[cabfpub] Quantum Computing is now a concern.

Myers, Kenneth (10421) kenneth.myers at protiviti.com
Fri Jul 15 01:54:51 UTC 2016


NIST and NSA have also released information on PQC.

http://www.nist.gov/itl/csd/nist-kicks-off-effort-to-defend-encrypted-data-from-quantum-computer-threat.cfm

https://www.iad.gov/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/cnsa-suite-and-quantum-computing-faq.cfm


Kenneth Myers
Supporting US GSA Federal PKI Management Authority
Protiviti | Government Solutions | Manager
DC             | +1 571-469-9038 | Kenneth.Myers at GSA.gov<mailto:Kenneth.Myers at GSA.gov>
Alexandria  | +1 571-366-6120 | Kenneth.Myers at Protiviti.com<mailto:Kenneth.Myers at Protiviti.com>
Connect: LinkedIn<https://www.linkedin.com/in/kennethmy> | Thought Leadership: Protiviti.com<http://www.protiviti.it/en-US/Pages/Insights.aspx>

From: Barreira Iglesias, Iñigo [mailto:i-barreira at izenpe.eus]
Sent: Thursday, July 14, 2016 05:37
To: philliph at comodo.com; Peter Bowen <pzb at amzn.com>
Cc: CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Quantum Computing is now a concern.

Quantum cryptography is being discussed under ETSI for some time. There´s going to be another summit soon http://www.etsi.org/news-events/events/1072-ws-on-quantumsafe-2016<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.etsi.org_news-2Devents_events_1072-2Dws-2Don-2Dquantumsafe-2D2016&d=CwMFAw&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=-HxUg6Rd32J1XfJR5ifj2p5dJc8g_ZOLjbTNkP_wsE0&s=G5PytwWRzJuJxA0DAE6bkI7-3MIDZfKDFfRkkkoY7dI&e=>

And here´s more info: http://www.etsi.org/technologies-clusters/technologies/quantum-safe-cryptography<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.etsi.org_technologies-2Dclusters_technologies_quantum-2Dsafe-2Dcryptography&d=CwMFAw&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=-HxUg6Rd32J1XfJR5ifj2p5dJc8g_ZOLjbTNkP_wsE0&s=wi-Tl5dh2PbKiMLgigQF2jRlYW9OzZSHf2InJTcRQsE&e=>



Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.eus<mailto:i-barreira at izenpe.eus>
945067705

[Descripción: firma_email_Izenpe_eus]

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

De: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] En nombre de philliph at comodo.com<mailto:philliph at comodo.com>
Enviado el: miércoles, 13 de julio de 2016 16:05
Para: Peter Bowen
CC: CABFPub
Asunto: Re: [cabfpub] Quantum Computing is now a concern.

Well obviously we can't move forward without an agreed upon standard. Which is why this isn't just an issue for the browser providers.

The forum is really not the issue, wherever we decide to discuss it will be the forum. The advantage of using IRFT/IETF for this particular discussion is that most of us already know how it works. It is also fairly easy to call an interim or preparatory meeting under IETF Note Well and keep the IPR situation straight.

There is already a proposal for a Lamport signature specification in IRTF. And there is a specification for use of Merkle Tree algs in CMS.

https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dmcgrew-2Dhash-2Dsigs_&d=CwMFAw&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=-HxUg6Rd32J1XfJR5ifj2p5dJc8g_ZOLjbTNkP_wsE0&s=kX4HvKLT_4QzjfMmfZgCjIw1FOB8Son1LS2mfzwUCbw&e=>
https://tools.ietf.org/html/draft-housley-cms-mts-hash-sig-03<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dhousley-2Dcms-2Dmts-2Dhash-2Dsig-2D03&d=CwMFAw&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=-HxUg6Rd32J1XfJR5ifj2p5dJc8g_ZOLjbTNkP_wsE0&s=o7ics3iq5VXUi4w7ldYb3qxqrMYFuAJQbBElqh0k0rU&e=>

Now these may or may not meet our needs. It is not even clear what our needs are at this point.

Peter's list looks like the sort of thing that the IETF Security ADs are going to find very useful in deciding whether this is work IETF or IRTF should spend time on. And while they do not make decisions on what IRTF works on, the decision to move work from IRTF to IETF is their call.



On Jul 12, 2016, at 8:55 PM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:


On Jul 12, 2016, at 4:51 PM, Robert Relyea <rrelyea at redhat.com<mailto:rrelyea at redhat.com>> wrote:

On 07/12/2016 09:30 AM, Adam Langley wrote:



I agree that we do not have a great post-quantum, public-key signature scheme available yet and that hash-based signatures are a good idea in some contexts.

Did you envision that software would start supporting these signatures immediately? If so, then any certificate chains that take advantage of that would have to be hash-based from top to bottom because that's the only PQ primitive that would be supported. You've also specified a stateful signature scheme were doing things like moving a CA key from one HSM to another, or installing a leaf certificate on multiple servers, compromises the private key. (And that's assuming that there exist any HSMs that support hash-based signatures, which I don't think is the case.)

I share Adam's concern here. We need to have standards defined and accepted and software needs to support these signatures before we start deploying them.

While I agree that it is very much time to be looking at Quantum-resistent algorithms, I share Bob's concerns and think that this highlights an opportunity for the Forum.  We do not have clear guidance for people who want to propose new algorithms to be included in the guidelines.  I think we should agree on some basic requirements that any algorithm should meet in order to be considered by the Forum.  Meeting these requirements does not guarantee acceptance, but any algorithm which does not meet these should not be considered until they are met.

I propose:

1) The public key information requirements must be defined in a published RFC.  This includes the format (e.g. ASN.1 for the Subject Public Key Info), Object Identifier(s), and any parameter validation requirements.

2) Guidance must exist on acceptable parameters.  For example, it might be valid to have a parameter that is 8 bits in size, but maybe current cryptographic strength recommendations call for 160 bits or more.

3) If the algorithm is proposed to use for signing certificate:
a) Requirements for private key storage are published.  This includes certification schemes for the storage systems.
b) The signature scheme for signing PKIX/X.509 objects is published in a RFC, including the applicable signatureAlgorithm object identifiers

4) At least one application supplied by Application Software Supplier (Browser) member of the Forum must implement the algorithm.

Thanks,
Peter
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public<https://urldefense.proofpoint.com/v2/url?u=https-3A__cabforum.org_mailman_listinfo_public&d=CwMFAw&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=-HxUg6Rd32J1XfJR5ifj2p5dJc8g_ZOLjbTNkP_wsE0&s=EFHypcFu0UtPNfl_G0pm0hZ4INrSonKJiRz6KXW9UEw&e=>

NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160715/54a526d0/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 9540 bytes
Desc: image001.jpg
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160715/54a526d0/attachment-0003.jpg>


More information about the Public mailing list