IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

Mike Ounsworth <Mike.Ounsworth@entrust.com> Sun, 25 September 2022 22:59 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C859C1522BC for <spasm@ietfa.amsl.com>; Sun, 25 Sep 2022 15:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7L8CjV7dP-DG for <spasm@ietfa.amsl.com>; Sun, 25 Sep 2022 15:59:08 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6266BC1522BB for <spasm@ietf.org>; Sun, 25 Sep 2022 15:59:08 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28PLawAD014979; Sun, 25 Sep 2022 17:59:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=FwFsiqNm9dD9NId/zJYzvFsqpTK9Pi25QS9JzmCPLKY=; b=HC6d2FSOSqF2KS2KHhg4zKSADSnFujEJ7OGb5oIB3UuPQByp8MHnvozyrs1RD+YaVDDd 33xEEht7YMSEkGZjyfnO1wUomLOVb2N9F5Ac6pgNcpSdlA13bo88ijGEROPc9EWNibzG UBPy3HBY8uc0uVSHYKdMy8yepzJprX6lENg+9tRC2kiAu9V2KITlhgUQueGxTwRDzyvg 90bkioTqa7U6vpUbAhyNpK4gAEtDBS47Zpceofxb9wMCV/loePbVPfroJkeeyN1GLqos pX7M5QL5kDI0pq1h9mMtO9jNrkTrs+UkY0yfUX/i33VGUSZDIYib9OmhGCm183MBUCSV Ng==
Received: from nam04-bn8-obe.outbound.protection.outlook.com (mail-bn8nam04lp2041.outbound.protection.outlook.com [104.47.74.41]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3jsxk3n0j9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 25 Sep 2022 17:59:03 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YSNQr+kHfcvCyPKsBRkkZcYIdM8S9iHuQ+c7Fekp1S70h2zNe7sCXdXw6e0hZpz3a0pywP+7nDj4tf7gVryrOAVxiuuzshoQ9WpHG1PP29DZvxkwEil4Lbe2ay+CToN+Gt6AOrLCOkhoQuzcnjahyj/wdJsASprIp0+S0qj71AirII/36xEuWLpA8Gbvc5DxME1ROLJgaDetmUxsjL/AHAxjcIi5kd82tDF+yt5551f0qTZZsRy0TgtRrKVZwpzq9zKeZUp3K+v3I9OO8zsy5ESdlD2SA36gd+YqbyEu+2oaMi9LJy2mHTcI8mb9m6ZooOWIDLOegRzzIVGcvM73Og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FwFsiqNm9dD9NId/zJYzvFsqpTK9Pi25QS9JzmCPLKY=; b=mgFmNJHCBcWdrShcGYxW9d1qP7grOk13a2Vje6leUiqNjfZUDzrY0Amtv/lXiwjW4Z3hAgcPDD4KUkysGE3keEUGa0CBV/kutl/p8R5hxkmmsEvyeTpOFxec2S1MNm4vEpPkG8YstKIIZ8HQpAWY1KkhkLAtUPFTgRSaZiuUWyF29na+rY1y/e7WkyLvNA/5nDtX5W6miZKfk9Db+ON3vsOF2JmQ4hUDqMGlGzyOMQW43ilVj1quU6WDnoB+5hv/07EphPsq9Zj/mkAn6+C742jQUmLJ3Kp4IV+b3H1zfUacRUxBiAgcMP1U1lUvGDyfoWQJ1RddaT1zV5JNhpZRow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CO1PR11MB5122.namprd11.prod.outlook.com (2603:10b6:303:95::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.25; Sun, 25 Sep 2022 22:58:58 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9d8e:5cd6:89b8:244c]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9d8e:5cd6:89b8:244c%2]) with mapi id 15.20.5654.025; Sun, 25 Sep 2022 22:58:57 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>, Panos Kampanakis <kpanos@amazon.com>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
Thread-Index: AQHYz3tTab+vj9Kr3EG8GVf8ixR0fK3uxhiAgAH8cbA=
Date: Sun, 25 Sep 2022 22:58:57 +0000
Message-ID: <CH0PR11MB57396FDF87BDF0CF8676C8DE9F539@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <2b711f2ede13466490ce79f822244f5a@amazon.com> <7C0329F9-EAEF-4046-B47F-301ECF28196C@vigilsec.com> <4bc42baf89d54eecae87d24c9c20bdd2@amazon.com> <A948DBEB-6937-479D-A421-AA4CB7452B40@vigilsec.com>
In-Reply-To: <A948DBEB-6937-479D-A421-AA4CB7452B40@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CO1PR11MB5122:EE_
x-ms-office365-filtering-correlation-id: cb900335-ff18-40be-485a-08da9f498747
