- From: Mike Prorock <mprorock@mesur.io>
- Date: Wed, 6 Jul 2022 09:55:47 -0400
- To: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAGJKSNS5uAJ0FkGtpkEdbEFjkZS2VKJ4YcH3EjEg_SGiC+ehFA@mail.gmail.com>
All, Please do be tracking the upcoming changes around crypto primitives, especially signature methods. See the recent NIST announcement for more details, but effectively, be planning on future support for CRYSTALS-KYBER, and on the signature side of things CRYSTALS-Dilithium, FALCON, and SPHINCS+ NIST Announcement here: https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 And a pretty good game plan from CISA with some timing implications here: https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum The TLDR is to assume that we need hard answers as a community, and at the standards level, on crypto agility by 2024, as well as support for the key algorithms as listed above. I would also think that any new specs being drafted should reference these coming changes and start to work them in. I would also be proactive on adding in references as appropriate to specs you might be an editor or author for (or just a contributor). A draft spec that relates to the signature side of things (esp for JOSE / COSE) use is here (shameless plug - but do note there will be some not insignificant changes going into and out of IETF 114): https://datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/ And one that relates to underlying key storage and representation is here: https://datatracker.ietf.org/doc/draft-uni-qsckeys/ The above specs are likely a good starting place if you need to reference key representations and have links out to the cryptography approaches themselves. If the community is interested, I am happy to talk to some of the impacts on a main meeting, and / or bring in some of the folks that really know this stuff well to talk to the community about what is different and why. Lattices are a bit different than the cryptography that you are likely used to, and it is work understanding how this stuff will get deployed in practice, as well as to open some discussion around pros / cons of HSMs, potential FIPS implications, etc. Mike Prorock CTO, Founder https://mesur.io/
Received on Wednesday, 6 July 2022 13:56:12 UTC