Re: [lamps] Current efforts in the direction of draft-truskovsky-lamps-pq-hybrid-x509?
Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 07 July 2023 17:57 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36770C151999 for <spasm@ietfa.amsl.com>; Fri, 7 Jul 2023 10:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5qHwn5C8ofX for <spasm@ietfa.amsl.com>; Fri, 7 Jul 2023 10:57:48 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2138.outbound.protection.outlook.com [40.107.220.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC17FC151997 for <spasm@ietf.org>; Fri, 7 Jul 2023 10:57:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jTqpZn12JGWyNi2wp4VGxUw6Z2bbpF3rs6yTt/9tdGJuvlkj1flS2fR69vfi9v0QYqO0ibjWeFBCnSzxmEasEQIEbkdzt7lVJJnnrj5IfduW+TA5V5gB8T+RrmGyL5NOabI17gEyXDD7bcwhhAkevRjM/gis/rgKlVLyZcaCntOcD/XBSDAX7SspJl7BV+iDOW4wSxPT3akZOUOFvB+rlTIZ08VQ5vv8WPSPkFfDh+AYuZ/RAWY2uL4YEJV3/S3qBflmBuYROmhgv92UBkB+uEI3e5tInUzgpHuyRYoCK130G4qGnI/yc7yROnQmDTvbVKn2A7/80cLZZ1HZ5xPbsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MP4sTkMPHzmMXW/YKUGXYyIh3NKep73UnLKscdFloO4=; b=XR5thW76wJw7zpxbuObyGzxoBryU1raEfJ4OR2sKNXFZo2Rg92zQuJeJXQnEKNBs/4hN7x1v1xsLrPeOCnlJF7EkzIJZbqG6PPn0av1o+RJFsJ9uTFWM6Y5uH/KP7vegOOGqCgBn0Jf5UaMH8pxjfeM00ExMFcXMrtZUQ/3Q1HG6pewacZmkGo/zW+jBe4Cclvwcjflnrr2qImbfpRMGT8jiV/CxU9u3QWb0L6I31dt5C4sWDTRxViCQiQ/17pGI81tHFkYmkf/G1cnhbfixKVwQVFXkTcqWqPL76MUfI42njjpc05FKvQxoZ+tGuJmHIAep3HAvVtScuEh9CtDH1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MP4sTkMPHzmMXW/YKUGXYyIh3NKep73UnLKscdFloO4=; b=QtVSVIp5F3o0bBsPGjqAPJKcUM2m8Yp6tf12gaqvtOSCgsd94gEGkPOytWaCQrDTSpOa+95Wpg8nQIZv7Hd80UmI2xbTgFjzL3G7A7DgV2REj/q9A/967FMmYslmgu87ZO/vFtn2HueNVzqhoh2ee5+GNEpSb8vtMixehaayQR5wX4uVMV9WNd7nGvf1oYsMBNhRZ9EfAuuXLPIs8UI3ksBL/kbKJwrZ3FwpsMXwe7SmQi9c9Xw+GZnTGCNl8LdnRlrhEZGYdeE5GUfyXI7FjSBS5YWmHZs8X/2u7o4ugyMCcIgOmPDGWZGZPOIdPJkprGDaGH5+g+H6ZDXSqa5Z9w==
Received: from SN7PR14MB6492.namprd14.prod.outlook.com (2603:10b6:806:328::17) by SA1PR14MB4548.namprd14.prod.outlook.com (2603:10b6:806:1af::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.25; Fri, 7 Jul 2023 17:57:45 +0000
Received: from SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::7949:5d68:8e14:bded]) by SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::7949:5d68:8e14:bded%4]) with mapi id 15.20.6565.016; Fri, 7 Jul 2023 17:57:45 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Iyán Méndez Veiga <imendez@ethz.ch>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] Current efforts in the direction of draft-truskovsky-lamps-pq-hybrid-x509?
