IETF Logo Mail Archive

Re: [lamps] Proposed recharter text

Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 08 March 2021 23:54 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF7023A1A30 for <spasm@ietfa.amsl.com>; Mon, 8 Mar 2021 15:54:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NsE8NGwhkSSS for <spasm@ietfa.amsl.com>; Mon, 8 Mar 2021 15:54:30 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 253D73A1A2F for <spasm@ietf.org>; Mon, 8 Mar 2021 15:54:29 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 128NoZmw021478; Mon, 8 Mar 2021 17:54:14 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=MV8MWOGMQ/NDRL2wplNNttGU/zjHhEeYCBS4lY34Ntg=; b=QDxHRm87FvZ27IX43conutr0PurrNlEyu9viDG+Bb63n/E9/pgN2qfs5tfV1VCzB2iwm dsQOPDxPIwlUoS5yHX3NiVOJR16daFGwuYCWiJREAAidirJe0im5ORVv83c7Maov73dX U3jSneU3e1/VkiJvxyzRcF89X6mqn+zIIjJSbzbzSF2wiFnSyHaPtR/+CVeXQvgVDX5i 10uqgO9DOV5L54rinIc4lWms7OH3DHWkQTQY3En5p5F5yLbvHgnmTZmL5+VEpR8A9mE1 ODRVx5t5OL7eKGFTTFZh+cVqxS99blxD5hUo5HB1YY4wf0LxT0KJ6He4qAjU8FHFzu+R eQ==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2175.outbound.protection.outlook.com [104.47.56.175]) by mx08-0015a003.pphosted.com with ESMTP id 3747a8vexh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 08 Mar 2021 17:54:14 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b1RcleBBc+agmEhDjzg24C5WJ64/55+/69AI7gPwA54grRFBOmyT7LUQqGxKbu0qIi0YVB0Wmo6RQy7EICMAb5k0ZN+3t8t4BeLGfz3b75t4fqPeoPDL0p7dhL9UfOc8cRhMJ4P3QbIf0oecsnKYyv19BaNU5g1nC0NqV6yEzYDwnY/jvr6gjQwwaMWiqfL/WSC3dbZQS2Q87wtuwsNaLpJWpk4U2X3gNXVFycPAK/CWCJhzFZAxfTBCHZsafcZEejT08NaiQL/nCi8nlQTBDC6Cas8Ama2z0C40mRM7YIUXdrI/gfRnaPS6WKMk8VRE3yc76G3EFCUAaEQKISSzsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MV8MWOGMQ/NDRL2wplNNttGU/zjHhEeYCBS4lY34Ntg=; b=FT0ou9ne5Hr+vw0Cj6lduv+QOOv+YubljgSgmqSnWOZ1VqGUxCGEmBqz8++ErXUruDCDxQcY/cEBJb5td2AhJ0DaZqJ4kKlYg+o9/uoePv2JCdBT1sYTpdmjeANpzb6428SDh89MoPsxOTM+gca+/zyVG2TkqFMD2MqvceWosXaxwOfN4nDjtiWjaJVExZClcId9SQqE8pr4Qen+aTH9Bm6FDGUXeUJHwIYEYI1fCiWYlisqVRkWuEMlx5B/2IngGPR+QRAI4NNRy+naFnP4e4N7upqrlKvfI0GXou8mfgxqSLXQtcIKzuA7rCoFpugmfD7/c8SY4I2ADZakavkRuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM5PR11MB1772.namprd11.prod.outlook.com (2603:10b6:3:112::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Mon, 8 Mar 2021 23:54:10 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13%4]) with mapi id 15.20.3912.027; Mon, 8 Mar 2021 23:54:09 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Roman Danyliw <rdd@cert.org>, LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Proposed recharter text
Thread-Index: AQHXFG+caDH9gEMNyEesQjTjQTQj56p6uTEQ
Date: Mon, 08 Mar 2021 23:54:09 +0000
Message-ID: <DM6PR11MB43805BE3FEFD91A5BDD592EF9F939@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <9D01B155-6BB8-4438-8FAA-149686B69B64@vigilsec.com> <BN7PR11MB254762EDB050588E65B423B2C9869@BN7PR11MB2547.namprd11.prod.outlook.com> <038A4AA3-96A5-4827-BEEB-12B58F49102B@vigilsec.com> <b82901c00c6847fe9a8f420275d74ccc@cert.org>
In-Reply-To: <b82901c00c6847fe9a8f420275d74ccc@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [143.131.4.104]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 24b9f43e-3cc0-490e-ad3e-08d8e28d7788
x-ms-traffictypediagnostic: DM5PR11MB1772:
