[RZERC] Potential SSAC Comments on NIST Choice of Post Quantum Crypto Algorithms

Wed Nov 27 21:00:55 UTC 2019

Duane, Peter  & other RZERC members,

Due to the very short time until comments are due to NIST, I am attaching a near final draft of the comment that SSAC is planning to submit to NIST so RZERC members can see the current draft (please keep the pdf within RZERC since it is still draft).

Duane is very much on target with pointing to John Levine’s Tech Day presentation and that the focus of the comment is the key sizes of selected PQC algorithms.

I do not know if there is sufficient time to determine whether or not RZERC would like to be part of the SSAC comment but I did want to offer that opportunity to the RZERC (which I have also offered to RSSAC).  Since NIST has set the comment due date (6 Dec), I would need let the SSAC know by 4 Dec if RZERC would like to be part of the comment that SSAC will submit - I am sorry about the short time for a response.

Russ

> On Nov 25, 2019, at 7:56 PM, Wessels, Duane <dwessels at verisign.com> wrote:
> 
>> On Nov 25, 2019, at 2:31 PM, Peter Koch <pk at DENIC.DE> wrote:
>> 
>> Russ, all,
>> 
>> thanks for the heads up and sharing.
>> 
>> On Sun, Nov 24, 2019 at 01:59:05AM +0800, Russ Mundy wrote:
>> 
>>> I think that I mentioned at our last meeting that SSAC was probably going to submit a comment to NIST related to their ongoing post quantum crypto algorithm selection activity. I recently learned that comments are due by Dec 6 so I wanted to ask on the mail list if RZERC had interest in ‘joining’ in on the SSAC comment - If there is interest from RZERC, I’ll be happy to coordinate & provide more detail.
>> 
>> I could imagine a number of spots in the root zone maintenance/provisioning scheme where
>> longevity, PQC and algorithm agility could become relevant, but looking at
>> <https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline>
>> without having followed that process anywhere near close, I wonder what RZERC could add
>> to an SSAC statement. So, I'd be curious to learn what SSAC's areas of concern are.
> 
> 
> Peter,
> 
> I don't know if you had a chance to see John Levine's TechDay presentation (https://static.ptbl.co/static/attachments/232986/1572893313.pdf?1572893313) which has a table showing key and signature sizes for the PQC algorithms under consideration.  Most of them have either (very) large keys or (very) large signatures, or both.  I'm guessing that's where SSAC's concerns are.
> 
> Personally, my feeling is that developing comments to the NIST selection falls out-of-scope for RZERC, and I would generally trust SSAC to come up with something good.  That said, if SSAC believes there is a benefit to having RZERC join with them in their comment, and of course if RZERC has full consensus on the comment, then I would support doing so.  But the schedule is very tight.
> 
> DW
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SSAC_ SSAC Comment to NIST on Quantum Cryptography Algorithms.pdf
Type: application/pdf
Size: 112007 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rzerc/attachments/20191127/41091a68/SSAC_SSACCommenttoNISTonQuantumCryptographyAlgorithms-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/rzerc/attachments/20191127/41091a68/signature-0001.asc>