBZGEVP8bkZDXY0/K1AVDF/45jDxLqKxUvxXL4guq3tTHoWKJbrWAmRFxFBgVJRkkP/6g/PvlhqUbi43uVV/5zVky5vTCDbBTRclKMDE/MSZ7pzYpFGyP79mwnurrzAqMYTSNyZCKORmEDUPcD/JuNQHzRi0BQB5/wm36Fz3EgvIGWZkrZvqZ+2ukuunN/w7cuC3+/BStoyXxs8egBtg0gc5jxX5sDr3To/wFKx+4t72fJvgXQP+mT/gRX5YJhL+X/ZgPgE21mxutINq3Z2c0quT1DznztmJN4JoAEvSm+OV7czuP6G8lg58+OuhbJYKzQ+AlO8MWODthwRmusfekUdJgvwu4f65V1BWTL3bQojshDuupCaDQi/UOLgE9srvG03J2qQeq+aH7/O7Io6gsd13A9k4Tp0QDQ6NOJIQ32K91HmllpB9zhKZ88YXs8Wf2PL/j14GqopbzvM9qDON6kDBruQqmKG9YIhIcSqmzpJ8hJUkLDksaEO5Oe0r9Pd/9j9tRapDCaDPgI10lKYrHXNmrK2mD8sO3nHMHQfBn5NBAQnyhwUvKdywLgr2e5/tkB60Tyhubw/jvI811suh3+E7em6im41C50VD5xdcJSXhtIXvjreBKiuBOUK6OvdRi6D5XmOYHKGTa63Wt1/0mT5hNPDNfXWtIRSP086DX0QUHGvnr/9Jm7lpJDcneDg6QIq/7M073QBkTrhDpZrVPC21vQzJHe6JiG3SbZ4uqm9aAAJau5eK+RRR29q8MMlgSd3dOfafVbJeOImDfGeDYI726cIYZrOMjxNbfcodGb3ZgtcS9giGgHg0LtIe7jKSl1yq7RoJDnCCUIjWfmNp17g8UJfjhUwLm1sUM6L4Y8t9Bz+XPeX1XjRXlYJwhP01BD71xPv25X/vnUJyOmR+CtpGxKFmI2gR
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0030_01D89542.7F40C140"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 301f822c-373a-4127-e973-08da637b2a08
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2022 20:23:06.3075 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eRO8O4bPo5p9cwIXOBYy77guNAh8EUSAvvYBHwaG5RIPyeGJ+eb+EzxxreiszQ9fhy5vIqgJML5eC0Iaib+deCviSaaRedwTcgo9BCE+GDk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR14MB3392
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cpJCulxAAQ5-ZAosTaQ8ng4FRUc>
Subject: Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2022 20:23:15 -0000

> So wrapping the subjectPublicKey material in OCTET STRING before the final BIT STRING is just an extra layer of wrapping is it not?  I was just wondering if there is a technical reason for having that extra layer?

If the DER encoding of the OCTET STRING itself were encapsulated in the subjectPublicKey BIT STRING, then there would be a few octets wasted due to the explicit encapsulation. However, some specifications specify a mapping to forego the extra layer of encapsulation:

For example, RFC 5480, section 2.2 says:

" The elliptic curve public key (a value of type ECPoint that is
        an OCTET STRING) is mapped to a subjectPublicKey (a value of
        type BIT STRING) as follows: the most significant bit of the
        OCTET STRING value becomes the most significant bit of the BIT
        STRING value, and so on; the least significant bit of the OCTET
        STRING becomes the least significant bit of the BIT STRING.
        Conversion routines are found in Sections 2.3.1 and 2.3.2 of
        [SEC1]."

Using a mapping convention such as this would allow for OCTET STRING semantics without the overhead of encapsulating the DER-encoded OCTET STRING.

