IETF Logo Mail Archive

Re: [lamps] LAMPS Re-charter

Russ Housley <housley@vigilsec.com> Fri, 26 March 2021 14:38 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 101D83A2045 for <spasm@ietfa.amsl.com>; Fri, 26 Mar 2021 07:38:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id owe-hjv3VnKR for <spasm@ietfa.amsl.com>; Fri, 26 Mar 2021 07:38:51 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 518EE3A2029 for <spasm@ietf.org>; Fri, 26 Mar 2021 07:38:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9B393300B78 for <spasm@ietf.org>; Fri, 26 Mar 2021 10:38:48 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iyymIbMtZUIO for <spasm@ietf.org>; Fri, 26 Mar 2021 10:38:47 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 7BC05300AE5 for <spasm@ietf.org>; Fri, 26 Mar 2021 10:38:47 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Fri, 26 Mar 2021 10:38:47 -0400
References: <5A22DF7B-BCA5-42F6-BB95-D4F70FDB1996@vigilsec.com> <951CAF0F-7461-4057-B95E-D1F6CAE61D02@vigilsec.com> <4c18a9982cc94df2952d7b2cbae89d99@cert.org> <7B82765F-9C7A-4C4D-B115-A2835B44E6D6@vigilsec.com> <b3fdb1ac051b4ae0ad748782daebead2@cert.org> <ACE141CD-B0B7-45D3-B54F-BE25275A0D25@vigilsec.com> <CALhKWgjB_RVGaQriPbero6eWTdaD4JaVqmHLjHHsqsjrBHUrFA@mail.gmail.com> <EF24C291-BE2D-40A6-8916-84F62DA78559@vigilsec.com>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <EF24C291-BE2D-40A6-8916-84F62DA78559@vigilsec.com>
Message-Id: <EECA1CAC-54EA-4A19-931C-0383A28E9111@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/xV6pO0VpgkGWGGaisdEYw71URHw>
Subject: Re: [lamps] LAMPS Re-charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 14:38:55 -0000

The only changes that have been requested are in Section 5 of the draft charter text.  I think this captures it.

Russ

= = = = = = = = = 

5. Recent progress in the development of quantum computers pose a threat
to widely deployed public key algorithms.  As a result, there is a need
to prepare for a day when cryptosystems such as RSA, Diffie-Hellman,
ECDSA, ECDH, and EdDSA cannot be depended upon in the PKIX and S/MIME
protocols.

5.a. NIST has a Post-Quantum Cryptography (PQC) effort to produce one
or more quantum-resistant public-key cryptographic algorithm standards.
The LAMPS WG will specify the use of these new PQC public key algorithms
with the PKIX certificates and the Cryptographic Message Syntax (CMS).
These specifications will use object identifiers for the new algorithms
that are assigned by NIST.

5.b. NIST and other organizations are developing standards for
post-quantum cryptographic (PQC) algorithms that that will be secure
even if large-scale quantum computers are ever developed.  However, a
lengthy transition from today's public key algorithms to PQC public key
algorithms is expected; time will be needed to gain full confidence in
the new PQC public key algorithms.

5.b.i. The LAMPS WG will specify formats, identifiers, enrollment, and
operational practices for "hybrid key establishment" that combines the
shared secret values one or more traditional key-establishment algorithm
and one or more NIST PQC key-establishment algorithm or a PQC
key-establishment algorithm vetted by the CFRG.  The shared secret
values will be combined using HKDF (see RFC 5869), one of the key
derivation functions in NIST SP 800-56C, or a key derivation
function vetted by the CFRG.

5.b.ii. The LAMPS WG will specify formats, identifiers, enrollment, and
operational practices for "dual signature" that combine one or more
traditional signature algorithm with one or more NIST PQC signature
algorithm or a PQC algorithm vetted by the CFRG.

v2.23.0 | Report a Bug | By Email