[Anima] Re: IANA and GenART review comments to voucher (RFC8366bis)

[Michael Richardson]

Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
    > On 25-Jun-26 05:36, Michael Richardson wrote:

    > ...
    >> When EcDSA is supported, curves secp256r1 and secp384r1 SHOULD be
    >> supported.
    >> When EdDSA is supported, curves Ed25519 and Ed448 SHOULD be supported.
    >> When RSA is supported, sizes of at least 2048 bits SHOULD be supported, 
with support for sizes up to 4096 bits as RECOMMENDED.

    > SHOULD and RECOMMENDED mean exactly the same thing per RFC2119, so surely 
you mean simply:

Yes, I was trying to vary my words.... :-)

    > When RSA is supported, sizes up to 4096 bits SHOULD be supported.

Well, I'm okay if sizes <2048 are excluded, actually.

    >> Of the above, EcDSA SHOULD be supported by all implementations, until 
some quantum-safe variant is standardized.
    >> ----
    >> I don't know whether my "until..." will fly...

    > The problem in that sentence is "SHOULD". Are you trying to make EcDSA
    > the MTI? If so it has to be "MUST... until...".

SHOULD with condition == MUST if condition, right?

    > However, I do question whether the "until" clause is useful. If a valid
    > PQ mechansim is standardized at some point in the future, implementers
    > of 8366bis won't spontaneously know about it, and if two such
    > mechanisms are standardized, they won't spontaneously know which one is
    > the new MTI. Also, maybe they need to drop all the old mechanisms in
    > favour of PQ mechanisms. So in reality a new RFC would be needed to
    > update 8366bis. I don't think "until" can do that much work.

Yes.
I think that it should be okay not to do EcDSA if one is doing some
quantum-safe mechanism.  I accept what you say, that it won't be spontaneous.
Registrars *ought* to catch up first.
Maybe manufacturers will have quantum-vulnerable and quantum-safe SKUs?

    > "Post-quantum security considerations are not addressed in this memo." ?
    > (Not entirely joking.)

Yes, we can't suggest things until we have something to suggest....

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
]       My working hours and your working hours may be different.            [
]  Please do not feel obligated to reply outside your normal working hours   [

signature.asc
Description: PGP signature

_______________________________________________
Anima mailing list -- anima@ietf.org
To unsubscribe send an email to anima-le...@ietf.org