Thanks,
Corey

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of John Gray
Sent: Monday, July 11, 2022 9:07 AM
To: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
Cc: Massimo, Jake <jakemas@amazon.com>; spasm@ietf.org
Subject: Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt

5280 says that the subjectPublicKey has to be a BIT STRING, so even if we don't like it I don't think we can change the fact that the subjectPublicKey will eventually be held in a BIT STRING.   So wrapping the subjectPublicKey material in OCTET STRING before the final BIT STRING is just an extra layer of wrapping is it not?  I was just wondering if there is a technical reason for having that extra layer?

SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm            AlgorithmIdentifier,
        subjectPublicKey     BIT STRING  }

I have created Dilithium certificates both ways and both work equally well (encoded the subjectPublicKey BIT STRING with the DilithiumKey encoded as an OCTET STRING), and the DilithiumKey encoded as a BIT STRING.    The second way saves a few bytes is all, but there are no issues I can see other than causing incompatibility between different parsers if one only works with one format or the other.   

I notice that the PrivateKeyInfo uses OCTET STRING for its key encoding, which is different than the public key.   I would have expected them to be the same, but I guess that is part of history why that happened...   ☹

PrivateKeyInfo ::= SEQUENCE {
        version                   Version,
        privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
        privateKey                PrivateKey,
        attributes           [0]  IMPLICIT Attributes OPTIONAL }

      Version ::= INTEGER

      PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier

      PrivateKey ::= OCTET STRING 


Cheers,

John Gray


-----Original Message-----
From: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> 
Sent: Sunday, July 10, 2022 8:33 PM
To: John Gray <John.Gray@entrust.com>
Cc: Massimo, Jake <jakemas@amazon.com>; spasm@ietf.org
Subject: [EXTERNAL] Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
I am strongly against wrapping keys into BIT STRING. 

This is a relict from the past, originally caused by insufficient experience, and a relict that proved itself useless. 

Stick with OCTET STRING. 

