Re: [lamps] [EXTERNAL]Re: Re-charter text for LAMPS to work on Post-Quantum, and PQ problem statement
Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Tue, 27 August 2019 19:28 UTC
Return-Path: <prvs=1355b3681=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B4F8120089 for <spasm@ietfa.amsl.com>; Tue, 27 Aug 2019 12:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iIxJTGV3K4Wp for <spasm@ietfa.amsl.com>; Tue, 27 Aug 2019 12:28:21 -0700 (PDT)
Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17AF0120236 for <spasm@ietf.org>; Tue, 27 Aug 2019 12:28:20 -0700 (PDT)
IronPort-SDR: uknV5KlhIrvt+JEtG0IhNr7K2P8izEaZskMtzW83EwBGDVQOCJGdusLu0+HS7V80H/QwsLG7aX RGJzK7LKprKQ==
X-IronPort-AV: E=Sophos;i="5.64,438,1559538000"; d="scan'208";a="55651274"
Received: from pmspex03.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.50]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 27 Aug 2019 14:28:20 -0500
Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX03.corporate.datacard.com (192.168.211.50) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 27 Aug 2019 14:28:19 -0500
Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 27 Aug 2019 14:28:19 -0500
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL]Re: [lamps] Re-charter text for LAMPS to work on Post-Quantum, and PQ problem statement
Thread-Index: AdVagooKGrRjGm0KRwu26mtcjpHrXAAK9YIAAAQpmeA=
Date: Tue, 27 Aug 2019 19:28:19 +0000
Message-ID: <daf43b011b8441f2943c0eb045f57a7f@PMSPEX05.corporate.datacard.com>
References: <b3a7fae82d6a4d5ea1b25ae4ed60608e@PMSPEX05.corporate.datacard.com> <692ac76d-2501-40f1-0ea6-93309a1f2822@cs.tcd.ie>
In-Reply-To: <692ac76d-2501-40f1-0ea6-93309a1f2822@cs.tcd.ie>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.4.210.57]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/o-x0rbPD2O6SWKeqljkYFV8k3Ac>
Subject: Re: [lamps] [EXTERNAL]Re: Re-charter text for LAMPS to work on Post-Quantum, and PQ problem statement
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Aug 2019 19:28:23 -0000
Thanks for the feedback Stephen, I see your point that such a re-think / replacement of X.509 is well outside the scope of LAMPS. I believe that there are three categories of small modifications to existing X.509-based PKIs that will accomplish the goal (as outlined in my "Problem Statument" draft below) The question I'm asking is which X.509 tweak solution(s) are worth pursuing? And how / where? - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Stephen Farrell <stephen.farrell@cs.tcd.ie> Sent: Saturday, August 24, 2019 7:02 AM To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>; spasm@ietf.org Subject: [EXTERNAL]Re: [lamps] Re-charter text for LAMPS to work on Post-Quantum, and PQ problem statement Sorry to be negative but... On 24/08/2019 14:49, Mike Ounsworth wrote: > A) LAMPS re-charter so that post-quantum is guaranteed time on future agendas. To me, that's close to the antithesis of what LAMPS was setup to do. If current PKI is going to be challenged by quantum computers then IMO we ought re-think x.509-based PKI and not just consider all that an issue to tackle via algorithm agility and whatever other ad-hoc hacks we stumble upon. x.509 is >30 years old as a container technology for public keys. Pretty much everyone hates it or just about puts up with it. IMO we ought not continue to use x.509 across such a classic/post-quantum boundary - if we get anywhere near wanting multiple keys bound to an identifier (and have >1 of those used for a single key establishment) then I can't see how the costs of re-using x.509 would be worthwhile compared to the costs of ditching x.509. Such a re-think is definitely not a limited additional mechanism for PKIX or S/MIME. S.
- [lamps] Re-charter text for LAMPS to work on Post… Mike Ounsworth
- Re: [lamps] Re-charter text for LAMPS to work on … Stephen Farrell
- Re: [lamps] [EXTERNAL]Re: Re-charter text for LAM… Mike Ounsworth
- Re: [lamps] [EXTERNAL]Re: Re-charter text for LAM… Stephen Farrell
- Re: [lamps] [EXTERNAL]Re: Re-charter text for LAM… Russ Housley
- Re: [lamps] [EXTERNAL]Re: Re-charter text for LAM… Salz, Rich
- Re: [lamps] [EXTERNAL]Re: Re-charter text for LAM… Mike Ounsworth