- From: Harrison <harrison@spokeo.com>
- Date: Wed, 6 Jul 2022 15:22:47 -0700
- To: "John, Anil" <anil.john@hq.dhs.gov>
- Cc: Mike Prorock <mprorock@mesur.io>, W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAFYh=43uNJhOHSvLok0KUXnYNh-GMoWeK-CO=uFER03+w4=xeQ@mail.gmail.com>
+1. Love to learn more about these topics. Sincerely, Harrison On Wed, Jul 6, 2022 at 10:49 AM John, Anil <anil.john@hq.dhs.gov> wrote: > +1 > > > > Incorporating cryptographic flexibility into any future work / > work-in-flight looks to be really important. > > > > Best Regards, > > > > Anil > > > > Anil John > > Technical Director, Silicon Valley Innovation Program > > Science and Technology Directorate > > US Department of Homeland Security > > Washington, DC, USA > > > > Email Response Time – 24 Hours > > > > [image: A picture containing graphical user interface Description > automatically generated] <https://www.dhs.gov/science-and-technology>[image: > /Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395] > > > > > > > > *From:* Mike Prorock <mprorock@mesur.io> > *Sent:* Wednesday, July 6, 2022 9:56 AM > *To:* W3C Credentials CG <public-credentials@w3.org> > *Subject:* Post Quantum and Related > > > > *CAUTION: *This email originated from outside of DHS. DO NOT click links > or open attachments unless you recognize and/or trust the sender. Contact > your component SOC with questions or concerns. > > > > All, > > Please do be tracking the upcoming changes around crypto primitives, > especially signature methods. See the recent NIST announcement for more > details, but effectively, be planning on future support for CRYSTALS-KYBER, > and on the signature side of things CRYSTALS-Dilithium, FALCON, and SPHINCS+ > > > > NIST Announcement here: > > > https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 > <https://urldefense.us/v3/__https:/csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4__;!!BClRuOV5cvtbuNI!R9FfRGivhJPvtFVUmUDTBLcBSdEKeF4lVbAnjyi--w3CWzsRZ1dRghjhR8FzC7W3brxq$> > > > > And a pretty good game plan from CISA with some timing implications here: > > > https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum > > > > The TLDR is to assume that we need hard answers as a community, and at the > standards level, on crypto agility by 2024, as well as support for the key > algorithms as listed above. > > > > I would also think that any new specs being drafted should reference these > coming changes and start to work them in. I would also be proactive on > adding in references as appropriate to specs you might be an editor or > author for (or just a contributor). > > > > A draft spec that relates to the signature side of things (esp for JOSE / > COSE) use is here (shameless plug - but do note there will be some not > insignificant changes going into and out of IETF 114): > > > https://datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/ > <https://urldefense.us/v3/__https:/datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/__;!!BClRuOV5cvtbuNI!R9FfRGivhJPvtFVUmUDTBLcBSdEKeF4lVbAnjyi--w3CWzsRZ1dRghjhR8FzC9Y0NW_e$> > > > > And one that relates to underlying key storage and representation is here: > > https://datatracker.ietf.org/doc/draft-uni-qsckeys/ > <https://urldefense.us/v3/__https:/datatracker.ietf.org/doc/draft-uni-qsckeys/__;!!BClRuOV5cvtbuNI!R9FfRGivhJPvtFVUmUDTBLcBSdEKeF4lVbAnjyi--w3CWzsRZ1dRghjhR8FzCxChwnna$> > > > > The above specs are likely a good starting place if you need to reference > key representations and have links out to the cryptography approaches > themselves. > > > > If the community is interested, I am happy to talk to some of the impacts > on a main meeting, and / or bring in some of the folks that really know > this stuff well to talk to the community about what is different and why. > Lattices are a bit different than the cryptography that you are likely used > to, and it is work understanding how this stuff will get deployed in > practice, as well as to open some discussion around pros / cons of HSMs, > potential FIPS implications, etc. > > > > > Mike Prorock > > CTO, Founder > > https://mesur.io/ > <https://urldefense.us/v3/__https:/mesur.io/__;!!BClRuOV5cvtbuNI!R9FfRGivhJPvtFVUmUDTBLcBSdEKeF4lVbAnjyi--w3CWzsRZ1dRghjhR8FzC1MRrsys$> > > >
Attachments
- image/jpeg attachment: image005.jpg
- image/jpeg attachment: image006.jpg
Received on Wednesday, 6 July 2022 22:48:43 UTC