IETF Logo Mail Archive

Re: [lamps] PQ-composite OR or K-of-N logic

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 23 April 2022 17:02 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460313A17FE for <spasm@ietfa.amsl.com>; Sat, 23 Apr 2022 10:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWnAXxaBha9K for <spasm@ietfa.amsl.com>; Sat, 23 Apr 2022 10:02:01 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F3A53A17FD for <spasm@ietf.org>; Sat, 23 Apr 2022 10:02:00 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.153]) by relay.sandelman.ca (Postfix) with ESMTPS id 2AF931F456 for <spasm@ietf.org>; Sat, 23 Apr 2022 17:01:55 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 2D0861A0291; Sat, 23 Apr 2022 13:01:50 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: LAMPS <spasm@ietf.org>
In-reply-to: <f2fb2b2459fe42818348838eb14cc2ac@EX13D01ANC003.ant.amazon.com>
References: <f2fb2b2459fe42818348838eb14cc2ac@EX13D01ANC003.ant.amazon.com>
Comments: In-reply-to "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org> message dated "Fri, 22 Apr 2022 03:00:20 -0000."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 23 Apr 2022 13:01:50 -0400
Message-ID: <1312273.1650733310@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/c_e_OAaom88ttC_hnaooc278pnw>
Subject: Re: [lamps] PQ-composite OR or K-of-N logic
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2022 17:02:06 -0000

I read through the list and the slides.  I couldn't be at the meeting on
Wednesday as I was travelling.

The document starts off with:
 "Even after the migration period, it may be advantageous for an entity's
  cryptographic identity to be composed of multiple public-key algorithms."

Panos and a few others have complained that the document attempts to have
signers tell verifiers what to do, and this should really a verifier policy.
Well, that would make a lot of sense for a CMS signature on your Mortgage,
or your MUA verifying my email.

But, signers REGULARLY tell verifiers what they've done and how to verify
things, and that's in the context of Certificates.  We have all these policy
OIDs, and CSPs, and Path Constraints, and ...  These are all signals from the
signer to the verifier.  The verifier can, of course, have a policy that says
that they ignore CSPs or Path Constraints, or...

I guess that the k-of-n part was in the slides only, as it's not in the
document that I could see.

I go back to the text I quoted above, and thinking about k-of-n.
I'm thinking that if there are more uses for the Composite-Or and
Composite-AND structures than *just* PQ transition, that the ROI on
implementing them may be much higher.  And thus the likelyhood that we'll
discovery and fix bugs relating to the new constructs is much higher.

I think that we can agree that the last thing we want is a widespread bug in
validation, at the point where we find it critical to transition.

ps: I giggled when I read ~~~ BEGIN EDNOTE 10~~~





--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email