x-microsoft-antispam-prvs: <DM5PR11MB177276EC3C8FEDDED8943F7A9F939@DM5PR11MB1772.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6yxPA8GdcqLhgolDOy1RLUMc/YHVQQgRbUMjMlTkSu/IniCMCeOFkATkOGnpXeqpWcRQMIqmYndcFi8ysNLCwQfvxOoOB1XMGaQWViIPNePw59lUneKZ02xWfozH4GiXIL1QMlrAUnYY2UBTDpUuYqAX0fFRfm7zGt9tDLwcDq5tcE6hBMzKE+noWK/HH4iXaOHgfuorPycV1oDPgNghlE2/s/0hX2OcQothS9SgLbJDXPdD06VsF4UlmEoB1rFqEv/x52oqAGMnNO5Vou8vduzjpvdYK1pp8t7qQRyYNI8H3mmRviTuM5PIbOnoj/6iQeWOWeQFgOAyhLgeaBGAFr0e4zy9qaq/7UTbX/Hl6FjT3A4082SmbSxZST8w5baMqbmA/TEARs6ErxlIQ8yHEfApYL0x2w2aE0nuF0rtxthrVJeURlDIXiIETJOYq96oSRrMSqmQrp0dCndw3F7Q3bwxOM78kuYk5+pqQDYt3LMTF7k6T/VoPJOPRNh+ZXCXd/44ZIE+D/U5/j+u1eJQ4lLnQcsNXW6Jw0VNwTlTfZ4lUPLMBvsqZXg4++Nbnispvmu5pHoQQCTLbaxOpFbw64G1zsi9+MVCojGTFy+O/J0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39850400004)(346002)(366004)(376002)(136003)(71200400001)(110136005)(8936002)(83380400001)(66574015)(26005)(52536014)(316002)(6506007)(186003)(86362001)(7696005)(8676002)(53546011)(64756008)(2906002)(66946007)(66556008)(66446008)(966005)(76116006)(66476007)(30864003)(33656002)(5660300002)(55016002)(9686003)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: jGTfsUPItqLc5E1tZb6ZmiIyU0wIE7X6lTP6+GZFrr2QtOvwK3FhtcBL7bbDcIulFayljn6NAFx/eez0wAWK+uznXyL9Cd6Kr2DaxzJfhtAtoopcrVKtrTnHJuapW1/xL2b67AeGZGMrmj4Bx8Nj7KxE+emaMJ8aInuA9LJKDaVFhel16cTYbTB1SrStNaE7e7KkxGEo4SXDhNtAkLWyqs4urKlwhzdng3ZxlbbYH3dWXtIQ/wO6Icxb97vMGYhWi8YVUtX6rTZEy5Bxx4MzxBcYEqhz9YBQdBrarBKiTIyqNB9UIwrVU1FydNnvqGYcDTL8VZpKFd36iVIq7jSwduMtXP7xckrHdhwdH/V7ooA33egpdZFUcELtBOi+n5uASzDpTx8zN18OKoNZutvPPsEFqbgHDS6s6Kyd9eN7hWZBZEWriWe0F8iJhfR1B7oHGfSHg/CD5B4eGqKbd6cdLITl3HFcj2witjiHN9Af7ALOf+feps/AFb+g0RBWWMNkUO8KxIOjrF/ZA7NQl8M0e6Q0trJM0gu+Y/ojeb4SO2u4qjTS6Ue9kWKwrjKdLwsbDgWrpPNLDUdAyD7dwLJ1h/4WVAKA245G/ikTNuc4fTBCDS/MjMi/iberLiBj5kmsRCW0ndrwIAjNaVamSf2eLNo3QGdyGQ8LrrQZb8ROqfjdTcHmSo9d4Pv7EOa6x3SFdIIj1YtX1pF/DT6bAYLtuyTn9uAkclTNI90+BFpJW/Hg3MImKHETCV3C+2BP2QMbVX06o3Q8L8qlg/5IsM71ZaDGQhNOmKDpkmjcM/1T4iiYr+x6Yx5QVh/R1W2EgoWxdsuLpb7NQUFvzDyCjP/f4lvUqLwyzc359MNNYyvEPyN2WOTBPVutSdw1ZEyV9ueR5hDls84a9ki0L0b6k1XF+HZTroKVnH6PbDHGs4NgZJvkf9USW4hoiPXzbvsLyMvYlI7cq7SH3rh59vUlWPkHRGTcOrnRun90Gjg3glTRuemu5LUrNbgfiGXW4GRNMgw1qHHWTgvb/arhbQut0ygD4W5+OXOUrPO6IgsCfsPF+JJtl1PgQHysvepLFS/PjtPmLLI+L1/BMNoT228yvMFMTZasiJxmskGoEu9A468Nj3vj4argRKdWmT5x/33cLuZ76xzpgL5XNLG+MC8EwxYXH2kShuVPRWJVWDVgTMmxEbmfNH/mhZ1mOGoWv0Sc40xgCctZqzDBGkB8T0iu2FQoNP1PslIRSYnRi44xTwA2nlLIUa6mleVpNW7LJfZTv6mw2wlFcIasLaU+ZPon2YzFyIABhQ2Hb9VFZNRk56bTvQ2A/ueZLG7vDbUG+Ay+S/7e
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 24b9f43e-3cc0-490e-ad3e-08d8e28d7788
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 23:54:09.5967 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nUoEiuT1amj8p3mz3Z+YDRjXpmaL4FO4qz/Rt5PgtBxPt4cdwg6V2EV847stcVECnxg3+gZkkchItObZUgllABOfrIhp2sSY0pnH65/8giM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1772
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-08_22:2021-03-08, 2021-03-08 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 impostorscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 suspectscore=0 spamscore=0 clxscore=1011 bulkscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103080126
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Yj_0HgwQ3jntnGGOL5SI-MT_JCs>
Subject: Re: [lamps] Proposed recharter text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 23:54:33 -0000

