IETF Logo Mail Archive

[lamps] Re: WG Last Call for draft-ietf-lamps-kyber-certificates-07

Russ Housley <housley@vigilsec.com> Sun, 12 January 2025 17:09 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1919EC14CEFE for <spasm@ietfa.amsl.com>; Sun, 12 Jan 2025 09:09:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQwAnM0niQbY for <spasm@ietfa.amsl.com>; Sun, 12 Jan 2025 09:09:13 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0134DC14F69D for <spasm@ietf.org>; Sun, 12 Jan 2025 09:09:13 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 0DC781ABF54; Sun, 12 Jan 2025 12:09:12 -0500 (EST)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id EC7491AC183; Sun, 12 Jan 2025 12:09:11 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.200.121\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <20250110211357.100776.qmail@cr.yp.to>
Date: Sun, 12 Jan 2025 12:09:01 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <65BBC253-EA24-42FE-9427-F3740D9AEED2@vigilsec.com>
References: <20250110211357.100776.qmail@cr.yp.to>
To: Dan Bernstein <djb@cr.yp.to>
X-Mailer: Apple Mail (2.3826.200.121)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=content-type:mime-version:subject:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=pair-202402141609; bh=EDNlTTb3i5SeSo+P/J5XC6m+Do6jzDsCJHbJADcHHPw=; b=dwhaKyJI21w+uT5G2O380c4zQdW/9IJwpRcvHI3syNdOmkmzlPr44ipa1oWfnBDTcQ5+s9GriEcphXJ4czDd4hqx69zM81YDOsTCqTbxsGjQwno9w5pwZ50PmPklSHMgQatpheZO8/B2B1qRTTDoskNB3Xn61X/g1By6DGL3/JQ0UdNMHvnLhv9yJARagwfOH9bqgwFxadxYieM6h4Pv3+RYxBnfotMT2v8ZpSexZnQFb4v5/4NpZzo9hX8QHuXQ7Gmbx/Q/Mv4VfdhChPlyjDhI6agaCw/i24IipYBH4my23RzSqirnNk7jk4Fjct4/X2FpK7gm4cjXAso0eAmWhQ==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Message-ID-Hash: LBWIOB35KT3ZS3LLYYNWJPSI3VF4RW77
X-Message-ID-Hash: LBWIOB35KT3ZS3LLYYNWJPSI3VF4RW77
X-MailFrom: housley@vigilsec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: spasm@ietf.org, sob@harvard.edu
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: WG Last Call for draft-ietf-lamps-kyber-certificates-07
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zLmwru2ICigdBkPLb_P7giWaO0g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Dan:

>> This is not a mandator-to-implement algorithm.  If one chooses to
>> implement this specification, then that implementer will obviously
>> need to implement ML-KEM.
> 
> That makes the algorithm mandatory to implement.

We disagree on a vey fundamental level. The PKIX WG and the LAMPS WG have been very clear that there are no mandatory-to-implement algorithms in the PKI specifications.  Rather, othr WGs that specify protocols that make use of PKI can make algorithms selections.  For example, S/MIME and TLS are two protocols that use PKI.  S/MIME 4.0 (RFCs 8550 and 8551) includes statements about mandatory-to-implement algorithms.  The TLS 1.3 (RFC 8446) includes statements about mandatory-to-implement algorithms. 

Russ

v2.46.0 | Report a Bug | By Email | System Status