attachment
<div dir="ltr"><div>Hi,</div><div><br></div><div>FYI - The start of a lively thread on the IRTF Crypto Forum list - all positive replies.</div><div><br></div><div>Cheers,</div><div>- Ira<br></div><div><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><br><br><br><div style="display:inline"></div><div style="display:inline"></div><div style="display:inline"></div><div></div><div></div><div></div><div></div></div></div></div></div></div>
<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Dr. Pala</b> <span dir="ltr"><<a href="mailto:director@openca.org">director@openca.org</a>></span><br>Date: Tue, Jul 17, 2018 at 3:35 PM<br>Subject: [Cfrg] Applied Quantum Resistant Crypto<br>To: "<a href="mailto:saag@ietf.org">saag@ietf.org</a>" <<a href="mailto:saag@ietf.org">saag@ietf.org</a>>, PKIX <<a href="mailto:pkix@ietf.org">pkix@ietf.org</a>>, "<a href="mailto:cfrg@irtf.org">cfrg@irtf.org</a>" <<a href="mailto:cfrg@irtf.org">cfrg@irtf.org</a>><br><br><br>
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi all,</p>
<p>I was wondering if there are people interested in setting up some
sort of discussion forum where to discuss the deployment (from a
practical point of view) for QRC in their systems. The intent here
would be to share the experiences, provide feedback, and possibly
even share implementations/references/<wbr>etc.</p>
<p>Moreover, being this quite a new field when it comes to
real-world applications, it would be interesting to understand the
new requirements so that we can plan for algorithm agility
correctly and not having to go through what we suffered in the
past (and in some cases with current protocols) to upgrade/switch
among different schemes/algorithms.<br>
</p>
<p>For example, some of the topics might include:</p>
<ul>
<li>How to deploy PKI services</li>
<li>Mixed environments considerations (QRC and "Traditional"
Crypto)</li>
<li>Mixed environments (stateful vs. stateless)</li>
<li>Encryption and Key-Exchange for QRC - what are the options
there (it seems auth is well understood, but other problems are
still open)?</li>
<li>Are there implications for the deployment of PKIs we need to
be aware of and are not currently mentioned/addressed?</li>
<li>Any real-world deployment out there (or plans for it)?</li>
<li>Algorithm Agility, what to plan for?</li>
<li>Applicability to Revocation Services<br>
</li>
</ul>
<p>Most of the activities to standardize QRC in CMS/SecFirmware/etc.
that I can see are related to the use of Stateful HASHSIG and I
have not seen any "standardization" activities around stateless
schemes (e.g., SPHINCS), but if I am wrong, please let me know
(and if you could provide some interesting links, that would be
great). I think it would be useful to understand how to
practically deploy these new schemes and how to refine / provide
the building blocks required for their implementation and
deployment.<br>
</p>
<p>Here's some references:</p>
<p>Merkle Tree Signatures (Stateful):<br>
</p>
<ul>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/" target="_blank">https://datatracker.ietf.org/<wbr>doc/draft-mcgrew-hash-sigs/</a></li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-housley-cms-mts-hash-sig/" target="_blank">https://datatracker.ietf.org/<wbr>doc/draft-housley-cms-mts-<wbr>hash-sig/</a></li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://www.ietf.org/id/draft-housley-suit-cose-hash-sig-04.txt" target="_blank">https://www.ietf.org/id/draft-<wbr>housley-suit-cose-hash-sig-04.<wbr>txt</a></li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/rfc8391/" target="_blank">https://datatracker.ietf.org/<wbr>doc/rfc8391/</a> (XMSS)<br>
</li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://eprint.iacr.org/2018/063" target="_blank">https://eprint.iacr.org/2018/<wbr>063</a> (Viability of Post Quantum
X.509 Certs Paper)<br>
<br>
</li>
<li>Implementations:</li>
<ul>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://github.com/cisco/hash-sigs" target="_blank">https://github.com/cisco/hash-<wbr>sigs</a></li>
</ul>
</ul>
<p>SPHINCS Related (Stateless):</p>
<ul>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://sphincs.org/" target="_blank">https://sphincs.org/</a><br>
<br>
</li>
<li>Implementations:<br>
</li>
<ul>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://sphincs.org/data/sphincs+-reference-implementation-20180313.tar.bz2" target="_blank">https://sphincs.org/data/<wbr>sphincs+-reference-<wbr>implementation-20180313.tar.<wbr>bz2</a></li>
</ul>
</ul>
<p>Other Relevant Links:</p>
<ul>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/" target="_blank">https://datatracker.ietf.org/<wbr>doc/draft-truskovsky-lamps-pq-<wbr>hybrid-x509/</a></li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="https://csrc.nist.gov/Projects/Post-Quantum-Cryptography" target="_blank">https://csrc.nist.gov/<wbr>Projects/Post-Quantum-<wbr>Cryptography</a></li>
<li><a class="m_7193129823416661293moz-txt-link-freetext" href="http://test-pqpki.com/" target="_blank">http://test-pqpki.com/</a></li>
</ul>
<p>I guess this is all for now - you can reply privately at the
following addresses:</p>
<p> <a class="m_7193129823416661293moz-txt-link-abbreviated" href="mailto:director@openca.org" target="_blank">director@openca.org</a><br>
<a class="m_7193129823416661293moz-txt-link-abbreviated" href="mailto:m.pala@cablelabs.com" target="_blank">m.pala@cablelabs.com</a></p>
<p>Thanks,<br>
Max<span class="HOEnZb"><font color="#888888"><br>
</font></span></p><span class="HOEnZb"><font color="#888888">
<div class="m_7193129823416661293moz-signature">-- <br>
<div style="color:black;margin-top:10px">
Best Regards,
<div style="margin-top:5px;margin-left:0px">
Massimiliano Pala, Ph.D.<br>
OpenCA Labs Director<br>
</div>
<img src="cid:part1.514D95D5.AD82F123@openca.org" style="vertical-align:0px;margin-top:10px;margin-left:0px" alt="OpenCA Logo"><br>
</div>
</div>
</font></span></div>
<br>______________________________<wbr>_________________<br>
Cfrg mailing list<br>
<a href="mailto:Cfrg@irtf.org">Cfrg@irtf.org</a><br>
<a href="https://www.irtf.org/mailman/listinfo/cfrg" rel="noreferrer" target="_blank">https://www.irtf.org/mailman/<wbr>listinfo/cfrg</a><br>
<br></div><br></div></div>