Hi Roman,

I can fill you in on how (5b) got to be worded the way it is.

Speaking as the author of the (currently only?) dual / hybrid draft at LAMPS and presenter at LAMPS interim, I think the nebulousness of (5b) is because there was consensus that LAMPS should start working on Dual/Hybrid mechanisms, but we're still figuring out the scope of that work. For example: Can we get by with defining a new algorithmID, and therefore avoid doing something that feels like X.509v4? Are we going to need separate mechanisms for public PKI (simple and restrictive) and private PKI (complete flexibility to do complex staged migration of long-lived devices)? Can CMS get by with existing multiple SignerInfo functionality, or does it need something new? Do we need some sort of CRL / OCSP mechanism to signal algorithm deprecation for devices that can't receive firmware patches? (the term "Online Algorithm Status Protocol" was jokingly floated) The latter is probably already outside the scope of 5, so would need another re-charter anyway.

So (5b) is broadly worded on purpose because we want to get moving, but are still feeling out the scope of work. How do you balance the "L" in "LAMPS" against narrowing the scope too soon and missing good solutions or valuable use-cases for this unprecedented migration problem?

On a personal note: I have a small pile of drafts that I hope to get up after 110 on composite keys, signatures (two competing proposals; maybe we need both?), and encryption (yes, I agree that 800-56Cr2 is the way to go). It would be nice if these were in-scope so they can be discussed officially at LAMPS 111.

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Roman Danyliw
Sent: March 8, 2021 5:06 PM
To: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] Re: [lamps] Proposed recharter text

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Hi!

I'm not necessarily responding directly this message but wanted to comment on the proposed charter text.

On (1) - (4), no issues with proposed text.  I would just ask that we have milestones, even if the dates are notional.  Perhaps this can be covered at the meeting later this week.

Per (5a), we should definitely use the refined text below which times the effort around the output of the NIST PQC effort.  No milestone required for that.  No issues otherwise.

