IETF Logo Mail Archive

Re: [lamps] Proposed recharter text

Roman Danyliw <rdd@cert.org> Wed, 10 March 2021 22:31 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381563A1A3E; Wed, 10 Mar 2021 14:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJJVCUpSyY0f; Wed, 10 Mar 2021 14:31:55 -0800 (PST)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8644B3A1A3D; Wed, 10 Mar 2021 14:31:55 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12AMVrbI007278; Wed, 10 Mar 2021 17:31:53 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 12AMVrbI007278
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1615415513; bh=d+BndOp6pS/0xyE40Tn12FyNPdDir+4EC5lVopChRrg=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=PkJtDPD8TqQgNjsZHv6H+/XbyxjVHHVZQXbnrMFpsQB7FPGWfo0uhZ2su0haFYexZ Eq+LJFjtLI7fpo4QYl9iTl0al4RsdhUQQoTowkFHJhOuHfAoPaMXjLU//a14d/HW2H RU9le0MLA35DCUmV8xoglMBAMf1s2tfMPlVxLNe8=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12AMVq4I025681; Wed, 10 Mar 2021 17:31:52 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 10 Mar 2021 17:31:52 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.013; Wed, 10 Mar 2021 17:31:52 -0500
From: Roman Danyliw <rdd@cert.org>
To: Benjamin Kaduk <kaduk@mit.edu>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Proposed recharter text
Thread-Index: AQHW/+p9fpmxGXwNzkKsUmNdZmw0j6pcFwOAgACkJACAHhuJAIAAafaAgAEJq6CAAIrcgIAAnbwAgABbiAD//7mOUA==
Date: Wed, 10 Mar 2021 22:31:51 +0000
Message-ID: <98b073fb1215410492e209ef4ca8833f@cert.org>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <9D01B155-6BB8-4438-8FAA-149686B69B64@vigilsec.com> <BN7PR11MB254762EDB050588E65B423B2C9869@BN7PR11MB2547.namprd11.prod.outlook.com> <038A4AA3-96A5-4827-BEEB-12B58F49102B@vigilsec.com> <b82901c00c6847fe9a8f420275d74ccc@cert.org> <DM6PR11MB43805BE3FEFD91A5BDD592EF9F939@DM6PR11MB4380.namprd11.prod.outlook.com> <f6b83156ae704d459125bf4157578e86@cert.org> <DM6PR11MB43806CB904AD424D1B925E799F919@DM6PR11MB4380.namprd11.prod.outlook.com> <0CC020DD-215E-4B1A-BBB9-F849BE6F3A3C@akamai.com> <20210310145410.GX56617@kduck.mit.edu>
In-Reply-To: <20210310145410.GX56617@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.203.75]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/oh7Oe8BaSURJnchhKhpZMrAxikM>
Subject: Re: [lamps] Proposed recharter text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 22:31:57 -0000

Hi!

> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>
> Sent: Wednesday, March 10, 2021 9:54 AM
> To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
> Cc: Roman Danyliw <rdd@cert.org>; LAMPS <spasm@ietf.org>
> Subject: Re: [lamps] Proposed recharter text
> 
> On Wed, Mar 10, 2021 at 02:26:36PM +0000, Salz, Rich wrote:
> > I am concerned about having to decide the hybrid/multi-signature issue NOW
> during the rechartering.  It's way too soon.  I think we need to discuss the
> approaches in a technical context (i.e., as part of WG discussions).  What's the
> best way to do that other than put vague words into a charter?
> 
> I think we've seen (other) WG charters that include discussion of a topic to
> decide on an approach, with need to recharter to actually produce spec
> documents on that topic.  Just one option of many, of course...

+1.  We don't need to have approved charter language to discuss a topic.  We can even discuss and work on drafts that might shape the plan or approach.  We just can't adopt them without a charter change.  I noted in an earlier email [2], we may actually find that as we decompose this problem, not all of it is appropriate to tackle in LAMPS.  Given some of the expressed uncertainty, we may also need to charter "this scope" (whatever it might be) in iterative "chunks".  Certainly, this creates some administrative overhead, but this shouldn't be too high.

In rereading the discussion and trying to answer my own questions [1] on what a tighter scope would be, let me test it with some replacement text:

OLD 5(b)
The specifications developed will enable PKIX and S/MIME protocols to support hybrid key establishment and dual signature mechanisms

TIGHTER SCOPE:
5.b.1 = Specification(s) for identifiers, formats and operational practices to enable dual signature operations using algorithm(s) vetted by the NIST PQ effort

5.b.2 = Specification(s) for identifiers, formats and operational practices to enable hybrid key establishment using the algorithms vetted by the NIST PQ effort and hybrid key establishment constructions defined in a revised SP 800-56C

For me "operational practices" could potentially cover generation, validation, verification, etc.  As written, what it would exclude is updating PKI-related protocols and getting into any work that modifies other protocols that might leverage this work.

How confident are we that draft-ounsworth-pq-composite-sigs is the starting point we want (for just 5.b.1)?  Not pointing to this document specifically, but if we had one we could point to as a starting point this would also help create the bounding box on the new work and satisfy the other LAMPS constraint of "and there is at least one sufficiently well specified approach to the update so that the working group can sensibly evaluate whether to adopt a proposal"

Regards,
Roman

[1] https://mailarchive.ietf.org/arch/msg/spasm/rbcufPA13VfSRLBw41Sbb5bO-J0/
[2] https://mailarchive.ietf.org/arch/msg/spasm/jxmWz7MxaShMEopwE-ZJfzsIbYY/

v2.23.0 | Report a Bug | By Email