IETF Logo Mail Archive

Re: [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 17 April 2024 13:59 UTC

Return-Path: <prvs=8302bfa12=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BE82C14F6B0 for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 06:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.443
X-Spam-Level:
X-Spam-Status: No, score=-6.443 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2M9ByXToeAnJ for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 06:59:55 -0700 (PDT)
Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91A46C14F6AC for <spasm@ietf.org>; Wed, 17 Apr 2024 06:59:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1713362395; x=1744898395; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=gnuttSbT3o5pstX4UulBUNnrVH/Bjv4WuN09zL2OoNA=; b=t3Tv+0kFFpXWk6LkIads2hA+UEseGoHxHU50Oi/hzcAMEY1PVp3Ab5/n 06uMPNR3Q+S16Y6b9sKrDmAjJ6VbwO0lrYRaD1RlXHbbbxbpdA4RZ6Yo6 us7+ZhMTaVRzk2XQPYbt6U2+0BJiqZP0jGsoAGbd8WRxJwgPBlLzsIEOL 8=;
X-IronPort-AV: E=Sophos;i="6.07,209,1708387200"; d="scan'208";a="395323610"
Thread-Topic: [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-2101.iad2.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2024 13:59:52 +0000
Received: from EX19MTAUWB001.ant.amazon.com [10.0.38.20:15752] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.34.230:2525] with esmtp (Farcaster) id 04a2e1d9-59e0-4b64-824d-499146199624; Wed, 17 Apr 2024 13:59:51 +0000 (UTC)
X-Farcaster-Flow-ID: 04a2e1d9-59e0-4b64-824d-499146199624
Received: from EX19D001ANA002.ant.amazon.com (10.37.240.136) by EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 17 Apr 2024 13:59:51 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA002.ant.amazon.com (10.37.240.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.28; Wed, 17 Apr 2024 13:59:50 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1258.028; Wed, 17 Apr 2024 13:59:50 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Thread-Index: AQHakCwquqfwAMLlfEisXrD1vyctsbFsc+UAgAAI14A=
Date: Wed, 17 Apr 2024 13:59:50 +0000
Message-ID: <dfbc62145d004111ac3a55f668e7d00d@amazon.com>
References: <2EE41815-9EF3-4D6B-888A-385C3C91987A@vigilsec.com> <bf61b0ba-543f-4f34-8ae5-a0f5f5030d72@cs.tcd.ie>
In-Reply-To: <bf61b0ba-543f-4f34-8ae5-a0f5f5030d72@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/XNvH59J0CPZTSFryz0vGNITwNIs>
Subject: Re: [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 13:59:56 -0000

I oppose adoption as well. 

Some of the reasons: 
- Combining sigs is not as urgent of an issue, so we better have trust to whatever we deploy before we need them.
- We can afford to wait for most signing use-cases, and those that can't, can use SLH-DSA which is conservatively secure. 
- Classical  and PQ sigs will coexist for a long time so any PQ signature security issue could be remediated by swapping back to classical. 


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Stephen Farrell
Sent: Wednesday, April 17, 2024 9:21 AM
To: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Subject: RE: [EXTERNAL] [lamps] Call for Adoption of draft-ounsworth-pq-composite-sigs

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Hiya,

On 16/04/2024 19:29, Russ Housley wrote:
> At IETF 119, there was a short discussion of 
> draft-ounsworth-pq-composite-sigs.  The authors asked for a call for 
> adoption, and no one offered any reason not to move forward at that 
> time.
>
> This message starts a two-week call for adoption of this document.
> Please say whether you support adoption of this document by Tuesday,
> 30 April 2024.

(Perhaps unsurprisingly;-) I oppose adoption.

I don't think we have a sufficient understanding of the costs of adding composite sigs to x.509 based PKIs, and how those costs will be distributed amongst the various parties involved, nor about what's likely or unlikely to be deployed, to fire ahead now and define a pile of new composite sig algs. To do proper engineering, we should IMO have such an understanding before we start spraying out new OIDs each of which imposes costs on participants in PKIs.

Cheers,
S.

PS: I could also raise objections about lower level details of the draft but those could perhaps be handled after adoption, e.g. whether, and if so what kinds of, RSA sigs to include shouldn't be based on what's possible but on what's likely to get adopted esp. by real CAs, relying parties and key holders.

v2.23.0 | Report a Bug | By Email