I would like to chat about the scope of (5b).  Sadly, I missed the conversation at the last interim.  There seem to be two loosely related thrusts -- one around "dual or composite signatures" and another on "hybrid key establishment".  

Per "dual signatures", we chatted about this at IETF 106's SecDispatch too and the result was to take it to LAMPS (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/minutes-106-secdispatch/__;!!FJ-Y8qCqXTj2!P1klq0lPS4leBZqYLrnZLsQxT1WWp5lakxXgsd-WgBKYoytfSawSF-VEU_Byp00Yc3FFTUYMZQ$ ).  No issues with this top level intent.  What would be helpful to sharpen are the bounds a "specification  ... [that] will enable PKIX and S/MIME protocols to support ... a dual signature mechanisms".  Are we restricting ourselves to just format (seems fine)? verification practices (seems fine)? recommended signature combinations (is there a dependence on NIST activities?)? Something else?

Per "hybrid key establishment", this is a slightly different focus which we previously haven't discussed outside of LAMPS.  What would this specification work entail -- again, is it just format work or also explicitly defining or recommending constructs which mix multiple key types?  What would be relationship between this work and an updated 800-56C promised out of the NIST PQC effort?

Regards,
Roman


> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Wednesday, February 17, 2021 8:49 AM
> To: Panos Kampanakis <pkampana@cisco.com>
> Cc: LAMPS <spasm@ietf.org>
> Subject: Re: [lamps] Proposed recharter text
> 
> Panos:
> 
> I agree that 5a ought to wait for the NIST completion to complete.  
> I'll add that to the text...
> 
> a. After the NIST Post-Quantum Cryptography (PQC) effort produces one 
> or more quantum-resistant public-key cryptographic algorithm 
> standards, the LAMPS WG will specify the use of PQC public key 
> algorithms with the PKIX certificates and the Cryptographic Message Syntax (CMS).
> 
> Russ
> 
> > On Feb 16, 2021, at 11:01 PM, Panos Kampanakis (pkampana)
> <pkampana=40cisco.com@dmarc.ietf.org> wrote:
> >
> > I don't think 5a should be added in the LAMPS charter at this time.
> > It is too early. And besides, draft-ietf-tls-semistatic-dh does the 
> > same thing with classical (EC)DH keys in the leaf cert and it is 
> > worked in the TLS WG.
> >
> >
> > -----Original Message-----
> > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> > Sent: Wednesday, February 10, 2021 3:22 PM
> > To: LAMPS <spasm@ietf.org>
> > Subject: [lamps] Proposed recharter text
> >
> > I propose the attached recharter text.
> >
> > Tasks 1-3 are unchanged from the current charter,
> >
> > Task 4 is a slightly edited version of the text proposed by DKG 
> > after IETF 109.
> >
> > Task 5 is the text that came out of the discussion that followed the 
> > virtual interim at the end of last month.
> >
> > Task 6 was raised in the discussion that followed the virtual 
> > interim at the end of last month.  In my view, it is too early to 
> > work on advancement of RFC 8550 and RFC 8551, but putting it in the 
> > charter now will allow us to tackle them when they are well deployed.
> >
> > Russ
> >
> > = = = = = = = =
> >
> > The PKIX and S/MIME Working Groups have been closed for some time.
> > Some updates have been proposed to the X.509 certificate documents 
> > produced by the PKIX Working Group and the electronic mail security 
> > documents produced by the S/MIME Working Group.
> >
> > The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working 
> > Group is chartered to make updates where there is a known 
> > constituency interested in real deployment and there is at least one 
> > sufficiently well specified approach to the update so that the 
> > working group can sensibly evaluate whether to adopt a proposal.
> >
> > The LAMPS WG is now tackling these topics:
> >
> > 1. Specify the use of short-lived X.509 certificates for which no 
> > revocation information is made available by the Certification Authority.
> > Short-lived certificates have a lifespan that is shorter than the 
> > time needed to detect, report, and distribute revocation 
> > information.  As a result, revoking short-lived certificates is unnecessary and pointless.
> >
> > 2. Update the specification for the cryptographic protection of 
> > email headers -- both for signatures and encryption -- to improve 