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: MPvemiVLuDvFOTk4pCZutIee64gJ1DXtUT3vXLdR/NcQdABzr9CbAYCTZaO1m2Q4tbN8BzSL+1SAvg+0+Zs2rcEfsYECwWlI1qyvgSbE8PZSPIpF6PlScLTmtXmZa4LA8ezZS23HpSXzpMxIQrUUsN3hZ6aUWu8ZxsT7GHmka0Y2eFikrU7M4iyMu5u9vFFF2hXQLspMiGxBEWeSzMRj2hD0mhBTnCZRVUdbagLi6oiZKv9h7t1UrubSkNUsbZxTCdWIXaE6NUsg+YiQKAZ6pf410VZ0ameF7++mATOOqBQiaw3g0QZLiqYks9Hyks9U0J5yz89VUymQqPtqxC30fQKR3/o+oc6YtAiGXuOiR//zPK8R/zZWM2k833tqxTF2wTNphDM5zeoqzFtt93jzuHFB6zqRwN7v5Sh1dB8JFRHErp/0OoAM+sDvKIxa/0bK9L8+mS0kZF8dwFBpgHeVgjH5ewkJNLXhZxUxBVZyV9sxUPZHX/QthcmSNUfAXudCPopTrRbg8eU+Hrm5tjvJlIqgVbQx9HBOppnXUCYpPPKMxJv6JCxDQtlGaxDlRXAll5WMGLpZ8hYDaAkneitQ2c73AB4veJ4ledC1PzLbbYfta97ZpI1XdHDvHXyzNDelsun1MIP14Q7xQilncW0IuADBVVYxgXB/mj2xfEthIIcTtfONjakILOM/mx2hJ0GAin3W3Ar68Gix/DFJHSmwIPqwVcNb4r9q0nH1lw9y7TtyNn+91buQLwGPkJrqjphwdCEj69xFBN6fmg/NEs0hyPL9X3Qn4kaqNroX/IGjajw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(366004)(396003)(376002)(346002)(39850400004)(451199015)(8936002)(52536014)(38070700005)(86362001)(5660300002)(2906002)(71200400001)(83380400001)(66574015)(186003)(7696005)(41300700001)(9686003)(26005)(6506007)(53546011)(478600001)(966005)(66946007)(4326008)(76116006)(66476007)(64756008)(122000001)(38100700002)(66556008)(66446008)(8676002)(110136005)(316002)(66899012)(55016003)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oYSpldC5VEM66PTc1aoDAIjFQ6z2WZLnYMWm4zEIVZ4EyKPSAitLwb5CLuZjJbCwP0RwxRDOf0W757X0q7/81r8DpfIG3BBfRTDxXfYyTFoSFtGDhS2YdBnwp0ud7E/YpbPDEY8qVDLWrGJ9jqnG9+rJ7GTEIrmbE7sA6Elwzi65bAV1EjDKZOsbCqV28CZa4dxAiXFW6QNCnpJij0ccR0RHg8pWcZAcJTmVmuw+C2C346m6SnJ43juB14vav5f4OAYT5qH+kqjO6AshYZ7090cPGJ2MtP8Bnl4FkExwwtom4UjPC7MJAlaRNgsj+FY2DNaLSLQvNmeqJW7nWGYKEpKYIUnZNSL1QxkV7TjvyYzKejH8Rtcza3u+8+e7XIlaSWqdV586MkQS3t+xp8UNRZCrvTqxo0B40emITb0WHcTyrUkEK7XDqYgurzQ4/Ly8BZpBtTYelha+RGVkKy63U2gc6w1X2CB5V0kgDYHCLw1gq5QHtMwniEEkRfvutp+A8TgNhw3tMsAbQK+Fcw+5ppfIusf+BGHkQUtGFQnOeJTxsxd6KtK5g5Ks8pHxtDA+xqNZde0y9Bpcu4NmKtOaVKav9KDR1fkR275CzFQXKCLiMsIlNNXwHAb4MgYsBJ1t3Pe0HRpI+lQxfFF5yRvBBGsodKPO5Zg83LQdDpp18AKVejcEGoC+tReNY19hskvF+/GFiU0o8bou9WkJId6jJVCMYg32tHN59EZUniT056OKIYf3sDKHK0U5q1XwRp3gYC48k3khJWeUDO4SWargV10BWDEnz20gAt4wrAQkCKv8k6xjUvhJM5hPCc8bFSbMWkWCtgaJz8PnXSCgrvWF1I9P0pWzroVa1UaA7+5hjTBFrc/5yc0gjaX/Tow9K/l66O4BeIb/Qb6zm7d7iRLUjWMAsYdtF1Q1Yb05/sPaL5F1oFNqb2DcG8Ixsa/H3KMB5zhBFUAoAuers0SkMbk0lu33blNwOb4vMYS6Ffmg8wXY3gmIVX4gMLPXlNFCArCrJlxSwZIKZDpt5z/x6MGlgkxsEDUQ1Gq7AEeZuFvnGn8XrEo3LSw/POZidRa0WS9GvR5F+gWnjb/SQtlTtwkgqNG0/hs3U5dEyHHkcXYdX/l+escxT0avIHnyDkpgM1euE99ZVeahgFvg5FTh9S45e1rRGdV1GVvBVPvS9TMKohKyoU2wKb4JcBsZ3EY5MvhSz1zQTz8P4X7AEF9sSO7cy7F7yWJqSv+nPyxS/P1t3tO5Ma9+50KTouOdYm9OGEB1wUbk6kveHOLLQjigT36J7Pd9qosc2qR/6UlK8TTTnFCuTmWjfwcRCgGXrlhw320QpkOyDHLTCMMXLqouy2mcn90kt+qzChWvmdXmSkNEZ99XOmkwuT1JaREx/5ZSKSpUetG1do4K/lEp0gnoReij+p3jBQPpO+WFVUH3c7levyzd402PisCEpbkLSP3ArqGW3QtpUPz0zxPNk0eDdGB58LiozudbmPMRVJLsnGdG7xjLDUkR6Pxy/hJJHcCgo32X/r1xdHL2LZMyjXfBHmJMYSVTP/MLSt5J4Xx94PZMJAqPVNMTBv+r3CRTYRMC1938L/o1giT3GtjimZ3e7AMxRg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb900335-ff18-40be-485a-08da9f498747
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2022 22:58:57.6746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 72/Ywa28ZxugdnoObJuD+oUu86kJlBQla0dus+c8p4OI/y+HUx0d1wsxcM9nfMrzTP8fZFWY2czJA262925k+JY1GCHhROg767auyjMJdq0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5122
X-Proofpoint-ORIG-GUID: hhlL2J07ZqWdRmOG_fRG3tRERCksIHYT
X-Proofpoint-GUID: hhlL2J07ZqWdRmOG_fRG3tRERCksIHYT
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-25_01,2022-09-22_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 malwarescore=0 phishscore=0 adultscore=0 priorityscore=1501 bulkscore=0 spamscore=0 clxscore=1011 impostorscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209250167
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/of4YQW_f5mkBrIWvrvIwLYGr6BU>
Subject: Re: [lamps] [EXTERNAL] Re: Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2022 22:59:12 -0000

