Minutes of December 5th Meeting

[johngray-dev]

Since we discussed using these discussions, I thought I would post the notes from our Last meeting here:

Agenda:

1. Welcome
2. Summary of current status of interop testing
3. Discussion of any issues discovered
4. Expand to other artifact types or protocols?
5. Anything else?

In Attendance - Corey Bonnell, Michael Baentsch, Max Pala, Felipe Ventura, Carl Wallace, Markku-Juhani O.Saarinen, Kris Kwiatkowski, David Hook, Alexander Railien, Mike Ounsworth

• Did a round table update from each member, here are some highlights:

John

• Working on defining the explicit composite OIDs with Mike for the draft.
• Once completed will updated the OID list for explicit composite and add samples into a new artifact.zip
• Will look into the issue Corey mentioned last week about Null algorithm parameters

Corey - Coded Generic and Explicit composite

• uploaded to Carl, verified fine. Verified explicit composite. Very extensive interoperability with Carl (Redhound) implementation.
• Updated the Makefiles for repository to run the generate and verify functions

Michael - Compatibility - Some questions about implementations:

• Kris is the PQShield implementation - What is digicert python in row line
• Corey will improve the "Corey snakefoot" implementation name
• OQS there is a column is missisng for the provider. Two separate implementations
• LibPKI is Max Pala
• Action: John We should add Issues for CMP and CMS, Github has discussion might be more appropriate
• Action: John see if discussion activate (these minutes prove they are working!)

Max - Very behind on implementation - send an email to some implementation before doing the verify

• Need to update the aliases for OID
• Finish verifying the composite
• then will add the artifacts
• Conflicts in the columns of the compatibility matrix, this will be sorted out by Max.
• We should make progress on the automated testing

David Hook - Will work on the gen.sh and check.sh scripts for bouncy castle, once updates for composite are out, will add those.

• Will update the compatibility matrix
• David mentioned they had done Kyber based CMP messages in Bouncy Castle

Alexander Railean

• Provide some end user feedback on making use of the artifacts
• Want to see some other data formats (like CMP).

Markuu

• The PQC conference falcon is under going quite a bit a change
• Other parameters are no likely not changing
• Everything is changing in Falcon, PQ Clean did a bad thing. Falcon team will try to make a better spec. IETF will have an OID placeholder
• We should de-emphasize work on Falcon because we know it will change
• Dilithium changes minor, should not break existing implementation. Will do a 12 round keccak , keysizes are the same, will remove the AES version
• SPHINCS+ - NIST is not interested in robust implementation -
• Action: We should focus on CSNA algorithms now- XMSS, LMS - Dilithium 5
• See: https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF
• LMS SHA2-192 is the preferred one, that is what NSS people want

Max:

• Any idea for McEliece? - This is the type of algorithm that is very secure, firmware for public keys
• BSI started using McEliece and FrodoKEM for Germany
• No issues with BSI onces or BC ones yet. - BC has NIST round 3 version

Carl Wallace:

• Rust crypto folks, have been radically changing the formats library - changes every field and structure
• Ones stuff stops moving will update artifacts. Don't know how big a task this will be.

Kris:

• Falcon implementation - Marku said it will be changed a lot. Current implementation is broken, size of signatures bigger than spec says
• reference implementation is not good
• Will change to fix size signatures - Variable size signatures are more of a problem

Felipe:

• Nothing to report

Other discussion:

• McEliece - David would be happy to test interop with others for McEliece
• When Hackathon gets to CMS, then it makes sense to look at KEMs
• DH Certificates are same problem as Kyber certificates

Issues:

1. Can I ask what make environment/prerequisites the Makefile expects? It does not work at all under Alpine (bash 5.1, make 4.3).

• Agreement to create automated test environment based on standard ubuntu 20 tooling.

2. Verify scripts failing in consequence (mistakenly trying to generate (again) PEM files)

• This should be solved with latest version of entrust artifact.zip

3. OID based versioning - Suggested version format for OIDs

• Action: John to write up proposed set of OIDs using versioning, bring them to next meeting.