> > the implementation situation with respect to privacy, security, 
> > usability and interoperability in cryptographically-protected electronic mail.
> > Most current implementations of cryptographically-protected 
> > electronic mail protect only the body of the message, which leaves 
> > significant room for attacks against otherwise-protected messages.
> >
> > 3. The Certificate Management Protocol (CMP) is specified in RFC 
> > 4210, and it offers a vast range of certificate management options.  
> > CMP is currently being used in many different industrial 
> > environments, but it needs to be tailored to the specific needs of 
> > such machine-to-machine scenarios and communication among PKI 
> > management entities.  The LAMPS WG will develop a "lightweight" 
> > profile of CMP to more efficiently support of these environments and 
> > better facilitate interoperable implementation, while preserving 
> > cryptographic algorithm agility.  In addition, necessary updates and 
> > clarifications to CMP will be specified in a separate document.  
> > This work will be coordinated with the
> LWIG WG.
> >
> > 4. Provide concrete guidance for implementers of email user agents 
> > to promote interoperability of end-to-end cryptographic protection 
> > of email messages.  This may include guidance about the generation, 
> > interpretation, and handling of protected messages; management of 
> > the relevant certificates; documentation of how to avoid common 
> > failure modes; strategies for deployment in a mixed environment; as 
> > well as test vectors and examples that can be used by implementers 
> > and interoperability testing.  The resulting robust consensus among 
> > email user agent implementers is expected to provide more usable and 
> > useful
> cryptographic security for email users.
> >
> > 5. Recent progress in the development of quantum computers pose a 
> > threat to widely deployed public key algorithms.  As a result, there 
> > is a need to prepare for a day when cryptosystems such as RSA, 
> > Diffie-Hellman, ECDSA, ECDH, and EdDSA cannot be depended upon.  As 
> > a result, there are efforts to develop standards for post-quantum 
> > cryptosystem (PQC) algorithms that that will be secure if 
> > large-scale quantum
> computers are ever developed.
> >
> > a. Specify the use of PQC public key algorithms with the PKIX 
> > certificates and the Cryptographic Message Syntax (CMS).
> >
> > b. Develop specifications to facilitate a lengthy transition from 
> > today's public key algorithms to PQC public key algorithms.  Unlike 
> > previous algorithm transitions, time will be needed before there is 
> > full confidence in the PQC public key algorithms.  Therefore, 
> > transition mechanisms that combine traditional algorithms with PQC 
> > algorithms will be needed for "hybrid key establishment" and "dual 
> > signatures".  NIST defines "hybrid key establishment" as any key 
> > establishment scheme that is a combination of two or more components 
> > that are themselves cryptographic key-establishment schemes.  NIST 
> > defines "dual signatures" as any signature scheme that consists of 
> > two or more signatures on a common message.  The specifications 
> > developed will enable PKIX and S/MIME protocols to support hybrid 
> > key establishment
> and dual signature mechanisms.
> >
> > 6. Progress RFC 5280, RFC 6960, RFC 8550, and RFC 8551 to Internet 
> > Standard status.
> >
> > In addition, the LAMPS WG may investigate other updates to documents 
> > produced by the PKIX and S/MIME WG. The LAMPS WG may produce 
> > clarifications where needed, but the LAMPS WG shall not adopt 
> > anything beyond clarifications without rechartering.
> >
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/sp
> > asm__;!!FJ-Y8qCqXTj2!P1klq0lPS4leBZqYLrnZLsQxT1WWp5lakxXgsd-WgBKYoyt
> > fSawSF-VEU_Byp00Yc3FnDv8GXA$ 
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/sp
> > asm__;!!FJ-Y8qCqXTj2!P1klq0lPS4leBZqYLrnZLsQxT1WWp5lakxXgsd-WgBKYoyt
> > fSawSF-VEU_Byp00Yc3FnDv8GXA$
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas
> m__;!!FJ-Y8qCqXTj2!P1klq0lPS4leBZqYLrnZLsQxT1WWp5lakxXgsd-WgBKYoytfSaw
> SF-VEU_Byp00Yc3FnDv8GXA$

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!P1klq0lPS4leBZqYLrnZLsQxT1WWp5lakxXgsd-WgBKYoytfSawSF-VEU_Byp00Yc3FnDv8GXA$

v2.23.0 | Report a Bug | By Email