Re: [IPsec] [lamps] New Liaison Statement, "LS on ITU-T SG17 work on quantum-safe PKI"

Tue, 03 Oct 2017 14:35:48 -0700 

Thank you for your comment.

We want to ensure the existing systems can use these newer certificates as if 
nothing changed.  That’s the key requirement.  If the Signature field is 
modified, the systems that have not been updated will not be able to use 
classic algorithms as they do today.  Placing signatures in the non-critical 
extensions leaves the Signature field untouched.

Alex

On 2017-10-03, 4:48 PM, "Santosh Chokhani" <santosh.chokh...@gmail.com> wrote:

    Multiple public keys as well as signatures can be accommodated using the 
respective algorithm OIDs in Signature and SPKI fields.
    
    Have you considered that in place of using an extension.
    
    -----Original Message-----
    From: Alexander Truskovsky [mailto:alexander.truskov...@isara.com] 
    Sent: Tuesday, October 3, 2017 4:38 PM
    To: santosh.chokh...@gmail.com; david.walterm...@nist.gov; kivi...@iki.fi; 
hous...@vigilsec.com
    Cc: sp...@ietf.org; e...@rtfm.com; hous...@vigilsec.com; 
scott.mansfi...@ericsson.com; ipsec@ietf.org; kathleen.moriarty.i...@gmail.com; 
itu-t-liai...@iab.org; jean-paul.lema...@univ-paris-diderot.fr
    Subject: Re: [IPsec] [lamps] New Liaison Statement, "LS on ITU-T SG17 work 
on quantum-safe PKI"
    
    This allows X.509 certificates to contain two (or more) public keys and 
issuer signatures.  The goal would be to ease the migration of PKI and 
dependent protocols to new digital signature algorithms.  The motivation was to 
make the X.509 more cryptographically agile and simplify the migration to 
quantum-safe algorithms, but it is algorithm agnostic.  The main benefit of 
this proposal is that current systems will be able to use these newer X.509 
certificates as they do today without any modifications, while systems that 
were updated to support quantum-safe algorithms can also be updated to 
understand the newer X.509 format and use quantum-safe algorithm instead.
    
    We are working on a draft that mirrors the ITU-T’s work with a few partners 
and will publish it for review soon.
    
    Alex
        
        
        On 2017-10-02, 9:58 PM, "IPsec on behalf of Santosh Chokhani" 
<ipsec-boun...@ietf.org on behalf of santosh.chokh...@gmail.com> wrote:
        
            I am not sure I understand what is being said below.  The link to 
the PDF
            does not add to the message body.
            
            If there is a concern about what signature algorithm is used for 
what type
            of subject key, X.509 already has that flexibility.
            
            If there is a concern about using multiple signatures on an X.509
            certificate, one can use the single signature algorithm identifier 
to define
            multiple algorithms, parameters, and signatures.
            
            -----Original Message-----
            From: Spasm [mailto:spasm-boun...@ietf.org] On Behalf Of Liaison 
Statement
            Management Tool
            Sent: Wednesday, September 13, 2017 11:25 AM
            To: David Waltermire <david.walterm...@nist.gov>; Tero Kivinen
            <kivi...@iki.fi>; Russ Housley <hous...@vigilsec.com>
            Cc: Limited Additional Mechanisms for PKIX and SMIME Discussion List
            <sp...@ietf.org>; Eric Rescorla <e...@rtfm.com>; Russ Housley
            <hous...@vigilsec.com>; Tero Kivinen <kivi...@iki.fi>; Scott 
Mansfield
            <scott.mansfi...@ericsson.com>; IP Security Maintenance and 
Extensions
            Discussion List <ipsec@ietf.org>; Kathleen Moriarty
            <kathleen.moriarty.i...@gmail.com>; David Waltermire
            <david.walterm...@nist.gov>; itu-t-liai...@iab.org;
            jean-paul.lema...@univ-paris-diderot.fr
            Subject: [lamps] New Liaison Statement, "LS on ITU-T SG17 work on
            quantum-safe PKI"
            
            Title: LS on ITU-T SG17 work on quantum-safe PKI Submission Date: 
2017-09-13
            URL of the IETF Web page: https://datatracker.ietf.org/liaison/1541/
            
            From: Jean-Paul Lemaire <jean-paul.lema...@univ-paris-diderot.fr>
            To: David Waltermire <david.walterm...@nist.gov>,Tero Kivinen
            <kivi...@iki.fi>,Russ Housley <hous...@vigilsec.com>
            Cc: David Waltermire <david.walterm...@nist.gov>,IP Security 
Maintenance and
            Extensions Discussion List 
<ipsec@ietf.org>,itu-t-liai...@iab.org,Limited
            Additional Mechanisms for PKIX and SMIME Discussion List
            <sp...@ietf.org>,Russ Housley <hous...@vigilsec.com>,Scott Mansfield
            <scott.mansfi...@ericsson.com>,Kathleen Moriarty
            <kathleen.moriarty.i...@gmail.com>,Tero Kivinen 
<kivi...@iki.fi>,Eric
            Rescorla <e...@rtfm.com> Response Contacts:
            jean-paul.lema...@univ-paris-diderot.fr
            Technical Contacts: 
            Purpose: For information
            
            Body: ITU-T Study Group 17 is pleased to inform you that in our
            August/September 2017 meeting we agreed to start work on the 
inclusion of a
            proposal to include optional support for multiple public-key 
algorithms in
            Recommendation ITU-T X509 | ISO/IEC 9594-8.
            
            The industry is preparing ICT systems to be resistant to attacks by
            large-scale quantum computers in addition to more sophisticated 
attacks by
            conventional computing resources. Proposed was an optional feature 
to the
            X.509 certificate that provides a seamless migration capability to 
existing
            PKI systems, and is completely backwardly compatible with existing 
systems.
            
            While public-key key establishment algorithms are typically 
negotiated
            between peers and are generally fairly simple to update, the 
authentication
            systems typically rely on a single digital signature algorithm 
which are
            more difficult to update. This is because of the circular 
dependency between
            PKI-based identity systems and the dependent communication 
protocols. In
            order to update a PKI system, one would typically need to create a 
duplicate
            PKI system that utilizes a new digital signature algorithm and then 
migrate
            all the dependent systems one by one.
            
            This proposal eliminates the need to create such duplicate PKI 
systems by
            adding optional extensions to contain alternate public key and 
alternate
            signature, and a method for the CA to sign certificates using a 
layered
            approach to ensure that every attribute is authenticated by both 
signatures.
            The resulting certificate, while containing new quantum safe public 
key and
            signature, can still be used by existing systems relying on the 
classic
            public key and signature.
            Attachments:
            
                sp16-sg17-oLS-00068
             
            
https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-13-itu-t-sg-17
            
-ipsecme-lamps-ls-on-itu-t-sg17-work-on-quantum-safe-pki-attachment-1.pdf
            
            _______________________________________________
            Spasm mailing list
            sp...@ietf.org
            https://www.ietf.org/mailman/listinfo/spasm
            
            _______________________________________________
            IPsec mailing list
            IPsec@ietf.org
            https://www.ietf.org/mailman/listinfo/ipsec
            
        
        
    
    
    

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to