Thread-Index: AQHZsNxDuVT0Ea78tUayHa/gLB9qO6+uk5AA
Date: Fri, 07 Jul 2023 17:57:45 +0000
Message-ID: <SN7PR14MB6492131663B6004B89B4E525832DA@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <7857448.9X9Kdy9spX@thinkpad>
In-Reply-To: <7857448.9X9Kdy9spX@thinkpad>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR14MB6492:EE_|SA1PR14MB4548:EE_
x-ms-office365-filtering-correlation-id: b94fc2bb-f024-4baa-c525-08db7f13ab17
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mJjJdMCXWwS6nmDVxukzuVMLTQnAs4cfLmDCKf6CeCD5QtLwpWbYHSrRA1TcNcGqa7YMdAXA2U4tqx9EfIpvhHZhPLmBl5UYbBVJgFAZaAxurWu25F5GS6q+BUTF+whZL0CvGpAAwLxpQQl4o4hTxKd/jQajZK8EMxjEmYb69lIvwxawokTgIk1UDbb0knyuFCFHAs4E4MC4UiHRDHpYoFbwO2asY+XNYTCnJmpX/kPX/h7Pek9d7rvVxmI68DmWnJcLzYeN/ns9zKs/9ZJQw1u1TUaZwQjN6ycNwKLDLL47spUUtDGHBb/eIWswWFExeguvrG0utstGXnSWZ6XmoCt84+RzMHCpO2OH6vx74CEIv+2GhiZ77lZmxhsdv9elzSVB2qBhv6VTXhFoCg3H9THFSr9MOwrwL3C9IJp/8vqPNWTu67x9i6EOodYWNFxd+6QP3BsCsBHgH5tnP4idylqTxMU1HGW1TieuUkrEd/EIWoQ21W9kfqCDSYXfYdrGoOes2zcyJPkAJqf1ECOBlT69Bh/bwtoyje+Wq1Cz0REN6SG8ggsOQNsFrQOS5F8kVUy1Fu7UE4Y0KCK3nbJCZl/ZIHGUNHffM+1aWxDBPFk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN7PR14MB6492.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(376002)(366004)(346002)(136003)(39850400004)(451199021)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(122000001)(38100700002)(186003)(86362001)(26005)(53546011)(6506007)(83380400001)(38070700005)(66574015)(33656002)(966005)(9686003)(478600001)(7696005)(71200400001)(55016003)(110136005)(44832011)(41300700001)(52536014)(5660300002)(8936002)(8676002)(2906002)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5oj+t4bv/Hbc/mqobpklGNROHqc3FdHK07CFz0iyZBe7bUSI+GA7z9bSipd0X498rkazLHrVvilAHT7+ZCPKk6ZFQUium+8cLInY2uP4BTDQGruI9OnGOmUZzE+3op6pP1RKbYo+GX7hZUJnwh8HlS9VH764cvTTgeZiSDW7Ot5Otmp6EFA6vXS/sy2+q1ToDrNHioHRwOTOsZ400nsdxv3baC/3As1m7QAtPG+K1okHKmffqg6QJvKGryeRC0/u2Mw/FnVh6G+7LpVQfUNojFhhk9cqhUS3zuyzOJtnQiNoNe0LyEtUvFlk0pa32AFoHtL/H1NXUth9bSXHpSo5Y5aNnoZuN4U0OBwdVm0AeDKARmNzMzVm1GXYXv7xGmOOcgxUTO0iYnEpt2850iAuZiEM20FwmT3wYd7PSK+ePwPTHK+7HPq95R0Kl/HAyNrlJv3ZVqEficO3VIKrb1T45LXXOWhRBSdAQDYi7RPN7Pn994cDeI9/Wm5evxd7R46An9e2xcf5x7QI+m8sYckswMTPMlR49OSkuiHecx56pAy5mqVvQld3Mw9z/DByFO5gQMKr2vjP60qO0RYEceaKTX2aO1bDIKcOChJmSUTzXuzZPm6iK7jOBjxt+JyU4Yf0uliv+c9sRcs+SYNLJhQ5/YBQNjWnqcxUaHcdrg447zclSKXxO398lqmlfWMrjk2E/5w28ZD3HrCRMuuI13pD9cZu9KYJtDO2P/XZw6XdwFJF4PJeHkf5bwQ7zekKpxy9mbGBbB6FCg/+DoE0i2dxCcKVPydL8auNEiSM9HBKsb0CVzpuC4WZ12u4Sy9DjCsrvLOGH5OGSKNQvM50mQYfgImTGU7F/v+lq3DaMWEFak741zYyidg3ihVttDRKsxKBHOlUKDHN6e4Crhh4dVLG5L2W1CagAmVom6dyyFVGfb5Y/uxPpuQzPxeIkgpJz23L5E84Q7LO9j1yNjCkFq3Ucv0pDlwSSPkoO/I6CawVb7MLpPJVETEMirkO6txM7TYq1hSL0YEeRh2iAyRKXxd1lIGEsPs8cFfx7hQWAmIckHxRwvaVJNhEwejKuunq3QFP5l71Sp1dSGviBXuHRayicm0Pm+IfPHnDQjzMszNkcs65dlVirxT5OJTtn53TxpA1TggOFWkwlCR8k94i3PzqXEqO5LZxIj3Gb6YRRVwDav2YOBzifGkpNQpHVEqYDKtx3tdHTJ8jx5aVmq0G4raTdDbcPo+4wxxM3mjh4qYimEktiw+mIDIzzOZM7KwJby5xkn8CqHlIiYFX/uLHP7EBMNIWMqF27Zhlo1danfOXeZjaEecUy2YCi0/FJXh2kQ1v+doiK8nnYS256Ar3jLeiY+UOZeg6/VkNcCXMASJzjcKjMeaApJ8tEg7zYHRLQzWiY3+cEyjudgSZQ5skpzQJfUCdfj0yCmYg1ENdG37Fd2/DUovJ6rv22di8iALFLkyB0f3scqs3Bz/m7Ybea12HrNftCblwh50q7LckaApWiCofwt6Puc7M9bAWZ6oe/NNlyC1jKW0BMZopFh55/uz9aN9/ZMTHFA6kkkBZbLr8ei/Jt/KHv9hccWuK/J5YIyFhWpb57SZ/NYzwNs3Hu01oLg==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR14MB6492.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b94fc2bb-f024-4baa-c525-08db7f13ab17
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2023 17:57:45.4455 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yrRBgWB2N/D/fgtqUbiJ+hnCKmDhwjhnWSy9Zf/nU6tyOP5Z7cKK4WpQto/i4RMEDi2jUCfd9qDg3XCC4QrMl5G++Y3MR6ysDdVfWn6EWtU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR14MB4548
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/yeGoYMR6KmIibEJg4l7kL1MzDiI>
Subject: Re: [lamps] Current efforts in the direction of draft-truskovsky-lamps-pq-hybrid-x509?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2023 17:57:53 -0000