I want to make it very clear that this post is my personal engineering opinion on draft-becker-guthrie-cert-binding-for-multi-auth, and in no way related to my employer or its operations.


First, the supportive part:

MikeJ said:

> Nothing in the related certs draft inhibits the use of composite keys and
certs. I don't see these approaches as mutually exclusive.

On this point, we are fully agreed and this is why I voted for adoption of this draft: I think they serve different use-cases and are nicely complementary.



Now for the less supportive part:

Panos said:

> It has huge implications to CAs because they would completely need to change their paradigm and check existing certs before issuing a new one bound to the existing one.

I made a similar comment in my initial feedback to Rebecca Guthrie -- see my "Question 4" here: https://mailarchive.ietf.org/arch/msg/spasm/p9LpLJDtvqCK2rPBAcBlr7nipdA/

In addition to the list of issues that Panos raised; a few more:
Trying to Relate certs across two unrelated CAs is non-sensical, and even within the same CA, Relating certs issued under different policies sounds problematic (ex: different CPS, different issuing CA, different DN paths, different enrollment mechanisms (ie web UI vs ACME), only one is CT logged, different EKUs, only one is EV, only one contains a given custom v3 extension. MikeJ's / Rebecca Guthrie's argument is probably that the verifier (RP) should check both certs independently and then check that they are related; as long as both certs are independently valid for the given protocol use then none of this matters. But historically, security researchers thrive at turning policy confusion like this into authentication bypasses against poorly-implemented RPs, and sometimes even into fraudulent cert issuance against poorly-implemented CAs. Maybe CA/B F could make a Related Certs Profile strict enough to remove all ambiguity about what it means for two certs to be Related, and as MikeJ says, maybe also enterprise PKIs (at least the ones that really, really know what they're doing), but it seems like there's a lot to get wrong here.

