The IESG has approved the following document: - 'Hash-based Signatures: State and Backup Management' (draft-ietf-pquip-hbs-state-04.txt) as Informational RFC
This document is the product of the Post-Quantum Use In Protocols Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-pquip-hbs-state/ Technical Summary Stateful Hash-Based Signature Schemes (Stateful HBS) such as LMS, HSS, XMSS and XMSS^MT combine Merkle trees with One-Time Signatures (OTS) to provide signatures that are resistant against attacks using large-scale quantum computers. Unlike conventional stateless digital signature schemes, Stateful HBS have a state to keep track of which OTS keys have been used, as double-signing with the same OTS key allows forgeries. This document provides guidance and catalogs security considerations for the operational and technical aspects of deploying systems that rely on Stateful HBS. Management of the state of the Stateful HBS, including any handling of redundant key material, is a sensitive topic. This document describes some approaches to handle the associated challenges. It also describes the challenges that need to be resolved before certain approaches should be considered. Working Group Summary A small but knowledgeable group of people responded and reached consensus without noteworthy issues. While the IETF LC did not yield more responses, there was a SECDIR review that did match what the responsible AD himself also noted - the language in the document almost reads as a manual on why not to deploy this type of cryptography. Document Quality Stateful Hash-Based Signature Schemes (Stateful HBS) are discussed in other WGs (particularly LAMPS), and some external organizations. Members of those groups are also members of the PQUIP WG and have reviewed the document. Personnel The Document Shepherd for this document is Paul E. Hoffman. The Responsible Area Director is Paul Wouters. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