Next meeting is Monday January 9th at 12:00 UTC in gather as usual

[carl-wallace]

Re: my comment, the artifacts do not need updating. Those have all been successfully tested by Corey (and I think portions were tested by others during the hackathon). Once the formats library settles, I will align my verifier and generator and make the tools/code available. Not sure when that will occur. This is a change from what I said during the hackathon, when I indicated I would release tools before the first monthly meeting. From: John Gray ***@***.***> Reply-To: IETF-Hackathon/pqc-certificates ***@***.***> Date: Tuesday, December 6, 2022 at 8:37 AM To: IETF-Hackathon/pqc-certificates ***@***.***> Cc: Subscribed ***@***.***> Subject: [IETF-Hackathon/pqc-certificates] Minutes of December 5th Meeting (Discussion #20) Since we discussed using these discussions, I thought I would post the notes from our Last meeting here: Agenda: Welcome Summary of current status of interop testing Discussion of any issues discovered Expand to other artifact types or protocols? Anything else? In Attendance - Corey Bonnell, Michael Baentsch, Max Pala, Felipe Ventura, Carl Wallace, Markku-Juhani O.Saarinen, Kris Kwiatkowski, David Hook, Alexander Railien, Mike Ounsworth Did a round table update from each member, here are some highlights: John Working on defining the explicit composite OIDs with Mike for the draft. Once completed will updated the OID list for explicit composite and add samples into a new artifact.zip Will look into the issue Corey mentioned last week about Null algorithm parameters Corey - Coded Generic and Explicit composite uploaded to Carl, verified fine. Verified explicit composite. Very extensive interoperability with Carl (Redhound) implementation. Updated the Makefiles for repository to run the generate and verify functions Michael - Compatibility - Some questions about implementations: Kris is the PQShield implementation - What is digicert python in row line Corey will improve the "Corey snakefoot" implementation name OQS there is a column is missisng for the provider. Two separate implementations LibPKI is Max Pala Action: John We should add Issues for CMP and CMS, Github has discussion might be more appropriate Action: John see if discussion activate (these minutes prove they are working!) Max - Very behind on implementation - send an email to some implementation before doing the verify Need to update the aliases for OID Finish verifying the composite then will add the artifacts Conflicts in the columns of the compatibility matrix, this will be sorted out by Max. We should make progress on the automated testing David Hook - Will work on the gen.sh and check.sh scripts for bouncy castle, once updates for composite are out, will add those. Will update the compatibility matrix David mentioned they had done Kyber based CMP messages in Bouncy Castle Alexander Railean Provide some end user feedback on making use of the artifacts Want to see some other data formats (like CMP). Markuu The PQC conference falcon is under going quite a bit a change Other parameters are no likely not changing Everything is changing in Falcon, PQ Clean did a bad thing. Falcon team will try to make a better spec. IETF will have an OID placeholder We should de-emphasize work on Falcon because we know it will change Dilithium changes minor, should not break existing implementation. Will do a 12 round keccak , keysizes are the same, will remove the AES version SPHINCS+ - NIST is not interested in robust implementation - Action: We should focus on CSNA algorithms now- XMSS, LMS - Dilithium 5 See: https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF LMS SHA2-192 is the preferred one, that is what NSS people want Max: Any idea for McEliece? - This is the type of algorithm that is very secure, firmware for public keys BSI started using McEliece and FrodoKEM for Germany No issues with BSI onces or BC ones yet. - BC has NIST round 3 version Carl Wallace: Rust crypto folks, have been radically changing the formats library - changes every field and structure Ones stuff stops moving will update artifacts. Don't know how big a task this will be. Kris: Falcon implementation - Marku said it will be changed a lot. Current implementation is broken, size of signatures bigger than spec says reference implementation is not good Will change to fix size signatures - Variable size signatures are more of a problem Felipe: Nothing to report Other discussion: McEliece - David would be happy to test interop with others for McEliece When Hackathon gets to CMS, then it makes sense to look at KEMs DH Certificates are same problem as Kyber certificates Issues: Can I ask what make environment/prerequisites the Makefile expects? It does not work at all under Alpine (bash 5.1, make 4.3). Agreement to create automated test environment based on standard ubuntu 20 tooling. Verify scripts failing in consequence (mistakenly trying to generate (again) PEM files) This should be solved with latest version of entrust artifact.zip OID based versioning - Suggested version format for OIDs Action: John to write up proposed set of OIDs using versioning, bring them to next meeting. Next meeting is Monday January 9th at 12:00 UTC in gather as usual — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>