IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] X.510

Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Tue, 24 September 2019 03:50 UTC

Return-Path: <prvs=163da8dbe=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CABEE1200F4 for <spasm@ietfa.amsl.com>; Mon, 23 Sep 2019 20:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZd9se1n1VZQ for <spasm@ietfa.amsl.com>; Mon, 23 Sep 2019 20:50:48 -0700 (PDT)
Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7E51200F1 for <spasm@ietf.org>; Mon, 23 Sep 2019 20:50:48 -0700 (PDT)
IronPort-SDR: yrGcEbigravpfuAXNizE2Kz/iyYInsQgyVVXZBd/oaETYGUvUgzUAmWRMZfog5OJu6PwkqhOa8 xPt31WTrzYxg==
X-IronPort-AV: E=Sophos;i="5.64,542,1559538000"; d="scan'208";a="57621193"
Received: from pmspex03.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.50]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 23 Sep 2019 22:50:47 -0500
Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX03.corporate.datacard.com (192.168.211.50) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 23 Sep 2019 22:50:47 -0500
Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Mon, 23 Sep 2019 22:50:46 -0500
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: Erik Andersen <era@x500.eu>, LAMPS <spasm@ietf.org>
Thread-Topic: [EXTERNAL][lamps] X.510
Thread-Index: AdVwgHnXSUKOFJeEQaeWb5AL9ofT4gCCULlw
Date: Tue, 24 Sep 2019 03:50:46 +0000
Message-ID: <01fd886909e94b0ab9c353958f46a45e@PMSPEX05.corporate.datacard.com>
References: <000601d57081$5afa8fc0$10efaf40$@x500.eu>
In-Reply-To: <000601d57081$5afa8fc0$10efaf40$@x500.eu>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.1.43.131]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/iRpENq3R0IGfK1TmcGEK4404dlo>
Subject: Re: [lamps] [EXTERNAL] X.510
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 03:50:51 -0000

Hi Erik,

I found your slides https://docbox.etsi.org/Workshop/2019/201906_ETSISECURITYWEEK/202106_DynamicNatureOfTechno/SESSION03_CHANGINGCRYPTOGRAPHY/ANDERSENSLSERVICES_ANDERSEN.pdf, explaining the rationale behind X.510. In it, you say:

* A back level recipient will ignore the alternative algorithm, but validate according to the native one
* An advanced recipient will validate according to the alternative algorithm

In attending post-quantum conferences, for example the NIST PQC, there is a strong call for "hybrid" modes where *both* algorithms are validated because we don't fully trust the new stuff yet. So this may not be simply a migration issue, but a more long-term issue of combining algorithms for increased security.
Do you have an opinion on whether X.510 in its current form would be appropriate for hybrid modes, and whether your language should be adjusted to be "native algorithm and alt algorithm" as opposed to your current "native algorithm or alt algorithm" ?

- - -
Mike Ounsworth | Office: +1 (613) 270-2873

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen
Sent: Saturday, September 21, 2019 8:35 AM
To: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL][lamps] X.510

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________________
Within ITU-T and ISO we have developed a new specification, Rec. ITU-T X.510 | ISO/IEC 9594-11, which now is out for final vote. There is a link to it https://www.dropbox.com/s/qzzuy9hu2vjz9qw/X.510-dis.pdf?dl=0. We expect to complete it by March 2020.

Any comment any of you might have will be highly appreciated.

Best regards,

Erik

v2.23.0 | Report a Bug | By Email