DigiCert was very supportive of this approach in the past, but it has a bunch of downsides that were discovered upon closer examination. The IPR situation also did not help. The problem is that interoperating with existing systems doesn’t actually buy you much, as you still pay the cost for transporting the large PQC keys. That means you pay a pretty high price early in the transition for only marginal benefits in use cases where certificate size matters. You can't effectively cache the PQC keys because that leaks information about whether the site has been visited before, and it's difficult to use it in a mode where you operate with both existing and new systems, because the requirement to support existing systems makes downgrade attacks against the new systems feasible. You then need some policy mechanism to communicate which systems need to be checking both keys/signatures, and which are allowed to use just the default key, and all that infrastructure is about as complicated as the infrastructure to manage two certs via policy or negotiation and just use the appropriate single key cert. Using two single key certificates does have its own certificate management challenges, and those have recently started being discussed and explored. But managing multiple keys via multiple certificates does seem to be more straightforward, and does seem to be the consensus direction at this time. Using chameleon certs is a clever idea that allows a single certificate to be managed, but allows each component of the pair to be used individually. But it's still a very, very new trick and could use more careful analysis. Most of the recent work has focused on composite keys instead, where the two keys are put together into a single key, which requires support for a new "algorithm", but requires far fewer changes throughout the rest of certificate management and tooling. This provides most of the benefits hybrid was intended to provide (falling back to RSA instead of plaintext if the PQC algorithm fails), but in a form factor that's much more compatible with existing software. There's been some talk of refreshing / updating the hybrid draft, but nothing has come of it so far. A lot of this is very much still a work in progress, and people are still figuring things out, so be prepared for things to change as the working group continues to try to figure out these important questions. -Tim > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Iyán Méndez Veiga > Sent: Friday, July 7, 2023 10:05 AM > To: spasm@ietf.org > Subject: [lamps] Current efforts in the direction of draft-truskovsky-lamps-pq- > hybrid-x509? > > Hello, > > I recently found the interesting draft-truskovsky-lamps-pq-hybrid-x509, which > I think it would allow a much smoother PQC transition. > > Unfortunately, the draft has expired some time ago, and I couldn't find any > derivative work apart from a small reference by Mike that this was > standardized by ITU-T [1]. I guess he was referring to section 7.2.2 of their > X.509 (10/2019): > > https://www.itu.int/rec/T-REC-X.509-201910-I > > There was also some recent mention to the draft in the IETF 116 Hackathon > "PQ Use in the Read world: X.509 Keys, signatures, certificates and protocols", > but I couldn't find any details. > > It was also pointed out to me [2] that this approach was protected by a patent > owned by ISARA, but later it seems they relaxed this restriction [3]. > > DigiCert seems to be testing this idea as well [4]. > > Could anyone summarize to me the current status of this work? Why this draft > never got updated? Are there any plans to continue working on this with an > active draft? > > People from the Open Quantum Safe project have shown interest in > implementing this, since it's a good approach with a straightforward > backwards compatibility, but since changes have to be made to OpenSSL as > well, and I quote here "not having this at least in active Draft state at IETF > makes this a non-starter". > > Looking forward to learning more about the status of this work. > > Best regards, > Iyán > > [1]: https://mailarchive.ietf.org/arch/msg/spasm/VJPJXLquDjEjEmRysiGrdsL- > Nwc/ > [2]: https://github.com/open-quantum-safe/oqs-provider/discussions/209 > [3]: https://www.helpnetsecurity.com/2022/10/26/isara-digital-certificate- > patents-quantum-security/ > [4]: https://docs.digicert.com/en/certcentral/certificate-tools/post-quantum- > cryptography.html#idm45907393047856 > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Current efforts in the direction of draft… Iyán Méndez Veiga
- Re: [lamps] Current efforts in the direction of d… Tim Hollebeek
- Re: [lamps] [EXTERNAL] Current efforts in the dir… John Gray
- Re: [lamps] Current efforts in the direction of d… Iyán Méndez Veiga
- Re: [lamps] Current efforts in the direction of d… Carl Wallace
- Re: [lamps] Current efforts in the direction of d… Tim Hollebeek