IETF Logo Mail Archive

Re: [lamps] Call for adoption for the composite-related Internet-Drafts

"Dr. Pala" <director@openca.org> Wed, 31 May 2023 20:50 UTC

Return-Path: <director@openca.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9381FC151B09 for <spasm@ietfa.amsl.com>; Wed, 31 May 2023 13:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKp3BWFbFpMf for <spasm@ietfa.amsl.com>; Wed, 31 May 2023 13:50:02 -0700 (PDT)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id F0A12C15198D for <spasm@ietf.org>; Wed, 31 May 2023 13:49:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id B578CC06 for <spasm@ietf.org>; Wed, 31 May 2023 16:49:53 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.katezarealty.com B578CC06
X-Virus-Scanned: amavisd-new at localhost
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzId2kCyec5X for <spasm@ietf.org>; Wed, 31 May 2023 16:49:52 -0400 (EDT)
Received: from [10.70.17.170] (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 03C1130E for <spasm@ietf.org>; Wed, 31 May 2023 16:49:51 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.katezarealty.com 03C1130E
Content-Type: multipart/alternative; boundary="------------uy5RbfrAQ8xQCQ3lG9FY7BGc"
Message-ID: <d14988a3-a7b9-a059-446e-b5ab8312eb97@openca.org>
Date: Wed, 31 May 2023 14:49:54 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.11.2
Content-Language: en-US
To: LAMPS <spasm@ietf.org>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jE82R1EqXcdxexGqxQcsMglPHng>
Subject: Re: [lamps] Call for adoption for the composite-related Internet-Drafts
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2023 20:50:04 -0000

Dear Michael, All,

thank you for your reply - I would like to follow up with your reasoning for not supporting adoption.
Specifically, you wrote:

/> I have not been able to accept the rationale(s) behind the idea of 
imposing significant (short-term?)////> engineering changes like these on reliant applications in the absence 
of any clear understanding of////> the impact of A) revocation of classical key components and B) 
deprecation of classical algorithms.////> Those problems, treated as "out of scope" in these documents, is 
truly the crux of the matter. Do we/

I agree with you that there are two different connected issues here. The issue of reducing the risk
connected with the use of the individual algorithms, and how we are going to address algorithm
deprecation.

For the first issue, I am not sure about "imposing" any significant burden on anybody. Exactly as you
might not support the use of a specific algorithm in your ecosystem, you might not support the Composite
or Explicit Composite ones. However, should you want to be able to combine algorithms, Composite provides
the possibility to do that at the crypto library level, instead of having to modify the application
layer. Composite is meant to be an opportunity and a tool that can be used when you need it.

As an example, in our infrastructure we only support RSA and SHA256 and we do not support ECDSA.

For the second issue, dealing with algorithmic revocation/deprecation, we did present on the topic and
was REQUESTED BY THE WG to be removed from the draft and to put it in a different document.
As usual, we followed instructions and we did remove it from the main document. We are putting together
a different I-D for handling algorithmic revocation/deprecation - I am looking for collaborators,
are you interested in joining? The proposed solution was to leverage extensions in CRLs and OCSPs - the
combination with multi-algorithmic support (either vertically or horizontally) provides a possible
easy solution that can be adopted across entire ecosystems (deterministic behavior).
///> go to the trouble of supporting this nonsense when it will all have 
to be abandoned as we approach////> the apocalypse? This DOES NOT make the migration easier... it 
introduces completely unnecessary structures////> that are likely to have a severe negative impact on interoperability./

I am not sure I share the same view as "it will all have to be abandoned...". Indeed, I find this option
to be a very appealing option for PKIs moving forward, allowing to spread the risk across different algorithms
in the future - migrating from different versions of the same algorithms (e.g., adjusting security parameters)
or migrating across different algorithms (e.g., from a PQ to another PQ). The choice to use an explicit
set of combinations was requested by the WG for adoption and we included it. Moving forward, adding new
OID combinations in the table will provide the possibility to extend the current version of the proposal.

Also, please, do not use terminology like "nonsense" - although you might not support the idea, the use of
such terminology is not useful in an engineering setup. We welcome all possible contributions and feedback,
however, please, let's just all be respectful of other people's work.


/> In particular, I take exception to the claim that: > > "Migration: 
During the transition period, systems will require mechanisms that allow 
for staged migrations////> from fully traditional to fully post-quantum-aware cryptography." > > 
Did we vote on that?/


When you say "Did we vote on that?" what do you mean? The paragraph is just an example for a possible utilization
of Composite: allowing combining traditional and post-quantum algorithms to spread the risk of early adoption
while still allowing quantum-resistance to be deployed early (i.e., instead of just one algorithm failure you
need two).

Another use-case that Composite enables is for allowing devices that cannot be upgraded to use post-quantum
algorithms to still participate in the network and rely on the traditional algorithms, even when you are already
deploying quantum-safe solutions (e.g., as a tool for backward-compatibility rather than risk management).

Specifically, if you support the K-of-N option, then, if your risk profile is acceptable for your environment,
you can still validate part of the signature instead of having to replace the hardware right away - from that
point of view it provides a tool that you can leverage during migration.

I hope I did address some of your concerns and maybe that can change your opinion - adopting the drafts
to make them better :D

Also, please, let me know if you'd like to collaborate on the Algorithm Deprecation I-D, I am looking for
collaborators on that!

Kind Regards,
Max

-- 

Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

v2.23.0 | Report a Bug | By Email