Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 23 March 2021 15:57 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B953A1311 for <spasm@ietfa.amsl.com>; Tue, 23 Mar 2021 08:57:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=+msh5Gj8; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=WqPRxpWG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f1ALzTGygFBY for <spasm@ietfa.amsl.com>; Tue, 23 Mar 2021 08:57:36 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 416093A1306 for <spasm@ietf.org>; Tue, 23 Mar 2021 08:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1616515053; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=D6YuLmLrwUxFZ37qRQpnW1BRj23ESFvCAkCmqn0L+Bo=; b=+msh5Gj8xHYPFC1Pqk+7VRrZQCb02v7pErAgury82//e3tjpkwPNDQhz4qlTn1hg2M9dD iN5ScsBsovRicA0Bg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1616515053; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=D6YuLmLrwUxFZ37qRQpnW1BRj23ESFvCAkCmqn0L+Bo=; b=WqPRxpWGLavXW9S/dclCAg0YzajfQYtuOwIMc24zM1b/R1MWrwd0QmqSYIFjsJ5KeA9Ew N5K3iw4dYWBFlb04CnFtXWt8kKMXjHrkE7sG1hkrhwOiHMPfJnZVGkUh2EPgaWAGjfnPDZs J8eLyXKZYsMHJo38HAZ48X876n2fVwHXKyeC0plwZtUOaYAGTm1p6kORuH8/P70EOgfVmgf rfV/JUocgf+rhFpTybtfx5N3DQWiALnN3RcnZK8MDS/gZwwXPHB9e/XJLqPUEwQtR0rWj/4 JZW1FIlKeTq2riODV9P5Hjk7IRfWUqTR82amax0G2J5nGx8SKVq9smR+FktQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C1F9FF9A5; Tue, 23 Mar 2021 11:57:33 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id F0F1A203F0; Tue, 23 Mar 2021 11:57:30 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, Rene Struik <rstruik.ext@gmail.com>
Cc: LAMPS <spasm@ietf.org>
In-Reply-To: <DM6PR11MB4380EA3E63FDFC161E5DA8689F649@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <5A22DF7B-BCA5-42F6-BB95-D4F70FDB1996@vigilsec.com> <951CAF0F-7461-4057-B95E-D1F6CAE61D02@vigilsec.com> <4c18a9982cc94df2952d7b2cbae89d99@cert.org> <7B82765F-9C7A-4C4D-B115-A2835B44E6D6@vigilsec.com> <b3fdb1ac051b4ae0ad748782daebead2@cert.org> <ACE141CD-B0B7-45D3-B54F-BE25275A0D25@vigilsec.com> <29f2b6c9-d7fe-0aa5-4509-d10279a2d902@gmail.com> <EC04667D-6426-4942-81E8-D0EEDCBFA359@vigilsec.com> <c709e623-80f1-3803-0dae-4785d0028828@gmail.com> <B70F19FF-2042-41F0-881A-FCFB13CFCC87@vigilsec.com> <DM6PR11MB4380EA3E63FDFC161E5DA8689F649@DM6PR11MB4380.namprd11.prod.outlook.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Tue, 23 Mar 2021 11:57:30 -0400
Message-ID: <874kh150d1.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/olc3TW8kTNnVpNlHFs4641chjmM>
Subject: Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 15:57:41 -0000
On Tue 2021-03-23 05:24:32 +0000, Mike Ounsworth wrote:
> My current understanding is that strong cryptography wants hybrid and
> dual modes to be a “MUST USE ALL” sort of thing, while strong
> backwards compatibility wants a “client can use as many as they
> support” kind of thing. Conflicting requirements.
>
> For signatures you can design such a system where the signer produces
> all the signatures and the verifying only checks as many as they can
> since dual signatures are parallel and independent anyway (In an
> upcoming version of draft-ounsworth-pq-composite-sigs I have added a
> separate OID for "Composite-OR" to keep the wishy-washy dual
> signatures distinct from the strict ones, and I'm expecting a healthy
> debate to arise about whether this is a good idea or not).
>
> But for keyEncipherment and dataEncipherment I don't think you can do
> that at all;
I agree with Mike's characterizations here about the problem space.
PQ-hybrid signatures are a much easier thing to tackle than PQ-hybrid
encryption. But PQ-hybrid encryption is also the thing that has the
most urgency. Signature verification has an out: verifiers can
time-bound their acceptance of legacy signatures once a quantum-based
cryptanalytic attack becomes known to be plausible. Encryption has no
such out -- an attack isn't necessarily visible to either the producer
or consumer of the ciphertext. And, an encrypted object might be
attacked in the future so it needs to defend against future mechanisms.
So if we're going to prioritize this work in LAMPS, I think we need to
prioritize the hard problem. That means tackling PQ-hybrid public key
keyAgreement or keyEncipherment or dataEncipherment schemes that are
"MUST USE ALL", along with whatever attendent signalling mechanisms are
necessary for experimentation and (hopefully) deployment.
I generally advocate for tackling the easier problems first, but i don't
think we should block handling the encryption side of things while we
wrestle with the signatures.
--dkg
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Salz, Rich
- Re: [lamps] LAMPS Re-charter Mike Ounsworth
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Rene Struik
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Rene Struik
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Daniel Kahn Gillmor
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Michael Richardson
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Daniel Kahn Gillmor
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Michael Richardson
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: LAMPS Re-charter Carl Wallace
- Re: [lamps] LAMPS Re-charter Jonathan Hammell
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Jonathan Hammell
- Re: [lamps] LAMPS Re-charter Russ Housley
- Re: [lamps] LAMPS Re-charter Roman Danyliw