Russ said: "As Mike Jenkins said, if the CSR contains the certificate extension, the paradigm for the CA does not change."
I agree with ThomasG that in the case of RA-created CSRs, fine. But that in the case of externally-provided CSRs, since when does a CA blindly copy info from a CSR into a cert without verifying it? +1 to Panos' summary that this is "full of landmines not nearly similar to the ones we deal with today. CAB/F participants could chime in here."

I am not opposed to this mechanism existing, but let's not kid ourselves into thinking that it's a general solution, or that it's straightforward to deploy.

(shameless plug: composite doesn't have this problem because there's only one cert; nothing to mismatch)





Mike Jenkins said:

> All of it would be negotiated in-protocol, to the satisfaction of
the parties involved.

This implicit assumption that protocol negotiation exists seems to be over-fitting our solutions to TLS, IKE, SSH and friends. There are tons of important uses of X.509 that do not have built-in protocol negotation; some examples: OCSP Resp, Certifcate Transparency SCTs, JOSE / COSE X5c signatures, S/MIME signatures, code-signing and the Timestamping Authority signature inside it, document (PDF) signing, etc etc etc.

I think that any time someone handwaves at a problem being solved by protocol negotiation, we all need to read that as "I am only thinking about the authentication step of the TLS / IKE / SSH handshakes and haven't considered implications to anything else".

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: September 24, 2022 11:27 AM
To: Panos Kampanakis <kpanos@amazon.com>
Cc: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Panos:

I think we will need a lot more discussion with participation from implementer of CAs and security protocols.  As Mike Jenkins said, if the CSR contains the certificate extension, the paradigm for the CA does not change.  The addition of composite and PQC algorithms both add new OID and signature algorithms for the CA.

Russ


> On Sep 23, 2022, at 2:35 PM, Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> wrote:
>
> Hi Russ,
>
> I see composite certs as a new OID to be deployed in X.509 and a new sig algorithm to be negotiated and used in protocols. I see draft-becker-guthrie-cert-binding-for-multi-auth as a new cert issuing paradigm and a bunch of changes for protocols (send two chains, send two signatures, check the two identities to ensure they are proper, etc).
>
> I don't consider the effort for the protocol changes in the former nearly as complicated as the latter. As for the cert issuing logic changes proposed in draft-becker-guthrie-cert-binding-for-multi-auth, I consider them full of landmines not nearly similar to the ones we deal with today. CAB/F participants could chime in here.
>
>
>
>
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Friday, September 23, 2022 2:23 PM
> To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>
> Cc: LAMPS <spasm@ietf.org>
> Subject: RE: [EXTERNAL][lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
>
>
>
> Panos:
>
>> Additionally, it has great implications to existing protocols using X.509 for authentication. They would require major changes to introduce double signatures, send over two chains, confirm the signatures are from bound public keys etc.
>>
>> I understand that the authors' goal was to prevent two PKI migrations, one to PQ-hybrid and one to pure PQ but in my opinion the complexity is not worth it. Folks that are worried about authentication and want PQ support now could use composite in the near-term. Folks that either trust Dilithium, Falcon, or SPHINCS+ already or can wait a few years until they trust them, can just go to pure PQ signatures. These seem better options than going for a brand new complicated paradigm with bound certificates.
>
> If we believe that PQC and traditional algorithms will be used in combination, then we either need to put multiple public keys in a certificate that have multiple signatures on them, or we need to have a PQC certification path and a traditional certification path.  In both cases, the security protocol needs to be changes to make use of the tradition and PQC public keys.
>
> The LAMPS charter lets us develop RFCs for both approaches.  The assumption is that both approaches will be deployed in different parts of the Internet.
>
> When X.509 was developed, it assumed that a Directory would provide the repository for certificates issued to the same subject.  That Directory has not come to pass.  So, this draft is offering a way for the CA to tell where to find other certificates for the same subject.  This is not a new idea.  Please take a look at RFC 5697.
>
> Russ
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eR0jq2uHrZPyErjFbxe0FNZpPo4MTVpGi39yJmF61D5idcpUtmSZRamMfplaOzq6Bet3_blYM7NzmiQcJKLwlxJJbS79$
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eR0jq2uHrZPyErjFbxe0FNZpPo4MTVpGi39yJmF61D5idcpUtmSZRamMfplaOzq6Bet3_blYM7NzmiQcJKLwlxJJbS79$

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eR0jq2uHrZPyErjFbxe0FNZpPo4MTVpGi39yJmF61D5idcpUtmSZRamMfplaOzq6Bet3_blYM7NzmiQcJKLwlxJJbS79$
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email