Regards,
Uri

> On Jul 10, 2022, at 20:19, John Gray <John.Gray=40entrust.com@dmarc.ietf.org> wrote:
> 
> Thank you for posting this draft.   It looks very well formed, almost as if you were just waiting for an announcement to be made...  😊
> 
> I am glad to see there are no algorithm parameters.   We have already been doing experiments with Dilithium certificates based on the round 3 candidates, and had to pick our own OIDs (due to lack of standard) and chose NOT to use parameters because we didn't know if there would be any.   So it looks like there won't be a lot of changes required to our early non-standard prototype implementations.  😊
> 
> That being said, I have a couple of comments:
> 
> In regards to wrapping the public key in an OCTET_STRING:
> 
> The Dilithium public key MUST be encoded using the ASN.1 type
>   DilithiumPublicKey:
> 
>     DilithiumPublicKey ::= OCTET STRING
> 
> In testing interop with other implementations (openSSL with open quantum safe for example), I noticed they DO NOT wrap the DilithiumPublicKey in an OCTET_STRING.   We did that in our initial implementation, but after going through RFC 5280 again, I don't see a specific need to first wrap the DilithiumKey (or in fact any of the other Post Quantum Signature types such as SPHINCS+ or Falcon) in an OCTET_STRING as that OCTET_STRING then gets wrapped into a BIT STRING as per the SubjectPublicKeyInfo.   You actually save 4 bytes without the wrapping....    In any case our current implementation can handle both ways, but it was something I came across and thought I would ask if there was a specific reason why it needed to be wrapped in an OCTET_STRING?
> 
> This question underlies why we definitely need a standard...   😊
> 
> 
> In regards to the Private Key format, I notice you have placed an option to contain the PublicKey inside the private key.
> 
> DilithiumPrivateKey ::= SEQUENCE {
>         rho         BIT STRING,         - nonce/seed
>         K           BIT STRING,         - key/seed
>         tr          BIT STRING,         - PRF bytes (CRH in spec.)
>         s1          BIT STRING,         - vector l
>         s2          BIT STRING,         - vector k
>         t0          BIT STRING,         - encoded vector
>         PublicKey   IMPLICIT DilithiumPublicKey OPTIONAL
>     }
> 
> Is this to align with other private key formats like RFC 5915 (Elliptic Curve Private Key)?     With the larger size of these Dilithium keys (and other Post Quantum Keys), I think there would be less appetite for including the public key inside the private key.   If an implementation depends on the public key being there, and it is not there, then I guess it would fail, possibly causing interop issues (I have already come across this with the openSSL - libOQS library as they concatenated the public key in the private key, and our implementation did not).  So I guess with it being optional are you saying implementations MUST accept the key in either format (with the public key included or with no public key included)?
> 
> 
> In section 5, you have this sentence:
> 
> Dilithium public keys are
>   optionally distributed in the publicKey field of the PrivateKeyInfo
>   structure.
> 
> I think you mean:
> 
> Dilithium public keys are
>   optionally distributed in the publicKey field of the DilithiumPrivateKey
>   structure.
> 
> 
> The PrivateKeyInfo structure from RFC 5208 does not contain a public key structure:
> 
> PrivateKeyInfo ::= SEQUENCE {
>        version                   Version,
>        privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
>        privateKey                PrivateKey,
>        attributes           [0]  IMPLICIT Attributes OPTIONAL }
> 
> 
> Thanks again for putting this draft out so quickly after the NIST announcement!
> 
> Cheers,
> 
> John Gray
> Entrust
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Massimo, Jake
> Sent: Friday, July 8, 2022 4:08 PM
> To: spasm@ietf.org
> Subject: [EXTERNAL] [lamps] FW: New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
> 
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
> 
> ______________________________________________________________________
> Hi!
> 
> I'd like to introduce the 00 draft of the I-D we discussed @ IETF 113 (and we will discuss again @ IETF 114) that will document algorithm identifiers and ASN.1 encoding format for NIST's PQC signature algorithms in X.509. As discussed by Sean Turner in the introduction of the I-D draft-turner-lamps-nist-pqc-kem-certificates, we are splitting up the KEMs from the signature algorithms into separate I-Ds. This is the signature algorithm part. We focus on single PQC algorithm rather than hybrid constructions that are covered in other drafts. We are planning to use the algorithm identifiers assigned by NIST. The draft discusses the signature algorithm Dilithium.
> 
> If there are any feedback or comments to the draft in advance to the meeting, feel free to contact me.
> 
> Cheers,
> Jake
> 
> 
> On 08/07/2022, 11:37, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote:
> 
>    CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
>    A new version of I-D, draft-massimo-lamps-pq-sig-certificates-00.txt
>    has been successfully submitted by Jake Massimo and posted to the
>    IETF repository.
> 
>    Name:           draft-massimo-lamps-pq-sig-certificates
>    Revision:       00
>    Title:          Algorithms and Identifiers for Post-Quantum Algorithms
>    Document date:  2022-07-08
>    Group:          Individual Submission
>    Pages:          12
>    URL:            https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-massimo-lamps-pq-sig-certificates-00.txt__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdndyJ0lmSg$
>    Status:         https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd2kZG978$
>    Html:           https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-massimo-lamps-pq-sig-certificates-00.html__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd7ZiJyGA$
>    Htmlized:       https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-massimo-lamps-pq-sig-certificates__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd7k9nM9I$
> 
> 
>    Abstract:
>       Digital signatures are used within X.509 certificates, Certificate
>       Revocation Lists (CRLs), and to sign messages.  This document
>       describes the conventions for using Dilithium quantum-resistant
>       signatures in Internet X.509 certificates and certifiate revocation
>       lists.  The conventions for the associated post-quantum signatures,
>       subject public keys, and private key are also described.
> 
> 
> 
> 
>    The IETF Secretariat
> 
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd2gf0i_M$
> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm