From nobody Wed Sep 11 14:11:29 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBED1202DD for ; Wed, 11 Sep 2019 14:11:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AP_WmqteFIxx for ; Wed, 11 Sep 2019 14:11:25 -0700 (PDT) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA797120289 for ; Wed, 11 Sep 2019 14:11:24 -0700 (PDT) IronPort-SDR: 5hbpcxWcjHWP+nx53qhhqXqjcA1hOQk/cJSvrDhBayocDui/oWhXUY8H+02PXmCd32iNXRtBcH RTWb2d4AtY9g== X-IronPort-AV: E=Sophos;i="5.64,494,1559538000"; d="scan'208";a="56788060" Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 11 Sep 2019 16:11:23 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 11 Sep 2019 16:11:23 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Wed, 11 Sep 2019 16:11:23 -0500 From: Mike Ounsworth To: "secdispatch@ietf.org" Thread-Topic: Problem statement for post-quantum multi-algorithm PKI Thread-Index: AdVo5XY9fEgsAHwkSEunmRFqOiv5LA== Date: Wed, 11 Sep 2019 21:11:23 +0000 Message-ID: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Sep 2019 21:11:27 -0000 Hi SecDispatch, This got bounced here from LAMPS because the scope is potentially more than= a "limited" pkix change, and because this needs multi-WG visibility to dec= ide on a category of solution. Background / history -------------------- The Post-Quantum community (for example, surrounding the NIST PQC competiti= on), is pushing for "hybridized" crypto that combines RSA/ECC with new prim= itives in order to hedge our bets against both quantum adversaries, and als= o algorithmic / mathematical breaks of the new primitives. A year and a half ago, a draft was put to LAMPS for putting PQ public key a= nd signatures into X.509v3 extensions. This draft has been allowed to expir= e, but is being pursued at the ITU. https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ Earlier this year, a new draft was put to LAMPS for defining "composite" pu= blic key and signature algorithms that, essentially, concatenate multiple c= rypto algorithms into a single key or signature octet string. This draft st= alled in LAMPS over whether it is the correct overall approach. https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ Now I'm taking a step back and submitting a draft that acts as a semi-forma= l problem statement, and an overview of the three main categories of soluti= ons. https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ My Opinion ---------- Personally, I'm fairly agnostic to the chosen solution, but feel that we ne= ed some kind of standard(s) around the post-quantum transition for certific= ates and PKI. Personally, I feel that Composite is mature enough as an idea= to standardize as a tool in our toolbox for contexts where it makes sense,= even if a different mechanism is preferred for TLS and IPSEC/IKE. Requested action from SECDISPATCH --------------------------------- 1. Feedback on the problem statement draft. https://datatracker.ietf.org/do= c/draft-pq-pkix-problem-statement/ 2. Discussion of how to progress this. PS I'm a new IETF'er, please be gentle :P Thanks, - - - Mike Ounsworth | Software Security Architect Entrust Datacard From nobody Thu Sep 12 07:38:57 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20B4C1200FB for ; Thu, 12 Sep 2019 07:38:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.701 X-Spam-Level: * X-Spam-Status: No, score=1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_A1=3.599, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATCBVcS0TX_u for ; Thu, 12 Sep 2019 07:38:54 -0700 (PDT) Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 2313F12003E for ; Thu, 12 Sep 2019 07:38:54 -0700 (PDT) Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id DCEEC3740FDF for ; Thu, 12 Sep 2019 14:38:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at katezarealty.com Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fKcaP5JAayuZ for ; Thu, 12 Sep 2019 10:38:52 -0400 (EDT) Received: from Maxs-MBP-2.cablelabs.com (unknown [192.160.73.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id BEEBD37407EA for ; Thu, 12 Sep 2019 10:38:52 -0400 (EDT) To: secdispatch@ietf.org From: "Dr. Pala" Message-ID: Date: Thu, 12 Sep 2019 08:38:52 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------D308A0837F60766149A82AF7" Content-Language: en-US Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 14:38:56 -0000 This is a multi-part message in MIME format. --------------D308A0837F60766149A82AF7 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi SecDispatch, Mike, Our industry (Cable) is working on this problem already - some of our members have started investigating few things in the post-quantum field and in particular how to protect our PKIs in this uncertain environment. With few billions certificates issued across the industry, we heavily rely on certificates for device authentication and, therefore, we need to work on a solution today. For us, the use of Composite Crypto is quite an interesting path to pursue because it provides an easy way to protect today our PKIs against the factorization threat (not only certificates, but all the data structures for PKIX) thus allowing to verify the authentication with Post-Quantum algorithms when we will need to make the switch (deferred Algorithm Agility). We intend to support this idea and actively deploy it for our PKIs and eventually expand the adoption of this approach in other environments we are engaged in (e.g., medical devices, cellular networks, WiFi Alliance and WBA, etc.) Looking forward to find a good home for this project within the IETF - a simple but powerful tool for our "PKI toolboxes" Cheers, Max > Hi SecDispatch, > > This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution. > > > > Background / history > -------------------- > > The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives. > > > A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU. > https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ > > > Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach. > https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ > > > Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > > > > > My Opinion > ---------- > > Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE. > > > > > Requested action from SECDISPATCH > --------------------------------- > > 1. Feedback on the problem statement draft.https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > > 2. Discussion of how to progress this. > > > > > PS I'm a new IETF'er, please be gentle :P > > Thanks, > - - - > Mike Ounsworth | Software Security Architect > Entrust Datacard -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo --------------D308A0837F60766149A82AF7 Content-Type: multipart/related; boundary="------------8A5EBD172D93D4DDFCFF1D15" --------------8A5EBD172D93D4DDFCFF1D15 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Hi SecDispatch, Mike,

Our industry (Cable) is working on this problem already - some of our members have started investigating few things in the post-quantum field and in particular how to protect our PKIs in this uncertain environment.

With few billions certificates issued across the industry, we heavily rely on certificates for device authentication and, therefore, we need to work on a solution today.

For us, the use of Composite Crypto is quite an interesting path to pursue because it provides an easy way to protect today our PKIs against the factorization threat (not only certificates, but all the data structures for PKIX) thus allowing to verify the authentication with Post-Quantum algorithms when we will need to make the switch (deferred Algorithm Agility).

We intend to support this idea and actively deploy it for our PKIs and eventually expand the adoption of this approach in other environments we are engaged in (e.g., medical devices, cellular networks, WiFi Alliance and WBA, etc.)

Looking forward to find a good home for this project within the IETF - a simple but powerful tool for our "PKI toolboxes"

Cheers,
Max


Hi SecDispatch,

This got bounced here from LAMPS because the scope is potentially more than a "limited" pkix change, and because this needs multi-WG visibility to decide on a category of solution.



Background / history
--------------------

The Post-Quantum community (for example, surrounding the NIST PQC competition), is pushing for "hybridized" crypto that combines RSA/ECC with new primitives in order to hedge our bets against both quantum adversaries, and also algorithmic / mathematical breaks of the new primitives.


A year and a half ago, a draft was put to LAMPS for putting PQ public key and signatures into X.509v3 extensions. This draft has been allowed to expire, but is being pursued at the ITU.
https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/


Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approach.
https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/


Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions.
https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/




My Opinion
----------

Personally, I'm fairly agnostic to the chosen solution, but feel that we need some kind of standard(s) around the post-quantum transition for certificates and PKI. Personally, I feel that Composite is mature enough as an idea to standardize as a tool in our toolbox for contexts where it makes sense, even if a different mechanism is preferred for TLS and IPSEC/IKE.




Requested action from SECDISPATCH
---------------------------------

1. Feedback on the problem statement draft. https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/

2. Discussion of how to progress this.




PS I'm a new IETF'er, please be gentle :P

Thanks,
- - -
Mike Ounsworth | Software Security Architect
Entrust Datacard

--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
--------------8A5EBD172D93D4DDFCFF1D15 Content-Type: image/png; name="bhghdbihgmjmfcjl.png" Content-Transfer-Encoding: base64 Content-ID: Content-Disposition: inline; filename="bhghdbihgmjmfcjl.png" iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1 SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27 PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7 gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5 giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/ 85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf 70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq 1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM 9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9 wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX 3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco 9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/ JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3 +B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59 qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a 8XoAAAAASUVORK5CYII= --------------8A5EBD172D93D4DDFCFF1D15-- --------------D308A0837F60766149A82AF7-- From nobody Thu Sep 12 12:08:59 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05063120220 for ; Thu, 12 Sep 2019 12:08:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.489 X-Spam-Level: X-Spam-Status: No, score=-14.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=M0FhHhOy; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dy8k/rt9 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5ttuxnFSooM for ; Thu, 12 Sep 2019 12:08:54 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B61112021C for ; Thu, 12 Sep 2019 12:08:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25519; q=dns/txt; s=iport; t=1568315334; x=1569524934; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=saTDJqJ09FbTioRH+NoA74x5YYP/oY9RwXIQybWZH3s=; b=M0FhHhOyCPqM2eKaC7bh/Se08sXkVU8NN1nwM7AMPL6YS3/yN5FykVp0 lpwN2S8hzvF1i6RjjCYj/5sfoIgYMMba7javIF22nshgka4obMZvKRREV sSk6++LwG508p0ml+dGDYE1zaxIe48Lt4UZ2zD/ywFJMK8xHKFDNl+4ki 8=; X-Files: image001.png : 3146 IronPort-PHdr: =?us-ascii?q?9a23=3ATmyIvhfvyKlnruAngmm3jjWqlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/dCI+AcRYWUVN9HCgOk8TE8H7NBXf?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AtAABHl3pd/5BdJa1mGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBVgIBAQEBCwGBFS9QA21WIAQLKgqEF4NHA4pqTYIPfpIWhFy?= =?us-ascii?q?CUgNUAgcBAQEJAQIBASMKAgEBgUuCcAICAheCRiM3Bg4CAwkBAQQBAQECAQY?= =?us-ascii?q?EbYUuDIVKAQEBAQMFAQwRAggBEgEBOA8CAQgRBAEBBgEBASICAgIFEAEODB0?= =?us-ascii?q?IAgQBEQEGAgYGBweDAYFqAx0BDqBAAoE4iGFzgTIfgl4BAQWBRkGDABiCDwc?= =?us-ascii?q?DBoE0AYo0gUMYgUA/gRFGghc1PoJhAgMBgTYRGBUWgl4ygiaMYC8BgjCFIYE?= =?us-ascii?q?PjReCW4V7bgqCIYVrAYEVhQ2JBII0h0CPFoRGiA2BLIgEkGoCBAIEBQIOAQE?= =?us-ascii?q?FgWgigT8RCHAVgyeBSXmDcoUUhT9zgSmMK4ExAYEiAQE?= X-IronPort-AV: E=Sophos;i="5.64,498,1559520000"; d="png'150?scan'150,208,217,150";a="628324420" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Sep 2019 19:08:52 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x8CJ8qvM004678 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 12 Sep 2019 19:08:52 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Sep 2019 14:08:52 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Sep 2019 14:08:51 -0500 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 12 Sep 2019 14:08:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z0hJfDUK1ESmYi/2wdaI7fp6A8Bfgvj5GvNc9OCEshX1HBx4B5zptPCw7ImnFGlS0CPqtYYInhgjEvPVr37rPuZZ2Mo3urQdhx+TcfTADD8SBL/K5bbvu297aVEZAjeenxppg0IKAvRek15UWNr2jZkb49rM/1KH8Yxc1NWCfKebyiMZS8LjaQC035r6BOgNkO0xfv71d+HQA8V34imN60MvVDUetmJUXu6vBmql8idWHDgMFlnvMyOao/h8OBxZwEXm5e8kZHnR9rTlTp0OPTThcYDZ0f6ty6vkVBINP/77oOrtkMUb3p42mGRocLHGON1r/3+37HBdCTlCAqxhiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7UdVEt9nSP2b3INYTW2oWT7JvKJq3HAIj7ZZU/0sy8=; b=nYmWlgDs6jdi6eGl0/8GKxAOVfOLplrkSLY8ZUxeH7NI889NfOtFP22zLPumtOGJJ4VsS4jz1NEFUFm55m3MUtL7JVE8p8PAHt2rJAQgpjDOpBQd+f9dw33eOYuIbLd3olPmINlnmXVWmCJ1I+DPsadBahLY3q/ZibqVNvZHJEsLcvgRAXdsSs0u1d2dGLzw4POWWQVI+PKyFeMm1z6uVnQqsxv8r7r63FLXoAGqxQqrY6Pd+X54MEekxO5Sw30VFvPD9ZUYd4K+i/w+/ARQQNEXE6FDvglDB7GyIcq565gbLjNK6KtsaJ7ZDB0VS236w52YwaA3UGCxXLaBrjeU9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7UdVEt9nSP2b3INYTW2oWT7JvKJq3HAIj7ZZU/0sy8=; b=dy8k/rt9/BKfgaZUx54+opIo6TrH7MIDN1wYIxfwS7rfqnXjS/gJ5szrFnr/oFHtsSPkpWZei/aXEh5OzvYDae3AZrzWxyyJaAYgYYbqDpvHS72ehrLL3Q0XnrAzTylB8xnEWVgGzQeew0MdrqiBRSfzwASlc0s7NyQl8sKsiss= Received: from BL0PR11MB3172.namprd11.prod.outlook.com (10.167.182.222) by BL0PR11MB2881.namprd11.prod.outlook.com (20.177.205.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.20; Thu, 12 Sep 2019 19:08:50 +0000 Received: from BL0PR11MB3172.namprd11.prod.outlook.com ([fe80::de4:ce0b:65fc:5b12]) by BL0PR11MB3172.namprd11.prod.outlook.com ([fe80::de4:ce0b:65fc:5b12%4]) with mapi id 15.20.2241.021; Thu, 12 Sep 2019 19:08:50 +0000 From: "Scott Fluhrer (sfluhrer)" To: "Dr. Pala" , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXfhQhjRM9jS8U+Srd37gdUEBacoZg1w Date: Thu, 12 Sep 2019 19:08:49 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=sfluhrer@cisco.com; x-originating-ip: [173.38.117.87] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d26580a8-8650-4e2d-c46f-08d737b4a526 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:BL0PR11MB2881; x-ms-traffictypediagnostic: BL0PR11MB2881: x-ms-exchange-purlcount: 5 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 01583E185C x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(396003)(136003)(39860400002)(376002)(189003)(199004)(14444005)(2501003)(6506007)(606006)(76116006)(53936002)(66446008)(66946007)(74316002)(2906002)(55016002)(9686003)(71190400001)(14454004)(8936002)(478600001)(66066001)(6116002)(71200400001)(76176011)(6306002)(54896002)(66476007)(86362001)(53546011)(33656002)(446003)(186003)(66556008)(26005)(102836004)(5660300002)(6246003)(236005)(966005)(316002)(99286004)(486006)(476003)(25786009)(229853002)(110136005)(64756008)(790700001)(3846002)(66616009)(52536014)(733005)(11346002)(81156014)(81166006)(99936001)(7736002)(7696005)(8676002)(256004)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR11MB2881; H:BL0PR11MB3172.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: qRTYBxZJ62DWiXE1RBxP1PPUIwIxg4SRJnj6HX2g+P+P/jaG9mmypxkqYavr/zuDgTRCU0632O1OEY4d27Pa7EtSax0pkhWt5GSYI944iuWdULwBJL/Y7iRKtgVzSgDYnZR89WAcDdsW8xVPPrfXNwbcdllamuKRFYHYBlyu3qYfj3ehSJVepR/QgnBX3OR5X+Vhs9EkorRTJb0bWYkaOyPDLnh3E23OZJixN7L0RO0Z3GvMV3M44xdyyWUSCF8vnoLLpkWHeYHYmV2yF8mWcaz3fhhGE6lNUFSFLvlrFWkF8E20fxM0w8gzmLYD+ByUegUXJBVlF393qKYR5wL1k93juH2EFPWy791xBBjgh8JL0w7E/d2Oy6c2VEjLo32P/HBjl6RvA/tj5uvhpz4XahpVwJ04B2N5n8M0TzhnM4Y= x-ms-exchange-transport-forked: True Content-Type: multipart/related; boundary="_004_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_"; type="multipart/alternative" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d26580a8-8650-4e2d-c46f-08d737b4a526 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2019 19:08:49.9297 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zWU7Fs9k8Dwg2DyJ66FYvYt2ptfZ2L3BAw2LY9h0+EaR3Yh/GIMG2J3kpX7fG5j6Rzg8SRPVvWufvezUqOOmOA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB2881 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.19, xch-rcd-009.cisco.com X-Outbound-Node: rcdn-core-8.cisco.com Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 19:08:57 -0000 --_004_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_ Content-Type: multipart/alternative; boundary="_000_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_" --_000_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSBhZ3JlZSB0aGF0IHRoaXMgaXMgYW4gaW1wb3J0YW50IHByb2JsZW0gdG8gc29sdmUuDQoNCk9u ZSBtaWdodCB0aGluayB3ZSBoYXZlIHBsZW50eSBvZiB0aW1lLCBnaXZlbiB0aGF0IFJlYWwgUXVh bnR1bSBDb21wdXRlcnMgYXJlLCBtb3JlIHRoYW4gbGlrZWx5LCBtb3JlIHRoYW4gMTAgeWVhcnMg YXdheSwgYW5kIGV2ZW4gb25jZSB5b3UgaGF2ZSBvbmUsIHlvdSBjYW5ub3QgdXNlIHlvdXIgUXVh bnR1bSBDb21wdXRlciB0byBicmVhayB0aGUgYXV0aGVudGljYXRpb24gb2YgcmVjb3JkZWQgY29u dmVyc2F0aW9ucy4NCg0KT24gdGhlIG90aGVyIGhhbmQsIGF1dGhlbnRpY2F0aW9uIGFsc28gYnJp bmdzIGluIGFkZGl0aW9uYWwgaXNzdWVzOyBpbnN0ZWFkIG9mIGhhdmluZyBhIHR3byBwYXJ0eSBz eXN0ZW0gKHdoZXJlIGFzIGxvbmcgYXMgYm90aCB0aGUgY2xpZW50IGFuZCB0aGUgc2VydmVyIHN1 cHBvcnQgYSBwb3N0cXVhbnR1bSBhbGdvcml0aG0sIHRoZXkgY2FuIG5lZ290aWF0ZSBpdCksIHdl IG5vdyBoYXZlIGFuIChhdCBsZWFzdCkgdGhyZWUgcGFydHkgc3lzdGVtLCB0aGUgY2xpZW50LCB0 aGUgc2VydmVyLCBhbmQgdGhlIENBLiAgdGhpcyBhZGRpdGlvbmFsIHBhcnR5IG1ha2VzIHRoZSB1 cGdyYWRlIHBhdGggbW9yZSBjb21wbGljYXRlZC4gIFNvLCB3aGlsZSB3ZSBoYXZlIG1vcmUgdGlt ZSwgd2UgbWF5IG5lZWQgaXQuDQoNCkkgZG9u4oCZdCB0aGluayBpdOKAmXMgdG9vIGVhcmx5IHRv IHN0YXJ0IHRoaW5raW5nIGFib3V0IHRoZSBpc3N1ZXMuLg0KDQpGcm9tOiBTZWNkaXNwYXRjaCA8 c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZz4gT24gQmVoYWxmIE9mIERyLiBQYWxhDQpTZW50 OiBUaHVyc2RheSwgU2VwdGVtYmVyIDEyLCAyMDE5IDEwOjM5IEFNDQpUbzogc2VjZGlzcGF0Y2hA aWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hdIFByb2JsZW0gc3RhdGVtZW50IGZv ciBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBLSQ0KDQoNCkhpIFNlY0Rpc3BhdGNoLCBN aWtlLA0KDQpPdXIgaW5kdXN0cnkgKENhYmxlKSBpcyB3b3JraW5nIG9uIHRoaXMgcHJvYmxlbSBh bHJlYWR5IC0gc29tZSBvZiBvdXIgbWVtYmVycyBoYXZlIHN0YXJ0ZWQgaW52ZXN0aWdhdGluZyBm ZXcgdGhpbmdzIGluIHRoZSBwb3N0LXF1YW50dW0gZmllbGQgYW5kIGluIHBhcnRpY3VsYXIgaG93 IHRvIHByb3RlY3Qgb3VyIFBLSXMgaW4gdGhpcyB1bmNlcnRhaW4gZW52aXJvbm1lbnQuDQoNCldp dGggZmV3IGJpbGxpb25zIGNlcnRpZmljYXRlcyBpc3N1ZWQgYWNyb3NzIHRoZSBpbmR1c3RyeSwg d2UgaGVhdmlseSByZWx5IG9uIGNlcnRpZmljYXRlcyBmb3IgZGV2aWNlIGF1dGhlbnRpY2F0aW9u IGFuZCwgdGhlcmVmb3JlLCB3ZSBuZWVkIHRvIHdvcmsgb24gYSBzb2x1dGlvbiB0b2RheS4NCg0K Rm9yIHVzLCB0aGUgdXNlIG9mIENvbXBvc2l0ZSBDcnlwdG8gaXMgcXVpdGUgYW4gaW50ZXJlc3Rp bmcgcGF0aCB0byBwdXJzdWUgYmVjYXVzZSBpdCBwcm92aWRlcyBhbiBlYXN5IHdheSB0byBwcm90 ZWN0IHRvZGF5IG91ciBQS0lzIGFnYWluc3QgdGhlIGZhY3Rvcml6YXRpb24gdGhyZWF0IChub3Qg b25seSBjZXJ0aWZpY2F0ZXMsIGJ1dCBhbGwgdGhlIGRhdGEgc3RydWN0dXJlcyBmb3IgUEtJWCkg dGh1cyBhbGxvd2luZyB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2F0aW9uIHdpdGggUG9zdC1RdWFu dHVtIGFsZ29yaXRobXMgd2hlbiB3ZSB3aWxsIG5lZWQgdG8gbWFrZSB0aGUgc3dpdGNoIChkZWZl cnJlZCBBbGdvcml0aG0gQWdpbGl0eSkuDQoNCldlIGludGVuZCB0byBzdXBwb3J0IHRoaXMgaWRl YSBhbmQgYWN0aXZlbHkgZGVwbG95IGl0IGZvciBvdXIgUEtJcyBhbmQgZXZlbnR1YWxseSBleHBh bmQgdGhlIGFkb3B0aW9uIG9mIHRoaXMgYXBwcm9hY2ggaW4gb3RoZXIgZW52aXJvbm1lbnRzIHdl IGFyZSBlbmdhZ2VkIGluIChlLmcuLCBtZWRpY2FsIGRldmljZXMsIGNlbGx1bGFyIG5ldHdvcmtz LCBXaUZpIEFsbGlhbmNlIGFuZCBXQkEsIGV0Yy4pDQoNCkxvb2tpbmcgZm9yd2FyZCB0byBmaW5k IGEgZ29vZCBob21lIGZvciB0aGlzIHByb2plY3Qgd2l0aGluIHRoZSBJRVRGIC0gYSBzaW1wbGUg YnV0IHBvd2VyZnVsIHRvb2wgZm9yIG91ciAiUEtJIHRvb2xib3hlcyINCg0KQ2hlZXJzLA0KTWF4 DQoNCg0KDQpIaSBTZWNEaXNwYXRjaCwNCg0KDQoNClRoaXMgZ290IGJvdW5jZWQgaGVyZSBmcm9t IExBTVBTIGJlY2F1c2UgdGhlIHNjb3BlIGlzIHBvdGVudGlhbGx5IG1vcmUgdGhhbiBhICJsaW1p dGVkIiBwa2l4IGNoYW5nZSwgYW5kIGJlY2F1c2UgdGhpcyBuZWVkcyBtdWx0aS1XRyB2aXNpYmls aXR5IHRvIGRlY2lkZSBvbiBhIGNhdGVnb3J5IG9mIHNvbHV0aW9uLg0KDQoNCg0KDQoNCg0KDQpC YWNrZ3JvdW5kIC8gaGlzdG9yeQ0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQoNCg0KVGhlIFBv c3QtUXVhbnR1bSBjb21tdW5pdHkgKGZvciBleGFtcGxlLCBzdXJyb3VuZGluZyB0aGUgTklTVCBQ UUMgY29tcGV0aXRpb24pLCBpcyBwdXNoaW5nIGZvciAiaHlicmlkaXplZCIgY3J5cHRvIHRoYXQg Y29tYmluZXMgUlNBL0VDQyB3aXRoIG5ldyBwcmltaXRpdmVzIGluIG9yZGVyIHRvIGhlZGdlIG91 ciBiZXRzIGFnYWluc3QgYm90aCBxdWFudHVtIGFkdmVyc2FyaWVzLCBhbmQgYWxzbyBhbGdvcml0 aG1pYyAvIG1hdGhlbWF0aWNhbCBicmVha3Mgb2YgdGhlIG5ldyBwcmltaXRpdmVzLg0KDQoNCg0K DQoNCkEgeWVhciBhbmQgYSBoYWxmIGFnbywgYSBkcmFmdCB3YXMgcHV0IHRvIExBTVBTIGZvciBw dXR0aW5nIFBRIHB1YmxpYyBrZXkgYW5kIHNpZ25hdHVyZXMgaW50byBYLjUwOXYzIGV4dGVuc2lv bnMuIFRoaXMgZHJhZnQgaGFzIGJlZW4gYWxsb3dlZCB0byBleHBpcmUsIGJ1dCBpcyBiZWluZyBw dXJzdWVkIGF0IHRoZSBJVFUuDQoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry YWZ0LXRydXNrb3Zza3ktbGFtcHMtcHEtaHlicmlkLXg1MDkvDQoNCg0KDQoNCg0KRWFybGllciB0 aGlzIHllYXIsIGEgbmV3IGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIGRlZmluaW5nICJjb21w b3NpdGUiIHB1YmxpYyBrZXkgYW5kIHNpZ25hdHVyZSBhbGdvcml0aG1zIHRoYXQsIGVzc2VudGlh bGx5LCBjb25jYXRlbmF0ZSBtdWx0aXBsZSBjcnlwdG8gYWxnb3JpdGhtcyBpbnRvIGEgc2luZ2xl IGtleSBvciBzaWduYXR1cmUgb2N0ZXQgc3RyaW5nLiBUaGlzIGRyYWZ0IHN0YWxsZWQgaW4gTEFN UFMgb3ZlciB3aGV0aGVyIGl0IGlzIHRoZSBjb3JyZWN0IG92ZXJhbGwgYXBwcm9hY2guDQoNCmh0 dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3Np dGUtc2lncy8NCg0KDQoNCg0KDQpOb3cgSSdtIHRha2luZyBhIHN0ZXAgYmFjayBhbmQgc3VibWl0 dGluZyBhIGRyYWZ0IHRoYXQgYWN0cyBhcyBhIHNlbWktZm9ybWFsIHByb2JsZW0gc3RhdGVtZW50 LCBhbmQgYW4gb3ZlcnZpZXcgb2YgdGhlIHRocmVlIG1haW4gY2F0ZWdvcmllcyBvZiBzb2x1dGlv bnMuDQoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJv YmxlbS1zdGF0ZW1lbnQvDQoNCg0KDQoNCg0KDQoNCg0KDQpNeSBPcGluaW9uDQoNCi0tLS0tLS0t LS0NCg0KDQoNClBlcnNvbmFsbHksIEknbSBmYWlybHkgYWdub3N0aWMgdG8gdGhlIGNob3NlbiBz b2x1dGlvbiwgYnV0IGZlZWwgdGhhdCB3ZSBuZWVkIHNvbWUga2luZCBvZiBzdGFuZGFyZChzKSBh cm91bmQgdGhlIHBvc3QtcXVhbnR1bSB0cmFuc2l0aW9uIGZvciBjZXJ0aWZpY2F0ZXMgYW5kIFBL SS4gUGVyc29uYWxseSwgSSBmZWVsIHRoYXQgQ29tcG9zaXRlIGlzIG1hdHVyZSBlbm91Z2ggYXMg YW4gaWRlYSB0byBzdGFuZGFyZGl6ZSBhcyBhIHRvb2wgaW4gb3VyIHRvb2xib3ggZm9yIGNvbnRl eHRzIHdoZXJlIGl0IG1ha2VzIHNlbnNlLCBldmVuIGlmIGEgZGlmZmVyZW50IG1lY2hhbmlzbSBp cyBwcmVmZXJyZWQgZm9yIFRMUyBhbmQgSVBTRUMvSUtFLg0KDQoNCg0KDQoNCg0KDQoNCg0KUmVx dWVzdGVkIGFjdGlvbiBmcm9tIFNFQ0RJU1BBVENIDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KDQoNCg0KMS4gRmVlZGJhY2sgb24gdGhlIHByb2JsZW0gc3RhdGVtZW50IGRy YWZ0LiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1wcS1wa2l4LXByb2Js ZW0tc3RhdGVtZW50Lw0KDQoNCg0KMi4gRGlzY3Vzc2lvbiBvZiBob3cgdG8gcHJvZ3Jlc3MgdGhp cy4NCg0KDQoNCg0KDQoNCg0KDQoNClBTIEknbSBhIG5ldyBJRVRGJ2VyLCBwbGVhc2UgYmUgZ2Vu dGxlIDpQDQoNCg0KDQpUaGFua3MsDQoNCi0gLSAtDQoNCk1pa2UgT3Vuc3dvcnRoIHwgU29mdHdh cmUgU2VjdXJpdHkgQXJjaGl0ZWN0DQoNCkVudHJ1c3QgRGF0YWNhcmQNCg0KLS0NCkJlc3QgUmVn YXJkcywNCk1hc3NpbWlsaWFubyBQYWxhLCBQaC5ELg0KT3BlbkNBIExhYnMgRGlyZWN0b3INCltP cGVuQ0EgTG9nb10NCg== --_000_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7 YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0 I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl DQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYg MyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJpOw0KCXBhbm9zZS0xOjIg MTUgNSAyIDIgMiA0IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q29uc29sYXM7 DQoJcGFub3NlLTE6MiAxMSA2IDkgMiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMg Ki8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBp bjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjpibGFjazt9DQphOmxpbmssIHNwYW4u TXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRl eHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0Zv bGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1k ZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwcmUNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1z by1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsNCgltYXJnaW46MGluOw0KCW1h cmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJD b3VyaWVyIE5ldyI7DQoJY29sb3I6YmxhY2s7fQ0KcC5tc29ub3JtYWwwLCBsaS5tc29ub3JtYWww LCBkaXYubXNvbm9ybWFsMA0KCXttc28tc3R5bGUtbmFtZTptc29ub3JtYWw7DQoJbXNvLW1hcmdp bi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1h bHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZh bWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjpibGFjazt9DQpzcGFuLkhUTUxQcmVm b3JtYXR0ZWRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJIVE1MIFByZWZvcm1hdHRlZCBDaGFyIjsN Cgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IkhUTUwgUHJlZm9ybWF0 dGVkIjsNCglmb250LWZhbWlseTpDb25zb2xhczsNCgljb2xvcjpibGFjazt9DQpzcGFuLkVtYWls U3R5bGUyMQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToi Q2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0 DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBh Z2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBp biAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30N Ci0tPjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6 ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBn dGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2 OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0t LT4NCjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1VUyIgbGluaz0iYmx1 ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQiPkkgYWdyZWUgdGhhdCB0 aGlzIGlzIGFuIGltcG9ydGFudCBwcm9ibGVtIHRvIHNvbHZlLjwvc3Bhbj48c3BhbiBsYW5nPSJF Ti1HQiIgc3R5bGU9ImNvbG9yOndpbmRvd3RleHQiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0Ij48bzpwPiZu YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i Y29sb3I6d2luZG93dGV4dCI+T25lIG1pZ2h0IHRoaW5rIHdlIGhhdmUgcGxlbnR5IG9mIHRpbWUs IGdpdmVuIHRoYXQgUmVhbCBRdWFudHVtIENvbXB1dGVycyBhcmUsIG1vcmUgdGhhbiBsaWtlbHks IG1vcmUgdGhhbiAxMCB5ZWFycyBhd2F5LCBhbmQgZXZlbiBvbmNlIHlvdSBoYXZlIG9uZSwgeW91 IGNhbm5vdCB1c2UgeW91ciBRdWFudHVtIENvbXB1dGVyIHRvIGJyZWFrIHRoZSBhdXRoZW50aWNh dGlvbg0KIG9mIHJlY29yZGVkIGNvbnZlcnNhdGlvbnMuPG86cD48L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOndpbmRvd3RleHQiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJjb2xvcjp3aW5kb3d0ZXh0Ij5PbiB0aGUgb3RoZXIgaGFuZCwgYXV0aGVudGljYXRpb24gYWxz byBicmluZ3MgaW4gYWRkaXRpb25hbCBpc3N1ZXM7IGluc3RlYWQgb2YgaGF2aW5nIGEgdHdvIHBh cnR5IHN5c3RlbSAod2hlcmUgYXMgbG9uZyBhcyBib3RoIHRoZSBjbGllbnQgYW5kIHRoZSBzZXJ2 ZXIgc3VwcG9ydCBhIHBvc3RxdWFudHVtIGFsZ29yaXRobSwgdGhleSBjYW4gbmVnb3RpYXRlDQog aXQpLCB3ZSBub3cgaGF2ZSBhbiAoYXQgbGVhc3QpIHRocmVlIHBhcnR5IHN5c3RlbSwgdGhlIGNs aWVudCwgdGhlIHNlcnZlciwgYW5kIHRoZSBDQS4mbmJzcDsgdGhpcyBhZGRpdGlvbmFsIHBhcnR5 IG1ha2VzIHRoZSB1cGdyYWRlIHBhdGggbW9yZSBjb21wbGljYXRlZC4mbmJzcDsgU28sIHdoaWxl IHdlIGhhdmUgbW9yZSB0aW1lLCB3ZSBtYXkgbmVlZCBpdC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6d2luZG93dGV4dCI+PG86 cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5 bGU9ImNvbG9yOndpbmRvd3RleHQiPkkgZG9u4oCZdCB0aGluayBpdOKAmXMgdG9vIGVhcmx5IHRv IHN0YXJ0IHRoaW5raW5nIGFib3V0IHRoZSBpc3N1ZXMuLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0Ij48bzpw PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXIt bGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0KPGRpdj4N CjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtw YWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFu IHN0eWxlPSJjb2xvcjp3aW5kb3d0ZXh0Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImNv bG9yOndpbmRvd3RleHQiPiBTZWNkaXNwYXRjaCAmbHQ7c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRm Lm9yZyZndDsNCjxiPk9uIEJlaGFsZiBPZiA8L2I+RHIuIFBhbGE8YnI+DQo8Yj5TZW50OjwvYj4g VGh1cnNkYXksIFNlcHRlbWJlciAxMiwgMjAxOSAxMDozOSBBTTxicj4NCjxiPlRvOjwvYj4gc2Vj ZGlzcGF0Y2hAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtTZWNkaXNwYXRjaF0g UHJvYmxlbSBzdGF0ZW1lbnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0aG0gUEtJPG86 cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHA+SGkgU2VjRGlzcGF0Y2gsIE1pa2UsPG86cD48L286 cD48L3A+DQo8cD5PdXIgaW5kdXN0cnkgKENhYmxlKSBpcyB3b3JraW5nIG9uIHRoaXMgcHJvYmxl bSBhbHJlYWR5IC0gc29tZSBvZiBvdXIgbWVtYmVycyBoYXZlIHN0YXJ0ZWQgaW52ZXN0aWdhdGlu ZyBmZXcgdGhpbmdzIGluIHRoZSBwb3N0LXF1YW50dW0gZmllbGQgYW5kIGluIHBhcnRpY3VsYXIg aG93IHRvIHByb3RlY3Qgb3VyIFBLSXMgaW4gdGhpcyB1bmNlcnRhaW4gZW52aXJvbm1lbnQuPG86 cD48L286cD48L3A+DQo8cD5XaXRoIGZldyBiaWxsaW9ucyBjZXJ0aWZpY2F0ZXMgaXNzdWVkIGFj cm9zcyB0aGUgaW5kdXN0cnksIHdlIGhlYXZpbHkgcmVseSBvbiBjZXJ0aWZpY2F0ZXMgZm9yIGRl dmljZSBhdXRoZW50aWNhdGlvbiBhbmQsIHRoZXJlZm9yZSwgd2UgbmVlZCB0byB3b3JrIG9uIGEg c29sdXRpb24gdG9kYXkuPG86cD48L286cD48L3A+DQo8cD5Gb3IgdXMsIHRoZSB1c2Ugb2YgQ29t cG9zaXRlIENyeXB0byBpcyBxdWl0ZSBhbiBpbnRlcmVzdGluZyBwYXRoIHRvIHB1cnN1ZSBiZWNh dXNlIGl0IHByb3ZpZGVzIGFuIGVhc3kgd2F5IHRvIHByb3RlY3QgdG9kYXkgb3VyIFBLSXMgYWdh aW5zdCB0aGUgZmFjdG9yaXphdGlvbiB0aHJlYXQgKG5vdCBvbmx5IGNlcnRpZmljYXRlcywgYnV0 IGFsbCB0aGUgZGF0YSBzdHJ1Y3R1cmVzIGZvciBQS0lYKSB0aHVzIGFsbG93aW5nIHRvIHZlcmlm eSB0aGUNCiBhdXRoZW50aWNhdGlvbiB3aXRoIFBvc3QtUXVhbnR1bSBhbGdvcml0aG1zIHdoZW4g d2Ugd2lsbCBuZWVkIHRvIG1ha2UgdGhlIHN3aXRjaCAoZGVmZXJyZWQgQWxnb3JpdGhtIEFnaWxp dHkpLjxvOnA+PC9vOnA+PC9wPg0KPHA+V2UgaW50ZW5kIHRvIHN1cHBvcnQgdGhpcyBpZGVhIGFu ZCBhY3RpdmVseSBkZXBsb3kgaXQgZm9yIG91ciBQS0lzIGFuZCBldmVudHVhbGx5IGV4cGFuZCB0 aGUgYWRvcHRpb24gb2YgdGhpcyBhcHByb2FjaCBpbiBvdGhlciBlbnZpcm9ubWVudHMgd2UgYXJl IGVuZ2FnZWQgaW4gKGUuZy4sIG1lZGljYWwgZGV2aWNlcywgY2VsbHVsYXIgbmV0d29ya3MsIFdp RmkgQWxsaWFuY2UgYW5kIFdCQSwgZXRjLik8bzpwPjwvbzpwPjwvcD4NCjxwPkxvb2tpbmcgZm9y d2FyZCB0byBmaW5kIGEgZ29vZCBob21lIGZvciB0aGlzIHByb2plY3Qgd2l0aGluIHRoZSBJRVRG IC0gYSBzaW1wbGUgYnV0IHBvd2VyZnVsIHRvb2wgZm9yIG91ciAmcXVvdDtQS0kgdG9vbGJveGVz JnF1b3Q7PG86cD48L286cD48L3A+DQo8cD5DaGVlcnMsPGJyPg0KTWF4PG86cD48L286cD48L3A+ DQo8cD48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxibG9ja3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9w OjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiPg0KPHByZT5IaSBTZWNEaXNwYXRjaCw8bzpwPjwv bzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHByZT5UaGlzIGdvdCBi b3VuY2VkIGhlcmUgZnJvbSBMQU1QUyBiZWNhdXNlIHRoZSBzY29wZSBpcyBwb3RlbnRpYWxseSBt b3JlIHRoYW4gYSAmcXVvdDtsaW1pdGVkJnF1b3Q7IHBraXggY2hhbmdlLCBhbmQgYmVjYXVzZSB0 aGlzIG5lZWRzIG11bHRpLVdHIHZpc2liaWxpdHkgdG8gZGVjaWRlIG9uIGEgY2F0ZWdvcnkgb2Yg c29sdXRpb24uPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4N CjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3By ZT4NCjxwcmU+QmFja2dyb3VuZCAvIGhpc3Rvcnk8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT4tLS0t LS0tLS0tLS0tLS0tLS0tLTxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+ PC9wcmU+DQo8cHJlPlRoZSBQb3N0LVF1YW50dW0gY29tbXVuaXR5IChmb3IgZXhhbXBsZSwgc3Vy cm91bmRpbmcgdGhlIE5JU1QgUFFDIGNvbXBldGl0aW9uKSwgaXMgcHVzaGluZyBmb3IgJnF1b3Q7 aHlicmlkaXplZCZxdW90OyBjcnlwdG8gdGhhdCBjb21iaW5lcyBSU0EvRUNDIHdpdGggbmV3IHBy aW1pdGl2ZXMgaW4gb3JkZXIgdG8gaGVkZ2Ugb3VyIGJldHMgYWdhaW5zdCBib3RoIHF1YW50dW0g YWR2ZXJzYXJpZXMsIGFuZCBhbHNvIGFsZ29yaXRobWljIC8gbWF0aGVtYXRpY2FsIGJyZWFrcyBv ZiB0aGUgbmV3IHByaW1pdGl2ZXMuPG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8 L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+QSB5ZWFyIGFu ZCBhIGhhbGYgYWdvLCBhIGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIHB1dHRpbmcgUFEgcHVi bGljIGtleSBhbmQgc2lnbmF0dXJlcyBpbnRvIFguNTA5djMgZXh0ZW5zaW9ucy4gVGhpcyBkcmFm dCBoYXMgYmVlbiBhbGxvd2VkIHRvIGV4cGlyZSwgYnV0IGlzIGJlaW5nIHB1cnN1ZWQgYXQgdGhl IElUVS48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48YSBocmVmPSJodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9kcmFmdC10cnVza292c2t5LWxhbXBzLXBxLWh5YnJpZC14NTA5LyI+aHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHJ1c2tvdnNreS1sYW1wcy1wcS1o eWJyaWQteDUwOS88L2E+PG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48 L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+RWFybGllciB0aGlzIHll YXIsIGEgbmV3IGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIGRlZmluaW5nICZxdW90O2NvbXBv c2l0ZSZxdW90OyBwdWJsaWMga2V5IGFuZCBzaWduYXR1cmUgYWxnb3JpdGhtcyB0aGF0LCBlc3Nl bnRpYWxseSwgY29uY2F0ZW5hdGUgbXVsdGlwbGUgY3J5cHRvIGFsZ29yaXRobXMgaW50byBhIHNp bmdsZSBrZXkgb3Igc2lnbmF0dXJlIG9jdGV0IHN0cmluZy4gVGhpcyBkcmFmdCBzdGFsbGVkIGlu IExBTVBTIG92ZXIgd2hldGhlciBpdCBpcyB0aGUgY29ycmVjdCBvdmVyYWxsIGFwcHJvYWNoLjxv OnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncy8iPmh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncy88L2E+ PG86cD48L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+PG86 cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+Tm93IEknbSB0YWtpbmcgYSBzdGVwIGJhY2sgYW5k IHN1Ym1pdHRpbmcgYSBkcmFmdCB0aGF0IGFjdHMgYXMgYSBzZW1pLWZvcm1hbCBwcm9ibGVtIHN0 YXRlbWVudCwgYW5kIGFuIG92ZXJ2aWV3IG9mIHRoZSB0aHJlZSBtYWluIGNhdGVnb3JpZXMgb2Yg c29sdXRpb25zLjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1lbnQvIj5odHRw czovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1wcS1wa2l4LXByb2JsZW0tc3RhdGVt ZW50LzwvYT48bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0K PHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJl Pg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHByZT5NeSBPcGluaW9uPG86cD48L286 cD48L3ByZT4NCjxwcmU+LS0tLS0tLS0tLTxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5i c3A7PC9vOnA+PC9wcmU+DQo8cHJlPlBlcnNvbmFsbHksIEknbSBmYWlybHkgYWdub3N0aWMgdG8g dGhlIGNob3NlbiBzb2x1dGlvbiwgYnV0IGZlZWwgdGhhdCB3ZSBuZWVkIHNvbWUga2luZCBvZiBz dGFuZGFyZChzKSBhcm91bmQgdGhlIHBvc3QtcXVhbnR1bSB0cmFuc2l0aW9uIGZvciBjZXJ0aWZp Y2F0ZXMgYW5kIFBLSS4gUGVyc29uYWxseSwgSSBmZWVsIHRoYXQgQ29tcG9zaXRlIGlzIG1hdHVy ZSBlbm91Z2ggYXMgYW4gaWRlYSB0byBzdGFuZGFyZGl6ZSBhcyBhIHRvb2wgaW4gb3VyIHRvb2xi b3ggZm9yIGNvbnRleHRzIHdoZXJlIGl0IG1ha2VzIHNlbnNlLCBldmVuIGlmIGEgZGlmZmVyZW50 IG1lY2hhbmlzbSBpcyBwcmVmZXJyZWQgZm9yIFRMUyBhbmQgSVBTRUMvSUtFLjxvOnA+PC9vOnA+ PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9v OnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7 PC9vOnA+PC9wcmU+DQo8cHJlPlJlcXVlc3RlZCBhY3Rpb24gZnJvbSBTRUNESVNQQVRDSDxvOnA+ PC9vOnA+PC9wcmU+DQo8cHJlPi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxvOnA+ PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+DQo8cHJlPjEuIEZlZWRi YWNrIG9uIHRoZSBwcm9ibGVtIHN0YXRlbWVudCBkcmFmdC4gPGEgaHJlZj0iaHR0cHM6Ly9kYXRh dHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcHEtcGtpeC1wcm9ibGVtLXN0YXRlbWVudC8iPmh0 dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0 ZW1lbnQvPC9hPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPjxvOnA+Jm5ic3A7PC9vOnA+PC9wcmU+ DQo8cHJlPjIuIERpc2N1c3Npb24gb2YgaG93IHRvIHByb2dyZXNzIHRoaXMuPG86cD48L286cD48 L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286 cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8L286cD48L3ByZT4NCjxwcmU+PG86cD4mbmJzcDs8 L286cD48L3ByZT4NCjxwcmU+UFMgSSdtIGEgbmV3IElFVEYnZXIsIHBsZWFzZSBiZSBnZW50bGUg OlA8bzpwPjwvbzpwPjwvcHJlPg0KPHByZT48bzpwPiZuYnNwOzwvbzpwPjwvcHJlPg0KPHByZT5U aGFua3MsPG86cD48L286cD48L3ByZT4NCjxwcmU+LSAtIC08bzpwPjwvbzpwPjwvcHJlPg0KPHBy ZT5NaWtlIE91bnN3b3J0aCB8IFNvZnR3YXJlIFNlY3VyaXR5IEFyY2hpdGVjdDxvOnA+PC9vOnA+ PC9wcmU+DQo8cHJlPkVudHJ1c3QgRGF0YWNhcmQ8bzpwPjwvbzpwPjwvcHJlPg0KPC9ibG9ja3F1 b3RlPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+LS0gPG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJtYXJn aW4tdG9wOjcuNXB0Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJlc3QgUmVnYXJkcywgPG86cD48 L286cD48L3A+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOjMuNzVwdCI+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj5NYXNzaW1pbGlhbm8gUGFsYSwgUGguRC48YnI+DQpPcGVuQ0EgTGFicyBEaXJlY3Rv cjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48aW1nIGJvcmRl cj0iMCIgd2lkdGg9IjEwMCIgaGVpZ2h0PSI1NCIgc3R5bGU9IndpZHRoOjEuMDQxNmluO2hlaWdo dDouNTYyNWluIiBpZD0iX3gwMDAwX2kxMDI1IiBzcmM9ImNpZDppbWFnZTAwMS5wbmdAMDFENTY5 N0IuNkJDOUFBNTAiIGFsdD0iT3BlbkNBIExvZ28iPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_-- --_004_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=3146; creation-date="Thu, 12 Sep 2019 19:08:49 GMT"; modification-date="Thu, 12 Sep 2019 19:08:49 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoXBwES CQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAqMjpXKgs/ MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1SGdDR0lDSFJf RDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27PgCaSANtUT57VBer SQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXaeVR+lVRZrYld1ZiB7YEuS YQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDVWQJ1blapYjbXWgDRXACMaU6W bgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3WqaS6BcGeobwndXwzkXwLgYgDaYwyM eCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuvcEPrZQDQaSyockrFbSvmZwnabQLvZwDp aQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqK gnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXleSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQ iwCximixim/EkAORkZGVkYrOh0rPiVL5giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvK lGqpnJLdlF2boKy+m324nImkoZ+eo6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/S rI7dq4bqqXTOrpWttL+6s6uwtbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfR wbXFyMvbxbPNyMP8zgTczMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp 7/Hy9PHw9fj6/v3YktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPX GT6E+l9BZ0EFsTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+U SgFL4r9gEaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqE SrMplYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75UjLZf p6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/85sH2KeX vj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf70RPUPjxLouB EgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxcAwyWTbacW0sTDGoJ en4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+NpuKpq32qLVaexOCCJB91 aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq1LzUMQ4uxxycjl0LWO1bBsY6 yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XOcajZb6GDu7PTFEdPkVu0k4vQyd3J c/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV 2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRbjuxtfqRypNACK28+j3FsqcilAD0ADuIWCt0y Ra7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7 QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxar lr0grlQn92DQt1vBUk+nUFeHGZmegUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJ o+2PGLb2d9WE5bw1L4DcnOco9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bF zhw3eZylM2dgwkbWW3IyJp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwd ElJmarxedr/u3P6CNn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivo BjrfUgNB69zfb6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toV EevCi9/ffmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzS Y3FuBkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/dY1p7 qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1RgrYlfrRe SqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxHdRJFGJkhfKxg mM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3luaLNe1F++bjXGyWyz ZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCmGIzpqKlm27KTSWUcAX1g oBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJCBVkrrBJ1BewMmlVpgRUQF7wp ItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQYIOhklDKzo2C1IV2sijzdhjorqwef NdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41qKFl02YaswYNkULTeLC9CFFK4bDHDMmZb hnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYvJpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkc Hz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkhmt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlC XaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7Wfg ZOv4uLLl0w8wUah71QLBpJeXq/eMVVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6 vjt1z/ghMehVKiUpyt1VYBXCN6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oE DQ6jB9Wc3Z6bm6zLTtLlgLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgX s2kV4WUC0YR/KOLvPby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP 7LnTfsd42at3+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw90 1G+ttVlTJa34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K +f59qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a8XoA AAAASUVORK5CYII= --_004_BL0PR11MB317285DF599EC58CCF26FD5EC1B00BL0PR11MB3172namp_-- From nobody Thu Sep 12 12:28:25 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3AF412080D for ; Thu, 12 Sep 2019 12:28:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c-sKL56t2FdJ for ; Thu, 12 Sep 2019 12:28:20 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EFBE120251 for ; Thu, 12 Sep 2019 12:28:20 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 95380BE2E; Thu, 12 Sep 2019 20:28:18 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fPmOAuIwNKe; Thu, 12 Sep 2019 20:28:16 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 60A15BE24; Thu, 12 Sep 2019 20:28:16 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568316496; bh=qND+ux1BD4vUtqFMCcZiJFKRnfT+kcd+CIKnZ6IDzoY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=E0NvaOG69nhaFCXjxbb4YF2QYivjdY3cXkrTJMuLTEul4ejSVvlrbgnBdgNZXm4cj ORJ0ynAlilRgrA+gHv1vGp0WIHxUDhCefxNjmbWNItuZvfALgX9nhy1JlMUm2ayJrW oxTb6vjAcvkN8dBTDJ5O58JxsySjjqkNxrgU2x+8= To: "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" References: From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> Date: Thu, 12 Sep 2019 20:28:15 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2PUwQDariZEHyFAdKlILLjUHnd4cjV2PF" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 19:28:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2PUwQDariZEHyFAdKlILLjUHnd4cjV2PF Content-Type: multipart/mixed; boundary="VlIQOHRjOdCf1pQznUccbsQxcC0PPW2YY"; protected-headers="v1" From: Stephen Farrell To: "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" Message-ID: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: In-Reply-To: --VlIQOHRjOdCf1pQznUccbsQxcC0PPW2YY Content-Type: multipart/mixed; boundary="------------F481F61EA72157344D06C58B" Content-Language: en-GB This is a multi-part message in MIME format. --------------F481F61EA72157344D06C58B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 12/09/2019 20:08, Scott Fluhrer (sfluhrer) wrote: > I agree that this is an important problem to solve. Depending, on the "this," I agree or disagree:-) Discussion of how to get what PKI offers in a world where current asymmetric algorithms might be weak and where quantum-resistant, but new, algorithms are emerging, is an excellent topic to start to consider. I also think it seems a bit mad to consider x.509 as the main thing to consider so I'm not at all keen on seeing this problem space as being one where all we need is yet another sticking plaster for x.509. That said, I do get that people invested in x.509-based PKI may reasonably prefer less-change to more-change, I just think we may be sad if we miss another opportunity to move on leaving behind some of this 1980's baggage. Cheers, S. >=20 > One might think we have plenty of time, given that Real Quantum > Computers are, more than likely, more than 10 years away, and even > once you have one, you cannot use your Quantum Computer to break the > authentication of recorded conversations. >=20 > On the other hand, authentication also brings in additional issues; > instead of having a two party system (where as long as both the > client and the server support a postquantum algorithm, they can > negotiate it), we now have an (at least) three party system, the > client, the server, and the CA. this additional party makes the > upgrade path more complicated. So, while we have more time, we may > need it. >=20 > I don=E2=80=99t think it=E2=80=99s too early to start thinking about th= e issues.. >=20 > From: Secdispatch On Behalf Of Dr. > Pala Sent: Thursday, September 12, 2019 10:39 AM To: > secdispatch@ietf.org Subject: Re: [Secdispatch] Problem statement for > post-quantum multi-algorithm PKI >=20 >=20 > Hi SecDispatch, Mike, >=20 > Our industry (Cable) is working on this problem already - some of our > members have started investigating few things in the post-quantum > field and in particular how to protect our PKIs in this uncertain > environment. >=20 > With few billions certificates issued across the industry, we heavily > rely on certificates for device authentication and, therefore, we > need to work on a solution today. >=20 > For us, the use of Composite Crypto is quite an interesting path to > pursue because it provides an easy way to protect today our PKIs > against the factorization threat (not only certificates, but all the > data structures for PKIX) thus allowing to verify the authentication > with Post-Quantum algorithms when we will need to make the switch > (deferred Algorithm Agility). >=20 > We intend to support this idea and actively deploy it for our PKIs > and eventually expand the adoption of this approach in other > environments we are engaged in (e.g., medical devices, cellular > networks, WiFi Alliance and WBA, etc.) >=20 > Looking forward to find a good home for this project within the IETF > - a simple but powerful tool for our "PKI toolboxes" >=20 > Cheers, Max >=20 >=20 >=20 > Hi SecDispatch, >=20 >=20 >=20 > This got bounced here from LAMPS because the scope is potentially > more than a "limited" pkix change, and because this needs multi-WG > visibility to decide on a category of solution. >=20 >=20 >=20 >=20 >=20 >=20 >=20 > Background / history >=20 > -------------------- >=20 >=20 >=20 > The Post-Quantum community (for example, surrounding the NIST PQC > competition), is pushing for "hybridized" crypto that combines > RSA/ECC with new primitives in order to hedge our bets against both > quantum adversaries, and also algorithmic / mathematical breaks of > the new primitives. >=20 >=20 >=20 >=20 >=20 > A year and a half ago, a draft was put to LAMPS for putting PQ public > key and signatures into X.509v3 extensions. This draft has been > allowed to expire, but is being pursued at the ITU. >=20 > https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/= > >=20 >=20 >=20 >=20 >=20 > Earlier this year, a new draft was put to LAMPS for defining > "composite" public key and signature algorithms that, essentially, > concatenate multiple crypto algorithms into a single key or signature > octet string. This draft stalled in LAMPS over whether it is the > correct overall approach. >=20 > https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ >=20 >=20 >=20 >=20 >=20 > Now I'm taking a step back and submitting a draft that acts as a > semi-formal problem statement, and an overview of the three main > categories of solutions. >=20 > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > My Opinion >=20 > ---------- >=20 >=20 >=20 > Personally, I'm fairly agnostic to the chosen solution, but feel that > we need some kind of standard(s) around the post-quantum transition > for certificates and PKI. Personally, I feel that Composite is mature > enough as an idea to standardize as a tool in our toolbox for > contexts where it makes sense, even if a different mechanism is > preferred for TLS and IPSEC/IKE. >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > Requested action from SECDISPATCH >=20 > --------------------------------- >=20 >=20 >=20 > 1. Feedback on the problem statement draft. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >=20 >=20 >=20 > 2. Discussion of how to progress this. >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 >=20 > PS I'm a new IETF'er, please be gentle :P >=20 >=20 >=20 > Thanks, >=20 > - - - >=20 > Mike Ounsworth | Software Security Architect >=20 > Entrust Datacard >=20 > -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director=20 > [OpenCA Logo] >=20 >=20 > _______________________________________________ Secdispatch mailing > list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------F481F61EA72157344D06C58B Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------F481F61EA72157344D06C58B-- --VlIQOHRjOdCf1pQznUccbsQxcC0PPW2YY-- --2PUwQDariZEHyFAdKlILLjUHnd4cjV2PF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl16nE8ACgkQWrL68XsX K+q/JhAAyPCv1UEofFk0qWl5NVrGArlrbrOBbvGBMOfcjqXhWr0azoFePXQAAdFj sBbNDOigMY39TFKdr9fxccmEDUeBvIFaTsIvz+ZmrRde4Rn796MWb+G6V9qt3sG4 vB33mcQSHm7ZQ+/A4r4iJ2APUF53uY5Sk3bD1JXG7Tdq+nxVLzVXHKmj2p/ZqMRE PoF4isQYMBaFSo2nkILEzz8RBiN7xpzKbQNa4nm7Co/4WZA6uLeK++4otfsfX6AR 2LFAb3kqet3NgEqu99l9FcWoFqsLJFDa3vzFg3Dw6aEOfPlb/YP9PE9JBYTMnf0q YpFiCzSNlIliKCzrsz6TbxNU/7oM23NMs24e2ymbxLFBvufTkQcQJ+Am+qKf1Fez 7K/fXCMaMcgXcteo4iahvoomcvQ+ZCbti0Ds6ElrS3+sPiIq/HJT7npk58MCWxf+ +lnS/jb70/zD2E7o5B9+778BOG5RgWjl860yHT4Au6jMKCh7dJUphMQ+YT9OAVcv oz86ADiIGC1unZoINbRHQn106rLbmioCwSTTAv/Q+mwRksoCi4OnSJajKmPiGGZA CMfaQw0A5c6heLtNzeOuXoEqQSQPJ8QSgLy6J+xYTVl59dcUTZtgnMa37FUI29w8 q3CGyxM9Mc/iORc7wh6HQ9v7mFpQWR09Z+/vhfJLsZFqqIMQwvU= =uZAt -----END PGP SIGNATURE----- --2PUwQDariZEHyFAdKlILLjUHnd4cjV2PF-- From nobody Thu Sep 12 12:47:14 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA7C120025 for ; Thu, 12 Sep 2019 12:47:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXG-MZw7X7q4 for ; Thu, 12 Sep 2019 12:47:10 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4794412001B for ; Thu, 12 Sep 2019 12:47:10 -0700 (PDT) IronPort-SDR: +SxYnS7BuHVjnf3ZVMtefnVnJW5Yse2DVtZs/eWsD417UVuznkMUIFynx8HmhM6cAWfMrWzh6O fYaX7RApwgdg== X-IronPort-AV: E=Sophos;i="5.64,498,1559538000"; d="scan'208";a="1278527" Received: from pmspex05.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.52]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 12 Sep 2019 14:47:09 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX05.corporate.datacard.com (192.168.211.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 12 Sep 2019 14:47:08 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Thu, 12 Sep 2019 14:47:08 -0500 From: Mike Ounsworth To: Stephen Farrell , "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaZ2KAX3VFnPP10y+CPHZx6ks6acowQiA//+vL8A= Date: Thu, 12 Sep 2019 19:47:08 +0000 Message-ID: References: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> In-Reply-To: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 19:47:13 -0000 SGkgU3RlcGhlbiwNCg0KVGhhdCdzIGFuIGV4Y2l0aW5nIHNvbHV0aW9uIHNwYWNlIHRoYXQncyBv cnRob2dvbmFsIHRvIHRoZSBvbmVzIHRoYXQgSSB3cm90ZSB1cCBpbiBteSBQcm9ibGVtIFN0YXRl bWVudCBkcmFmdC4gRG8geW91IGhhdmUgc29tZSBjb25jcmV0ZXMgb24gd2hhdCBzdWNoIGEgInJl cGxhY2UgWC41MDkiIHByb3Bvc2FsIG1pZ2h0IGxvb2sgbGlrZT8NCg0KSSBzdWdnZXN0IHRoYXQg ZXZlbiB3aXRoIGZ1bGwgc3VwcG9ydCBmb3Igc3VjaCBhIHByb3Bvc2FsLCBpdCB3b3VsZCBzdGls bCBtYWtlIHNlbnNlIHRvIHN0YW5kYXJkaXplIGEgImxlc3MgY2hhbmdlIHRvIHRoZSAxOTgwcyBi YWdnYWdlIiBzbyB0aGF0IGV4aXN0aW5nIHN5c3RlbXMgaGF2ZSBzb21ldGhpbmcgdGhleSBjYW4g ZG8gaW4gdGhlIHNob3J0IHRlcm0uIFNwZWFraW5nIGFzIGEgUEtJIHZlbmRvciwgdGhpcyBpcyBz dGFydGluZyB0byBiZSBhbiB1bmNvbWZvcnRhYmx5IGhvdCBpc3N1ZSB3aXRoIG91ciBjdXN0b21l cnMgd2hvIGFyZSBkZXBsb3lpbmcgMjAgeWVhciBsaWZldGltZSBkZXZpY2VzIGFuZCB3YW50IHBv c3QtcXVhbnR1bSBwcm90ZWN0aW9uIG9uIHRoZW0gbGlrZSBub3cgd2l0aCBsaWtlIG5vIGNvZGUg Y2hhbmdlcy4NCg0KU28gZXhhY3RseSBhcyB5b3Ugc2F5ICJwZW9wbGUgaW52ZXN0ZWQgaW4geC41 MDktYmFzZWQgUEtJIG1heSByZWFzb25hYmx5IHByZWZlciBsZXNzLWNoYW5nZSB0byBtb3JlLWNo YW5nZSIgOlANCg0KLSAtIC0NCk1pa2UgT3Vuc3dvcnRoIHwgT2ZmaWNlOiArMSAoNjEzKSAyNzAt Mjg3Mw0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU2VjZGlzcGF0Y2ggPHNl Y2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBTdGVwaGVuIEZhcnJlbGwN ClNlbnQ6IFRodXJzZGF5LCBTZXB0ZW1iZXIgMTIsIDIwMTkgMjoyOCBQTQ0KVG86IFNjb3R0IEZs dWhyZXIgKHNmbHVocmVyKSA8c2ZsdWhyZXJAY2lzY28uY29tPjsgRHIuIFBhbGEgPG1hZHdvbGZA b3BlbmNhLm9yZz47IHNlY2Rpc3BhdGNoQGlldGYub3JnDQpTdWJqZWN0OiBbRVhURVJOQUxdUmU6 IFtTZWNkaXNwYXRjaF0gUHJvYmxlbSBzdGF0ZW1lbnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1h bGdvcml0aG0gUEtJDQoNCg0KSGl5YSwNCg0KT24gMTIvMDkvMjAxOSAyMDowOCwgU2NvdHQgRmx1 aHJlciAoc2ZsdWhyZXIpIHdyb3RlOg0KPiBJIGFncmVlIHRoYXQgdGhpcyBpcyBhbiBpbXBvcnRh bnQgcHJvYmxlbSB0byBzb2x2ZS4NCg0KRGVwZW5kaW5nLCBvbiB0aGUgInRoaXMsIiBJIGFncmVl IG9yIGRpc2FncmVlOi0pDQoNCkRpc2N1c3Npb24gb2YgaG93IHRvIGdldCB3aGF0IFBLSSBvZmZl cnMgaW4gYSB3b3JsZCB3aGVyZSBjdXJyZW50IGFzeW1tZXRyaWMgYWxnb3JpdGhtcyBtaWdodCBi ZSB3ZWFrIGFuZCB3aGVyZSBxdWFudHVtLXJlc2lzdGFudCwgYnV0IG5ldywgYWxnb3JpdGhtcyBh cmUgZW1lcmdpbmcsIGlzIGFuIGV4Y2VsbGVudCB0b3BpYyB0byBzdGFydCB0byBjb25zaWRlci4N Cg0KSSBhbHNvIHRoaW5rIGl0IHNlZW1zIGEgYml0IG1hZCB0byBjb25zaWRlciB4LjUwOSBhcyB0 aGUgbWFpbiB0aGluZyB0byBjb25zaWRlciBzbyBJJ20gbm90IGF0IGFsbCBrZWVuIG9uIHNlZWlu ZyB0aGlzIHByb2JsZW0gc3BhY2UgYXMgYmVpbmcgb25lIHdoZXJlIGFsbCB3ZSBuZWVkIGlzIHll dCBhbm90aGVyIHN0aWNraW5nIHBsYXN0ZXIgZm9yIHguNTA5LiBUaGF0IHNhaWQsIEkgZG8gZ2V0 IHRoYXQgcGVvcGxlIGludmVzdGVkIGluIHguNTA5LWJhc2VkIFBLSSBtYXkgcmVhc29uYWJseSBw cmVmZXIgbGVzcy1jaGFuZ2UgdG8gbW9yZS1jaGFuZ2UsIEkganVzdCB0aGluayB3ZSBtYXkgYmUg c2FkIGlmIHdlIG1pc3MgYW5vdGhlciBvcHBvcnR1bml0eSB0byBtb3ZlIG9uIGxlYXZpbmcgYmVo aW5kIHNvbWUgb2YgdGhpcyAxOTgwJ3MgYmFnZ2FnZS4NCg0KQ2hlZXJzLA0KUy4NCg0KPiANCj4g T25lIG1pZ2h0IHRoaW5rIHdlIGhhdmUgcGxlbnR5IG9mIHRpbWUsIGdpdmVuIHRoYXQgUmVhbCBR dWFudHVtIA0KPiBDb21wdXRlcnMgYXJlLCBtb3JlIHRoYW4gbGlrZWx5LCBtb3JlIHRoYW4gMTAg eWVhcnMgYXdheSwgYW5kIGV2ZW4gDQo+IG9uY2UgeW91IGhhdmUgb25lLCB5b3UgY2Fubm90IHVz ZSB5b3VyIFF1YW50dW0gQ29tcHV0ZXIgdG8gYnJlYWsgdGhlIA0KPiBhdXRoZW50aWNhdGlvbiBv ZiByZWNvcmRlZCBjb252ZXJzYXRpb25zLg0KPiANCj4gT24gdGhlIG90aGVyIGhhbmQsIGF1dGhl bnRpY2F0aW9uIGFsc28gYnJpbmdzIGluIGFkZGl0aW9uYWwgaXNzdWVzOyANCj4gaW5zdGVhZCBv ZiBoYXZpbmcgYSB0d28gcGFydHkgc3lzdGVtICh3aGVyZSBhcyBsb25nIGFzIGJvdGggdGhlIGNs aWVudCANCj4gYW5kIHRoZSBzZXJ2ZXIgc3VwcG9ydCBhIHBvc3RxdWFudHVtIGFsZ29yaXRobSwg dGhleSBjYW4gbmVnb3RpYXRlIA0KPiBpdCksIHdlIG5vdyBoYXZlIGFuIChhdCBsZWFzdCkgdGhy ZWUgcGFydHkgc3lzdGVtLCB0aGUgY2xpZW50LCB0aGUgDQo+IHNlcnZlciwgYW5kIHRoZSBDQS4g IHRoaXMgYWRkaXRpb25hbCBwYXJ0eSBtYWtlcyB0aGUgdXBncmFkZSBwYXRoIG1vcmUgDQo+IGNv bXBsaWNhdGVkLiAgU28sIHdoaWxlIHdlIGhhdmUgbW9yZSB0aW1lLCB3ZSBtYXkgbmVlZCBpdC4N Cj4gDQo+IEkgZG9u4oCZdCB0aGluayBpdOKAmXMgdG9vIGVhcmx5IHRvIHN0YXJ0IHRoaW5raW5n IGFib3V0IHRoZSBpc3N1ZXMuLg0KPiANCj4gRnJvbTogU2VjZGlzcGF0Y2ggPHNlY2Rpc3BhdGNo LWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBEci4NCj4gUGFsYSBTZW50OiBUaHVyc2Rh eSwgU2VwdGVtYmVyIDEyLCAyMDE5IDEwOjM5IEFNIFRvOg0KPiBzZWNkaXNwYXRjaEBpZXRmLm9y ZyBTdWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVudCBmb3IgDQo+IHBv c3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0aG0gUEtJDQo+IA0KPiANCj4gSGkgU2VjRGlzcGF0Y2gs IE1pa2UsDQo+IA0KPiBPdXIgaW5kdXN0cnkgKENhYmxlKSBpcyB3b3JraW5nIG9uIHRoaXMgcHJv YmxlbSBhbHJlYWR5IC0gc29tZSBvZiBvdXIgDQo+IG1lbWJlcnMgaGF2ZSBzdGFydGVkIGludmVz dGlnYXRpbmcgZmV3IHRoaW5ncyBpbiB0aGUgcG9zdC1xdWFudHVtIA0KPiBmaWVsZCBhbmQgaW4g cGFydGljdWxhciBob3cgdG8gcHJvdGVjdCBvdXIgUEtJcyBpbiB0aGlzIHVuY2VydGFpbiANCj4g ZW52aXJvbm1lbnQuDQo+IA0KPiBXaXRoIGZldyBiaWxsaW9ucyBjZXJ0aWZpY2F0ZXMgaXNzdWVk IGFjcm9zcyB0aGUgaW5kdXN0cnksIHdlIGhlYXZpbHkgDQo+IHJlbHkgb24gY2VydGlmaWNhdGVz IGZvciBkZXZpY2UgYXV0aGVudGljYXRpb24gYW5kLCB0aGVyZWZvcmUsIHdlIG5lZWQgDQo+IHRv IHdvcmsgb24gYSBzb2x1dGlvbiB0b2RheS4NCj4gDQo+IEZvciB1cywgdGhlIHVzZSBvZiBDb21w b3NpdGUgQ3J5cHRvIGlzIHF1aXRlIGFuIGludGVyZXN0aW5nIHBhdGggdG8gDQo+IHB1cnN1ZSBi ZWNhdXNlIGl0IHByb3ZpZGVzIGFuIGVhc3kgd2F5IHRvIHByb3RlY3QgdG9kYXkgb3VyIFBLSXMg DQo+IGFnYWluc3QgdGhlIGZhY3Rvcml6YXRpb24gdGhyZWF0IChub3Qgb25seSBjZXJ0aWZpY2F0 ZXMsIGJ1dCBhbGwgdGhlIA0KPiBkYXRhIHN0cnVjdHVyZXMgZm9yIFBLSVgpIHRodXMgYWxsb3dp bmcgdG8gdmVyaWZ5IHRoZSBhdXRoZW50aWNhdGlvbiANCj4gd2l0aCBQb3N0LVF1YW50dW0gYWxn b3JpdGhtcyB3aGVuIHdlIHdpbGwgbmVlZCB0byBtYWtlIHRoZSBzd2l0Y2ggDQo+IChkZWZlcnJl ZCBBbGdvcml0aG0gQWdpbGl0eSkuDQo+IA0KPiBXZSBpbnRlbmQgdG8gc3VwcG9ydCB0aGlzIGlk ZWEgYW5kIGFjdGl2ZWx5IGRlcGxveSBpdCBmb3Igb3VyIFBLSXMgYW5kIA0KPiBldmVudHVhbGx5 IGV4cGFuZCB0aGUgYWRvcHRpb24gb2YgdGhpcyBhcHByb2FjaCBpbiBvdGhlciBlbnZpcm9ubWVu dHMgDQo+IHdlIGFyZSBlbmdhZ2VkIGluIChlLmcuLCBtZWRpY2FsIGRldmljZXMsIGNlbGx1bGFy IG5ldHdvcmtzLCBXaUZpIA0KPiBBbGxpYW5jZSBhbmQgV0JBLCBldGMuKQ0KPiANCj4gTG9va2lu ZyBmb3J3YXJkIHRvIGZpbmQgYSBnb29kIGhvbWUgZm9yIHRoaXMgcHJvamVjdCB3aXRoaW4gdGhl IElFVEYNCj4gLSBhIHNpbXBsZSBidXQgcG93ZXJmdWwgdG9vbCBmb3Igb3VyICJQS0kgdG9vbGJv eGVzIg0KPiANCj4gQ2hlZXJzLCBNYXgNCj4gDQo+IA0KPiANCj4gSGkgU2VjRGlzcGF0Y2gsDQo+ IA0KPiANCj4gDQo+IFRoaXMgZ290IGJvdW5jZWQgaGVyZSBmcm9tIExBTVBTIGJlY2F1c2UgdGhl IHNjb3BlIGlzIHBvdGVudGlhbGx5IG1vcmUgDQo+IHRoYW4gYSAibGltaXRlZCIgcGtpeCBjaGFu Z2UsIGFuZCBiZWNhdXNlIHRoaXMgbmVlZHMgbXVsdGktV0cgDQo+IHZpc2liaWxpdHkgdG8gZGVj aWRlIG9uIGEgY2F0ZWdvcnkgb2Ygc29sdXRpb24uDQo+IA0KPiANCj4gDQo+IA0KPiANCj4gDQo+ IA0KPiBCYWNrZ3JvdW5kIC8gaGlzdG9yeQ0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4g DQo+IA0KPiANCj4gVGhlIFBvc3QtUXVhbnR1bSBjb21tdW5pdHkgKGZvciBleGFtcGxlLCBzdXJy b3VuZGluZyB0aGUgTklTVCBQUUMgDQo+IGNvbXBldGl0aW9uKSwgaXMgcHVzaGluZyBmb3IgImh5 YnJpZGl6ZWQiIGNyeXB0byB0aGF0IGNvbWJpbmVzIFJTQS9FQ0MgDQo+IHdpdGggbmV3IHByaW1p dGl2ZXMgaW4gb3JkZXIgdG8gaGVkZ2Ugb3VyIGJldHMgYWdhaW5zdCBib3RoIHF1YW50dW0gDQo+ IGFkdmVyc2FyaWVzLCBhbmQgYWxzbyBhbGdvcml0aG1pYyAvIG1hdGhlbWF0aWNhbCBicmVha3Mg b2YgdGhlIG5ldyANCj4gcHJpbWl0aXZlcy4NCj4gDQo+IA0KPiANCj4gDQo+IA0KPiBBIHllYXIg YW5kIGEgaGFsZiBhZ28sIGEgZHJhZnQgd2FzIHB1dCB0byBMQU1QUyBmb3IgcHV0dGluZyBQUSBw dWJsaWMgDQo+IGtleSBhbmQgc2lnbmF0dXJlcyBpbnRvIFguNTA5djMgZXh0ZW5zaW9ucy4gVGhp cyBkcmFmdCBoYXMgYmVlbiANCj4gYWxsb3dlZCB0byBleHBpcmUsIGJ1dCBpcyBiZWluZyBwdXJz dWVkIGF0IHRoZSBJVFUuDQo+IA0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9k cmFmdC10cnVza292c2t5LWxhbXBzLXBxLWh5YnJpZC14NTA5DQo+IC8NCj4NCj4gDQo+IA0KPiAN Cj4gDQo+IA0KPiBFYXJsaWVyIHRoaXMgeWVhciwgYSBuZXcgZHJhZnQgd2FzIHB1dCB0byBMQU1Q UyBmb3IgZGVmaW5pbmcgDQo+ICJjb21wb3NpdGUiIHB1YmxpYyBrZXkgYW5kIHNpZ25hdHVyZSBh bGdvcml0aG1zIHRoYXQsIGVzc2VudGlhbGx5LCANCj4gY29uY2F0ZW5hdGUgbXVsdGlwbGUgY3J5 cHRvIGFsZ29yaXRobXMgaW50byBhIHNpbmdsZSBrZXkgb3Igc2lnbmF0dXJlIA0KPiBvY3RldCBz dHJpbmcuIFRoaXMgZHJhZnQgc3RhbGxlZCBpbiBMQU1QUyBvdmVyIHdoZXRoZXIgaXQgaXMgdGhl IA0KPiBjb3JyZWN0IG92ZXJhbGwgYXBwcm9hY2guDQo+IA0KPiBodHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnL2RvYy9kcmFmdC1vdW5zd29ydGgtcHEtY29tcG9zaXRlLXNpZ3MvDQo+IA0KPiAN Cj4gDQo+IA0KPiANCj4gTm93IEknbSB0YWtpbmcgYSBzdGVwIGJhY2sgYW5kIHN1Ym1pdHRpbmcg YSBkcmFmdCB0aGF0IGFjdHMgYXMgYSANCj4gc2VtaS1mb3JtYWwgcHJvYmxlbSBzdGF0ZW1lbnQs IGFuZCBhbiBvdmVydmlldyBvZiB0aGUgdGhyZWUgbWFpbiANCj4gY2F0ZWdvcmllcyBvZiBzb2x1 dGlvbnMuDQo+IA0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1wcS1w a2l4LXByb2JsZW0tc3RhdGVtZW50Lw0KPiANCj4gDQo+IA0KPiANCj4gDQo+IA0KPiANCj4gDQo+ IA0KPiBNeSBPcGluaW9uDQo+IA0KPiAtLS0tLS0tLS0tDQo+IA0KPiANCj4gDQo+IFBlcnNvbmFs bHksIEknbSBmYWlybHkgYWdub3N0aWMgdG8gdGhlIGNob3NlbiBzb2x1dGlvbiwgYnV0IGZlZWwg dGhhdCANCj4gd2UgbmVlZCBzb21lIGtpbmQgb2Ygc3RhbmRhcmQocykgYXJvdW5kIHRoZSBwb3N0 LXF1YW50dW0gdHJhbnNpdGlvbiANCj4gZm9yIGNlcnRpZmljYXRlcyBhbmQgUEtJLiBQZXJzb25h bGx5LCBJIGZlZWwgdGhhdCBDb21wb3NpdGUgaXMgbWF0dXJlIA0KPiBlbm91Z2ggYXMgYW4gaWRl YSB0byBzdGFuZGFyZGl6ZSBhcyBhIHRvb2wgaW4gb3VyIHRvb2xib3ggZm9yIGNvbnRleHRzIA0K PiB3aGVyZSBpdCBtYWtlcyBzZW5zZSwgZXZlbiBpZiBhIGRpZmZlcmVudCBtZWNoYW5pc20gaXMg cHJlZmVycmVkIGZvciANCj4gVExTIGFuZCBJUFNFQy9JS0UuDQo+IA0KPiANCj4gDQo+IA0KPiAN Cj4gDQo+IA0KPiANCj4gDQo+IFJlcXVlc3RlZCBhY3Rpb24gZnJvbSBTRUNESVNQQVRDSA0KPiAN Cj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiANCj4gDQo+IDEuIEZl ZWRiYWNrIG9uIHRoZSBwcm9ibGVtIHN0YXRlbWVudCBkcmFmdC4NCj4gaHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcHEtcGtpeC1wcm9ibGVtLXN0YXRlbWVudC8NCj4gDQo+ IA0KPiANCj4gMi4gRGlzY3Vzc2lvbiBvZiBob3cgdG8gcHJvZ3Jlc3MgdGhpcy4NCj4gDQo+IA0K PiANCj4gDQo+IA0KPiANCj4gDQo+IA0KPiANCj4gUFMgSSdtIGEgbmV3IElFVEYnZXIsIHBsZWFz ZSBiZSBnZW50bGUgOlANCj4gDQo+IA0KPiANCj4gVGhhbmtzLA0KPiANCj4gLSAtIC0NCj4gDQo+ IE1pa2UgT3Vuc3dvcnRoIHwgU29mdHdhcmUgU2VjdXJpdHkgQXJjaGl0ZWN0DQo+IA0KPiBFbnRy dXN0IERhdGFjYXJkDQo+IA0KPiAtLSBCZXN0IFJlZ2FyZHMsIE1hc3NpbWlsaWFubyBQYWxhLCBQ aC5ELiBPcGVuQ0EgTGFicyBEaXJlY3RvciBbT3BlbkNBIA0KPiBMb2dvXQ0KPiANCj4gDQo+IF9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fIFNlY2Rpc3BhdGNo IG1haWxpbmcgDQo+IGxpc3QgU2VjZGlzcGF0Y2hAaWV0Zi5vcmcgDQo+IGh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCj4gDQo= From nobody Thu Sep 12 13:05:22 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692DF120018 for ; Thu, 12 Sep 2019 13:05:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJKELfdhd-gd for ; Thu, 12 Sep 2019 13:05:17 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4CF412021C for ; Thu, 12 Sep 2019 13:05:14 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 26CCCBE4D; Thu, 12 Sep 2019 21:05:12 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVjOYszutYEP; Thu, 12 Sep 2019 21:05:09 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 8ECD7BE2E; Thu, 12 Sep 2019 21:05:09 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568318709; bh=1Yw7svky4mK7mxS8+L7RIl1vnV4MO4ecwCEyFDpa7Ck=; h=Subject:To:References:From:Date:In-Reply-To:From; b=CE8f5P7xh0Fw2HUaDq2+6zVo5EQX7LDLSKkqdh02rkQ1F7Nzsum0zgaLIK23MAMO7 nosrzaT0lDvptNUl74YYC9d1tjVVOmzC71kLTJM06jwLPJto3weUU1BxMnkGMlvOr+ uh/TRqQDoaVGe3qvramPmQjxB5w36mmZX6IqCXjI= To: Mike Ounsworth , "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" References: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Thu, 12 Sep 2019 21:05:07 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="82ywOlqk8iIwETKCvCzUL7M9aPl8NMhZb" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 20:05:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --82ywOlqk8iIwETKCvCzUL7M9aPl8NMhZb Content-Type: multipart/mixed; boundary="nWDhXC5V7X9jVBpAPPfYvJyrEhw51Hhmf"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" Message-ID: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI References: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> In-Reply-To: --nWDhXC5V7X9jVBpAPPfYvJyrEhw51Hhmf Content-Type: multipart/mixed; boundary="------------41D04A69DF0DCBE6DF16FAD7" Content-Language: en-GB This is a multi-part message in MIME format. --------------41D04A69DF0DCBE6DF16FAD7 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 12/09/2019 20:47, Mike Ounsworth wrote: > Hi Stephen, >=20 > That's an exciting solution space that's orthogonal to the ones that > I wrote up in my Problem Statement draft. Do you have some concretes > on what such a "replace X.509" proposal might look like? I don't. In an IETF context/discussion though, I might start from looking at how acme accounts are handled or how assertions are being handled using e.g. cose. I think the encoding of the assertions is easy enough. Figuring out what assertions to encode is where the work'd be. For example, is the offline CA model even worth bothering with? Maybe encouraging multiple independent assertions is better than trying to encapsulate all the verifier needs into one blob? Etc. One thing that'd be a MUST in my little head would be making anything like notAfter be optional. But no, I don't have a worked-out proposal and nor do I know if others would like to work on that. > I suggest that even with full support for such a proposal, it would > still make sense to standardize a "less change to the 1980s baggage" > so that existing systems have something they can do in the short > term.=20 What short-term problem is there? (That needs solving.) And what'd stop this sticking plaster from blocking any other mechanisms get deployed as has happened to date with x.509? Doing sufficiently better than x.509 to displace x.509 in a classical context has turned out to be too hard, despite a couple of attempts. It's not that x.509 is ultra-terrible (it's only mediocre-terrible:-) but once something is in place then a new thing has to be sufficiently better to displace that. So there's a real opportunity cost to the path you're suggesting I reckon. > Speaking as a PKI vendor, this is starting to be an > uncomfortably hot issue with our customers who are deploying 20 year > lifetime devices and want post-quantum protection on them like now > with like no code changes. New algorithms =3D> new code. Transition from 1 key =3D> >1 key means new code. I don't see how "no new code" is relevant here. And I can see ways in which minimising the amount of new code might lead to a higher liklihood of vulnerabilities. > So exactly as you say "people invested in x.509-based PKI may > reasonably prefer less-change to more-change" :P Sure. I don't think there's anything wrong with you proposing what you're proposing. I just think that doing that would be heading about 180 degrees in the wrong direction:-) Cheers, S. >=20 > - - - Mike Ounsworth | Office: +1 (613) 270-2873 >=20 > -----Original Message----- From: Secdispatch > On Behalf Of Stephen Farrell Sent: > Thursday, September 12, 2019 2:28 PM To: Scott Fluhrer (sfluhrer) > ; Dr. Pala ; > secdispatch@ietf.org Subject: [EXTERNAL]Re: [Secdispatch] Problem > statement for post-quantum multi-algorithm PKI >=20 >=20 > Hiya, >=20 > On 12/09/2019 20:08, Scott Fluhrer (sfluhrer) wrote: >> I agree that this is an important problem to solve. >=20 > Depending, on the "this," I agree or disagree:-) >=20 > Discussion of how to get what PKI offers in a world where current > asymmetric algorithms might be weak and where quantum-resistant, but > new, algorithms are emerging, is an excellent topic to start to > consider. >=20 > I also think it seems a bit mad to consider x.509 as the main thing > to consider so I'm not at all keen on seeing this problem space as > being one where all we need is yet another sticking plaster for > x.509. That said, I do get that people invested in x.509-based PKI > may reasonably prefer less-change to more-change, I just think we may > be sad if we miss another opportunity to move on leaving behind some > of this 1980's baggage. >=20 > Cheers, S. >=20 >>=20 >> One might think we have plenty of time, given that Real Quantum=20 >> Computers are, more than likely, more than 10 years away, and even >> once you have one, you cannot use your Quantum Computer to break >> the authentication of recorded conversations. >>=20 >> On the other hand, authentication also brings in additional issues; >> instead of having a two party system (where as long as both the >> client and the server support a postquantum algorithm, they can >> negotiate it), we now have an (at least) three party system, the >> client, the server, and the CA. this additional party makes the >> upgrade path more complicated. So, while we have more time, we may >> need it. >>=20 >> I don=E2=80=99t think it=E2=80=99s too early to start thinking about t= he issues.. >>=20 >> From: Secdispatch On Behalf Of Dr.=20 >> Pala Sent: Thursday, September 12, 2019 10:39 AM To:=20 >> secdispatch@ietf.org Subject: Re: [Secdispatch] Problem statement >> for post-quantum multi-algorithm PKI >>=20 >>=20 >> Hi SecDispatch, Mike, >>=20 >> Our industry (Cable) is working on this problem already - some of >> our members have started investigating few things in the >> post-quantum field and in particular how to protect our PKIs in >> this uncertain environment. >>=20 >> With few billions certificates issued across the industry, we >> heavily rely on certificates for device authentication and, >> therefore, we need to work on a solution today. >>=20 >> For us, the use of Composite Crypto is quite an interesting path to >> pursue because it provides an easy way to protect today our PKIs=20 >> against the factorization threat (not only certificates, but all >> the data structures for PKIX) thus allowing to verify the >> authentication with Post-Quantum algorithms when we will need to >> make the switch (deferred Algorithm Agility). >>=20 >> We intend to support this idea and actively deploy it for our PKIs >> and eventually expand the adoption of this approach in other >> environments we are engaged in (e.g., medical devices, cellular >> networks, WiFi Alliance and WBA, etc.) >>=20 >> Looking forward to find a good home for this project within the >> IETF - a simple but powerful tool for our "PKI toolboxes" >>=20 >> Cheers, Max >>=20 >>=20 >>=20 >> Hi SecDispatch, >>=20 >>=20 >>=20 >> This got bounced here from LAMPS because the scope is potentially >> more than a "limited" pkix change, and because this needs multi-WG >> visibility to decide on a category of solution. >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> Background / history >>=20 >> -------------------- >>=20 >>=20 >>=20 >> The Post-Quantum community (for example, surrounding the NIST PQC=20 >> competition), is pushing for "hybridized" crypto that combines >> RSA/ECC with new primitives in order to hedge our bets against both >> quantum adversaries, and also algorithmic / mathematical breaks of >> the new primitives. >>=20 >>=20 >>=20 >>=20 >>=20 >> A year and a half ago, a draft was put to LAMPS for putting PQ >> public key and signatures into X.509v3 extensions. This draft has >> been allowed to expire, but is being pursued at the ITU. >>=20 >> https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509= >> >>=20 / >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> Earlier this year, a new draft was put to LAMPS for defining=20 >> "composite" public key and signature algorithms that, essentially, >> concatenate multiple crypto algorithms into a single key or >> signature octet string. This draft stalled in LAMPS over whether it >> is the correct overall approach. >>=20 >> https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ >> >> >> >> >> >> >>=20 Now I'm taking a step back and submitting a draft that acts as a >> semi-formal problem statement, and an overview of the three main=20 >> categories of solutions. >>=20 >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> My Opinion >>=20 >> ---------- >>=20 >>=20 >>=20 >> Personally, I'm fairly agnostic to the chosen solution, but feel >> that we need some kind of standard(s) around the post-quantum >> transition for certificates and PKI. Personally, I feel that >> Composite is mature enough as an idea to standardize as a tool in >> our toolbox for contexts where it makes sense, even if a different >> mechanism is preferred for TLS and IPSEC/IKE. >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> Requested action from SECDISPATCH >>=20 >> --------------------------------- >>=20 >>=20 >>=20 >> 1. Feedback on the problem statement draft.=20 >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >>=20 >>=20 >>=20 >> 2. Discussion of how to progress this. >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> PS I'm a new IETF'er, please be gentle :P >>=20 >>=20 >>=20 >> Thanks, >>=20 >> - - - >>=20 >> Mike Ounsworth | Software Security Architect >>=20 >> Entrust Datacard >>=20 >> -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director >> [OpenCA Logo] >>=20 >>=20 >> _______________________________________________ Secdispatch mailing >> list Secdispatch@ietf.org=20 >> https://www.ietf.org/mailman/listinfo/secdispatch >>=20 > _______________________________________________ Secdispatch mailing > list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------41D04A69DF0DCBE6DF16FAD7 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------41D04A69DF0DCBE6DF16FAD7-- --nWDhXC5V7X9jVBpAPPfYvJyrEhw51Hhmf-- --82ywOlqk8iIwETKCvCzUL7M9aPl8NMhZb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl16pPQACgkQWrL68XsX K+pFxRAA0HMDLQ/oTsZhckAMNAjZKToqk7Q+wpU45gXkzg7898Yn45itl3wJooAE PRZ+TCW59QUpAqz6BEgGQ8xkQ0wEQpGhTAYC62pCtpgOEilOtqVaGGJ2VoabRqJj Pws7foZVWRgAFibRc0uHxTFVOjvfrl4nZE8N3tyXgEeM6dm+1WQ9Imj+2K4+gDVv /zrWaixYP94Fa8EYO+kqdYWaa/7Y7YUbr/YIHcWCcpJscGFJI1mzXFHK+d55AHw6 SmRva+sA/K12nqQuTEV2Byza9zWhAbiKlHdcgvlxB3O9b0D0FnVZKb1NgOSYjfQt mTSMnQNQhdefXoRbTSBFuk8AdA1z8/nm1/i7SoPZYC5XdpIZjnitnIhojxJcnHOn B05iKLnD+qKbkWwgd3zbevoI8g9bvDuN59kUMDiM6cezriguto77it0T85ei6idv zF1KD4cXMERsuA4Vk77TjC/Cvc/ZykVsi3P46Y1CFIrGBGmgL6iNnbr3Ay+YwooM N/BzYsEQpxYNbz40AMTrZG5xbA0CNJjWvGtyd4GsbHPqAj1o+N4Z/oTkf+fK3Dh5 q/d5orlcrTU5nlgUBnxG5xOYfvywrqfYKz+R+OTxM+6WGXu8FwST1bdYEMQCw5ZG wN4JTuKjJyuyvI1Ij2opZyEJodtAjV7BSSKuwX03C+piplsU00w= =IZ2O -----END PGP SIGNATURE----- --82ywOlqk8iIwETKCvCzUL7M9aPl8NMhZb-- From nobody Thu Sep 12 13:14:16 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78A6812001B for ; Thu, 12 Sep 2019 13:14:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJCz-7AXNjyx for ; Thu, 12 Sep 2019 13:14:10 -0700 (PDT) Received: from esa1.isaracorp.com (esa1.isaracorp.com [207.107.152.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0195120018 for ; Thu, 12 Sep 2019 13:14:09 -0700 (PDT) IronPort-SDR: apOXzwe6uPUnGAwkA09GC5wbFuqBDZ2N4Cni43++lh9kxWGNY71WSNuDepyLq5bYjYkpcn5gPz e5KqBqLoQDfm65kpccteIQww+RuR5l5QeYvWkAV/mL5siMyyH4OlRjOxyaKD2CQC0VUNaOTUlw 8VgJAhCmTVrC7mpW4LxGFVAkPOTlCM7l1ggoRqLnuq01VVqWAL1b9vqD1wDOXumN2mV1xiA0xE NWcaWi0sAX3zq+Lkwl/UX3pxM7ZUu3EgAvuX0pFLKyuXKRQN1hTgRgHwNZZquy8KQcI7uMMSpb SaM= Received: from unknown (HELO V0501WEXGPR01.isaracorp.com) ([10.5.8.20]) by ip1.isaracorp.com with ESMTP; 12 Sep 2019 20:13:55 +0000 Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR02.isaracorp.com (10.5.9.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1779.2; Thu, 12 Sep 2019 16:14:57 -0400 Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1779.002; Thu, 12 Sep 2019 16:14:57 -0400 From: Daniel Van Geest To: Mike Ounsworth , Stephen Farrell , "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaaMJ/6jQAETZZ0yqoTJT6GRHFqcoeeuA Date: Thu, 12 Sep 2019 20:14:57 +0000 Message-ID: <9A0D239F-B81B-4324-A66D-B652B63E9CED@isara.com> References: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> In-Reply-To: Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.31.5.52] Content-Type: multipart/alternative; boundary="_000_9A0D239FB81B4324A66DB652B63E9CEDisaracom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2019 20:14:12 -0000 --_000_9A0D239FB81B4324A66DB652B63E9CEDisaracom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksDQoNCk9uIDIwMTktMDktMTIsIDM6NDggUE0sICJTZWNkaXNwYXRjaCBvbiBiZWhhbGYgb2Yg TWlrZSBPdW5zd29ydGgiIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpzZWNk aXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBvbiBiZWhhbGYgb2YgTWlrZS5PdW5zd29ydGhAZW50 cnVzdGRhdGFjYXJkLmNvbTxtYWlsdG86TWlrZS5PdW5zd29ydGhAZW50cnVzdGRhdGFjYXJkLmNv bT4+IHdyb3RlOg0KDQpIaSBTdGVwaGVuLA0KDQpUaGF0J3MgYW4gZXhjaXRpbmcgc29sdXRpb24g c3BhY2UgdGhhdCdzIG9ydGhvZ29uYWwgdG8gdGhlIG9uZXMgdGhhdCBJIHdyb3RlIHVwIGluIG15 IFByb2JsZW0gU3RhdGVtZW50IGRyYWZ0LiBEbyB5b3UgaGF2ZSBzb21lIGNvbmNyZXRlcyBvbiB3 aGF0IHN1Y2ggYSAicmVwbGFjZSBYLjUwOSIgcHJvcG9zYWwgbWlnaHQgbG9vayBsaWtlPw0KDQpJ IHN1Z2dlc3QgdGhhdCBldmVuIHdpdGggZnVsbCBzdXBwb3J0IGZvciBzdWNoIGEgcHJvcG9zYWws IGl0IHdvdWxkIHN0aWxsIG1ha2Ugc2Vuc2UgdG8gc3RhbmRhcmRpemUgYSAibGVzcyBjaGFuZ2Ug dG8gdGhlIDE5ODBzIGJhZ2dhZ2UiIHNvIHRoYXQgZXhpc3Rpbmcgc3lzdGVtcyBoYXZlIHNvbWV0 aGluZyB0aGV5IGNhbiBkbyBpbiB0aGUgc2hvcnQgdGVybS4gU3BlYWtpbmcgYXMgYSBQS0kgdmVu ZG9yLCB0aGlzIGlzIHN0YXJ0aW5nIHRvIGJlIGFuIHVuY29tZm9ydGFibHkgaG90IGlzc3VlIHdp dGggb3VyIGN1c3RvbWVycyB3aG8gYXJlIGRlcGxveWluZyAyMCB5ZWFyIGxpZmV0aW1lIGRldmlj ZXMgYW5kIHdhbnQgcG9zdC1xdWFudHVtIHByb3RlY3Rpb24gb24gdGhlbSBsaWtlIG5vdyB3aXRo IGxpa2Ugbm8gY29kZSBjaGFuZ2VzLg0KDQpTbyBleGFjdGx5IGFzIHlvdSBzYXkgInBlb3BsZSBp bnZlc3RlZCBpbiB4LjUwOS1iYXNlZCBQS0kgbWF5IHJlYXNvbmFibHkgcHJlZmVyIGxlc3MtY2hh bmdlIHRvIG1vcmUtY2hhbmdlIiA6UA0KDQorMS4gIFdl4oCZdmUgaGVhcmQgZnJvbSBvcmdhbml6 YXRpb25zIGludGVyZXN0ZWQgaW4gdG9vbHMgbGlrZSB0aGVzZSBidXQgZnJvbSBhIOKAnHdlIHN0 aWxsIGhhdmVu4oCZdCBmaW5pc2hlZCB0aGUgRUNEU0EgbWlncmF0aW9uIHlldOKAnSBwZXJzcGVj dGl2ZS4gIEluZXJ0aWEgbWF5IG5vdCBiZSB0aGUgYmVzdCByZWFzb24gdG8gcHVyc3VlIGFuIGlk ZWEsIGJ1dCBJIHRoaW5rIHRoZXJlIGlzIGRlbWFuZCBmb3IgYSBzb2x1dGlvbiB3aXRoaW4gWC41 MDkuDQoNCk5vdCB0aGF0IHdlIHNob3VsZG7igJl0IGFsc28gdGFrZSB0aGlzIG9wcG9ydHVuaXR5 IHRvIGRvIHRoaW5ncyByaWdodCBmb3IgdGhvc2UgYWJsZSB0byBhZGFwdCBtb3JlIHJhcGlkbHks IHNvIHRoYXQgdGhleSBjYW4gZHJvcCB0aGUgMTk4MHMgYmFnZ2FnZSAoYW5kIG5vdCBzYWRkbGUg dGhlbXNlbHZlcyB3aXRoIG5ldyAyMDIwcyBiYWdnYWdlIGFzIHdlbGwgOi0pICkuICBJdCBpcyBh biBlaXRoZXIvb3IgcHJvcG9zaXRpb24/ICBJZiBpdOKAmXMg4oCcYm90aOKAnSwgaXMgdGhlcmUg ZGVzaXJlIHRvIGFjdHVhbGx5IHdvcmsgb24gYm90aCwgb3Igd2lsbCBvbmUgaW5ldml0YWJseSBl bmQgdXAgY29uc3VtaW5nIGFsbCB0aGUgaW50ZXJlc3QvcmVzb3VyY2VzPw0KDQpEYW5pZWwNCg0K LSAtIC0NCk1pa2UgT3Vuc3dvcnRoIHwgT2ZmaWNlOiArMSAoNjEzKSAyNzAtMjg3Mw0KDQotLS0t LU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU2VjZGlzcGF0Y2ggPHNlY2Rpc3BhdGNoLWJv dW5jZXNAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+PiBPbiBC ZWhhbGYgT2YgU3RlcGhlbiBGYXJyZWxsDQpTZW50OiBUaHVyc2RheSwgU2VwdGVtYmVyIDEyLCAy MDE5IDI6MjggUE0NClRvOiBTY290dCBGbHVocmVyIChzZmx1aHJlcikgPHNmbHVocmVyQGNpc2Nv LmNvbTxtYWlsdG86c2ZsdWhyZXJAY2lzY28uY29tPj47IERyLiBQYWxhIDxtYWR3b2xmQG9wZW5j YS5vcmc8bWFpbHRvOm1hZHdvbGZAb3BlbmNhLm9yZz4+OyBzZWNkaXNwYXRjaEBpZXRmLm9yZzxt YWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmc+DQpTdWJqZWN0OiBbRVhURVJOQUxdUmU6IFtTZWNk aXNwYXRjaF0gUHJvYmxlbSBzdGF0ZW1lbnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0 aG0gUEtJDQoNCg0KSGl5YSwNCg0KT24gMTIvMDkvMjAxOSAyMDowOCwgU2NvdHQgRmx1aHJlciAo c2ZsdWhyZXIpIHdyb3RlOg0KSSBhZ3JlZSB0aGF0IHRoaXMgaXMgYW4gaW1wb3J0YW50IHByb2Js ZW0gdG8gc29sdmUuDQoNCkRlcGVuZGluZywgb24gdGhlICJ0aGlzLCIgSSBhZ3JlZSBvciBkaXNh Z3JlZTotKQ0KDQpEaXNjdXNzaW9uIG9mIGhvdyB0byBnZXQgd2hhdCBQS0kgb2ZmZXJzIGluIGEg d29ybGQgd2hlcmUgY3VycmVudCBhc3ltbWV0cmljIGFsZ29yaXRobXMgbWlnaHQgYmUgd2VhayBh bmQgd2hlcmUgcXVhbnR1bS1yZXNpc3RhbnQsIGJ1dCBuZXcsIGFsZ29yaXRobXMgYXJlIGVtZXJn aW5nLCBpcyBhbiBleGNlbGxlbnQgdG9waWMgdG8gc3RhcnQgdG8gY29uc2lkZXIuDQoNCkkgYWxz byB0aGluayBpdCBzZWVtcyBhIGJpdCBtYWQgdG8gY29uc2lkZXIgeC41MDkgYXMgdGhlIG1haW4g dGhpbmcgdG8gY29uc2lkZXIgc28gSSdtIG5vdCBhdCBhbGwga2VlbiBvbiBzZWVpbmcgdGhpcyBw cm9ibGVtIHNwYWNlIGFzIGJlaW5nIG9uZSB3aGVyZSBhbGwgd2UgbmVlZCBpcyB5ZXQgYW5vdGhl ciBzdGlja2luZyBwbGFzdGVyIGZvciB4LjUwOS4gVGhhdCBzYWlkLCBJIGRvIGdldCB0aGF0IHBl b3BsZSBpbnZlc3RlZCBpbiB4LjUwOS1iYXNlZCBQS0kgbWF5IHJlYXNvbmFibHkgcHJlZmVyIGxl c3MtY2hhbmdlIHRvIG1vcmUtY2hhbmdlLCBJIGp1c3QgdGhpbmsgd2UgbWF5IGJlIHNhZCBpZiB3 ZSBtaXNzIGFub3RoZXIgb3Bwb3J0dW5pdHkgdG8gbW92ZSBvbiBsZWF2aW5nIGJlaGluZCBzb21l IG9mIHRoaXMgMTk4MCdzIGJhZ2dhZ2UuDQoNCkNoZWVycywNClMuDQoNCk9uZSBtaWdodCB0aGlu ayB3ZSBoYXZlIHBsZW50eSBvZiB0aW1lLCBnaXZlbiB0aGF0IFJlYWwgUXVhbnR1bQ0KQ29tcHV0 ZXJzIGFyZSwgbW9yZSB0aGFuIGxpa2VseSwgbW9yZSB0aGFuIDEwIHllYXJzIGF3YXksIGFuZCBl dmVuDQpvbmNlIHlvdSBoYXZlIG9uZSwgeW91IGNhbm5vdCB1c2UgeW91ciBRdWFudHVtIENvbXB1 dGVyIHRvIGJyZWFrIHRoZQ0KYXV0aGVudGljYXRpb24gb2YgcmVjb3JkZWQgY29udmVyc2F0aW9u cy4NCk9uIHRoZSBvdGhlciBoYW5kLCBhdXRoZW50aWNhdGlvbiBhbHNvIGJyaW5ncyBpbiBhZGRp dGlvbmFsIGlzc3VlczsNCmluc3RlYWQgb2YgaGF2aW5nIGEgdHdvIHBhcnR5IHN5c3RlbSAod2hl cmUgYXMgbG9uZyBhcyBib3RoIHRoZSBjbGllbnQNCmFuZCB0aGUgc2VydmVyIHN1cHBvcnQgYSBw b3N0cXVhbnR1bSBhbGdvcml0aG0sIHRoZXkgY2FuIG5lZ290aWF0ZQ0KaXQpLCB3ZSBub3cgaGF2 ZSBhbiAoYXQgbGVhc3QpIHRocmVlIHBhcnR5IHN5c3RlbSwgdGhlIGNsaWVudCwgdGhlDQpzZXJ2 ZXIsIGFuZCB0aGUgQ0EuICB0aGlzIGFkZGl0aW9uYWwgcGFydHkgbWFrZXMgdGhlIHVwZ3JhZGUg cGF0aCBtb3JlDQpjb21wbGljYXRlZC4gIFNvLCB3aGlsZSB3ZSBoYXZlIG1vcmUgdGltZSwgd2Ug bWF5IG5lZWQgaXQuDQpJIGRvbuKAmXQgdGhpbmsgaXTigJlzIHRvbyBlYXJseSB0byBzdGFydCB0 aGlua2luZyBhYm91dCB0aGUgaXNzdWVzLi4NCkZyb206IFNlY2Rpc3BhdGNoIDxzZWNkaXNwYXRj aC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPj4g T24gQmVoYWxmIE9mIERyLg0KUGFsYSBTZW50OiBUaHVyc2RheSwgU2VwdGVtYmVyIDEyLCAyMDE5 IDEwOjM5IEFNIFRvOg0Kc2VjZGlzcGF0Y2hAaWV0Zi5vcmc8bWFpbHRvOnNlY2Rpc3BhdGNoQGll dGYub3JnPiBTdWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVudCBmb3IN CnBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0aG0gUEtJDQpIaSBTZWNEaXNwYXRjaCwgTWlrZSwN Ck91ciBpbmR1c3RyeSAoQ2FibGUpIGlzIHdvcmtpbmcgb24gdGhpcyBwcm9ibGVtIGFscmVhZHkg LSBzb21lIG9mIG91cg0KbWVtYmVycyBoYXZlIHN0YXJ0ZWQgaW52ZXN0aWdhdGluZyBmZXcgdGhp bmdzIGluIHRoZSBwb3N0LXF1YW50dW0NCmZpZWxkIGFuZCBpbiBwYXJ0aWN1bGFyIGhvdyB0byBw cm90ZWN0IG91ciBQS0lzIGluIHRoaXMgdW5jZXJ0YWluDQplbnZpcm9ubWVudC4NCldpdGggZmV3 IGJpbGxpb25zIGNlcnRpZmljYXRlcyBpc3N1ZWQgYWNyb3NzIHRoZSBpbmR1c3RyeSwgd2UgaGVh dmlseQ0KcmVseSBvbiBjZXJ0aWZpY2F0ZXMgZm9yIGRldmljZSBhdXRoZW50aWNhdGlvbiBhbmQs IHRoZXJlZm9yZSwgd2UgbmVlZA0KdG8gd29yayBvbiBhIHNvbHV0aW9uIHRvZGF5Lg0KRm9yIHVz LCB0aGUgdXNlIG9mIENvbXBvc2l0ZSBDcnlwdG8gaXMgcXVpdGUgYW4gaW50ZXJlc3RpbmcgcGF0 aCB0bw0KcHVyc3VlIGJlY2F1c2UgaXQgcHJvdmlkZXMgYW4gZWFzeSB3YXkgdG8gcHJvdGVjdCB0 b2RheSBvdXIgUEtJcw0KYWdhaW5zdCB0aGUgZmFjdG9yaXphdGlvbiB0aHJlYXQgKG5vdCBvbmx5 IGNlcnRpZmljYXRlcywgYnV0IGFsbCB0aGUNCmRhdGEgc3RydWN0dXJlcyBmb3IgUEtJWCkgdGh1 cyBhbGxvd2luZyB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2F0aW9uDQp3aXRoIFBvc3QtUXVhbnR1 bSBhbGdvcml0aG1zIHdoZW4gd2Ugd2lsbCBuZWVkIHRvIG1ha2UgdGhlIHN3aXRjaA0KKGRlZmVy cmVkIEFsZ29yaXRobSBBZ2lsaXR5KS4NCldlIGludGVuZCB0byBzdXBwb3J0IHRoaXMgaWRlYSBh bmQgYWN0aXZlbHkgZGVwbG95IGl0IGZvciBvdXIgUEtJcyBhbmQNCmV2ZW50dWFsbHkgZXhwYW5k IHRoZSBhZG9wdGlvbiBvZiB0aGlzIGFwcHJvYWNoIGluIG90aGVyIGVudmlyb25tZW50cw0Kd2Ug YXJlIGVuZ2FnZWQgaW4gKGUuZy4sIG1lZGljYWwgZGV2aWNlcywgY2VsbHVsYXIgbmV0d29ya3Ms IFdpRmkNCkFsbGlhbmNlIGFuZCBXQkEsIGV0Yy4pDQpMb29raW5nIGZvcndhcmQgdG8gZmluZCBh IGdvb2QgaG9tZSBmb3IgdGhpcyBwcm9qZWN0IHdpdGhpbiB0aGUgSUVURg0KLSBhIHNpbXBsZSBi dXQgcG93ZXJmdWwgdG9vbCBmb3Igb3VyICJQS0kgdG9vbGJveGVzIg0KQ2hlZXJzLCBNYXgNCkhp IFNlY0Rpc3BhdGNoLA0KVGhpcyBnb3QgYm91bmNlZCBoZXJlIGZyb20gTEFNUFMgYmVjYXVzZSB0 aGUgc2NvcGUgaXMgcG90ZW50aWFsbHkgbW9yZQ0KdGhhbiBhICJsaW1pdGVkIiBwa2l4IGNoYW5n ZSwgYW5kIGJlY2F1c2UgdGhpcyBuZWVkcyBtdWx0aS1XRw0KdmlzaWJpbGl0eSB0byBkZWNpZGUg b24gYSBjYXRlZ29yeSBvZiBzb2x1dGlvbi4NCkJhY2tncm91bmQgLyBoaXN0b3J5DQotLS0tLS0t LS0tLS0tLS0tLS0tLQ0KVGhlIFBvc3QtUXVhbnR1bSBjb21tdW5pdHkgKGZvciBleGFtcGxlLCBz dXJyb3VuZGluZyB0aGUgTklTVCBQUUMNCmNvbXBldGl0aW9uKSwgaXMgcHVzaGluZyBmb3IgImh5 YnJpZGl6ZWQiIGNyeXB0byB0aGF0IGNvbWJpbmVzIFJTQS9FQ0MNCndpdGggbmV3IHByaW1pdGl2 ZXMgaW4gb3JkZXIgdG8gaGVkZ2Ugb3VyIGJldHMgYWdhaW5zdCBib3RoIHF1YW50dW0NCmFkdmVy c2FyaWVzLCBhbmQgYWxzbyBhbGdvcml0aG1pYyAvIG1hdGhlbWF0aWNhbCBicmVha3Mgb2YgdGhl IG5ldw0KcHJpbWl0aXZlcy4NCkEgeWVhciBhbmQgYSBoYWxmIGFnbywgYSBkcmFmdCB3YXMgcHV0 IHRvIExBTVBTIGZvciBwdXR0aW5nIFBRIHB1YmxpYw0Ka2V5IGFuZCBzaWduYXR1cmVzIGludG8g WC41MDl2MyBleHRlbnNpb25zLiBUaGlzIGRyYWZ0IGhhcyBiZWVuDQphbGxvd2VkIHRvIGV4cGly ZSwgYnV0IGlzIGJlaW5nIHB1cnN1ZWQgYXQgdGhlIElUVS4NCmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LXRydXNrb3Zza3ktbGFtcHMtcHEtaHlicmlkLXg1MDkNCi8NCg0K RWFybGllciB0aGlzIHllYXIsIGEgbmV3IGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIGRlZmlu aW5nDQoiY29tcG9zaXRlIiBwdWJsaWMga2V5IGFuZCBzaWduYXR1cmUgYWxnb3JpdGhtcyB0aGF0 LCBlc3NlbnRpYWxseSwNCmNvbmNhdGVuYXRlIG11bHRpcGxlIGNyeXB0byBhbGdvcml0aG1zIGlu dG8gYSBzaW5nbGUga2V5IG9yIHNpZ25hdHVyZQ0Kb2N0ZXQgc3RyaW5nLiBUaGlzIGRyYWZ0IHN0 YWxsZWQgaW4gTEFNUFMgb3ZlciB3aGV0aGVyIGl0IGlzIHRoZQ0KY29ycmVjdCBvdmVyYWxsIGFw cHJvYWNoLg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtb3Vuc3dvcnRo LXBxLWNvbXBvc2l0ZS1zaWdzLw0KTm93IEknbSB0YWtpbmcgYSBzdGVwIGJhY2sgYW5kIHN1Ym1p dHRpbmcgYSBkcmFmdCB0aGF0IGFjdHMgYXMgYQ0Kc2VtaS1mb3JtYWwgcHJvYmxlbSBzdGF0ZW1l bnQsIGFuZCBhbiBvdmVydmlldyBvZiB0aGUgdGhyZWUgbWFpbg0KY2F0ZWdvcmllcyBvZiBzb2x1 dGlvbnMuDQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1wcS1wa2l4LXBy b2JsZW0tc3RhdGVtZW50Lw0KTXkgT3Bpbmlvbg0KLS0tLS0tLS0tLQ0KUGVyc29uYWxseSwgSSdt IGZhaXJseSBhZ25vc3RpYyB0byB0aGUgY2hvc2VuIHNvbHV0aW9uLCBidXQgZmVlbCB0aGF0DQp3 ZSBuZWVkIHNvbWUga2luZCBvZiBzdGFuZGFyZChzKSBhcm91bmQgdGhlIHBvc3QtcXVhbnR1bSB0 cmFuc2l0aW9uDQpmb3IgY2VydGlmaWNhdGVzIGFuZCBQS0kuIFBlcnNvbmFsbHksIEkgZmVlbCB0 aGF0IENvbXBvc2l0ZSBpcyBtYXR1cmUNCmVub3VnaCBhcyBhbiBpZGVhIHRvIHN0YW5kYXJkaXpl IGFzIGEgdG9vbCBpbiBvdXIgdG9vbGJveCBmb3IgY29udGV4dHMNCndoZXJlIGl0IG1ha2VzIHNl bnNlLCBldmVuIGlmIGEgZGlmZmVyZW50IG1lY2hhbmlzbSBpcyBwcmVmZXJyZWQgZm9yDQpUTFMg YW5kIElQU0VDL0lLRS4NClJlcXVlc3RlZCBhY3Rpb24gZnJvbSBTRUNESVNQQVRDSA0KLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoxLiBGZWVkYmFjayBvbiB0aGUgcHJvYmxlbSBz dGF0ZW1lbnQgZHJhZnQuDQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1w cS1wa2l4LXByb2JsZW0tc3RhdGVtZW50Lw0KMi4gRGlzY3Vzc2lvbiBvZiBob3cgdG8gcHJvZ3Jl c3MgdGhpcy4NClBTIEknbSBhIG5ldyBJRVRGJ2VyLCBwbGVhc2UgYmUgZ2VudGxlIDpQDQpUaGFu a3MsDQotIC0gLQ0KTWlrZSBPdW5zd29ydGggfCBTb2Z0d2FyZSBTZWN1cml0eSBBcmNoaXRlY3QN CkVudHJ1c3QgRGF0YWNhcmQNCi0tIEJlc3QgUmVnYXJkcywgTWFzc2ltaWxpYW5vIFBhbGEsIFBo LkQuIE9wZW5DQSBMYWJzIERpcmVjdG9yIFtPcGVuQ0ENCkxvZ29dDQpfX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXyBTZWNkaXNwYXRjaCBtYWlsaW5nDQpsaXN0 IFNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4NCmh0dHBz Oi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTZWNkaXNwYXRjaCBtYWlsaW5n IGxpc3QNClNlY2Rpc3BhdGNoQGlldGYub3JnPG1haWx0bzpTZWNkaXNwYXRjaEBpZXRmLm9yZz4N Cmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg0K --_000_9A0D239FB81B4324A66DB652B63E9CEDisaracom_ Content-Type: text/html; charset="utf-8" Content-ID: <03442B7C4B07B448B720ABFD7299134A@isara.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIu MHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk U2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLUNBIiBsaW5r PSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5IaSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi PjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5PbiAyMDE5LTA5LTEyLCAzOjQ4IFBNLCAmcXVv dDtTZWNkaXNwYXRjaCBvbiBiZWhhbGYgb2YgTWlrZSBPdW5zd29ydGgmcXVvdDsgJmx0OzxhIGhy ZWY9Im1haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnIj5zZWNkaXNwYXRjaC1ib3Vu Y2VzQGlldGYub3JnPC9hPiBvbiBiZWhhbGYgb2YNCjxhIGhyZWY9Im1haWx0bzpNaWtlLk91bnN3 b3J0aEBlbnRydXN0ZGF0YWNhcmQuY29tIj5NaWtlLk91bnN3b3J0aEBlbnRydXN0ZGF0YWNhcmQu Y29tPC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9 Im1hcmdpbi1sZWZ0OjM2LjBwdCI+SGkgU3RlcGhlbiw8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+VGhhdCdzIGFuIGV4Y2l0aW5nIHNvbHV0aW9uIHNw YWNlIHRoYXQncyBvcnRob2dvbmFsIHRvIHRoZSBvbmVzIHRoYXQgSSB3cm90ZSB1cCBpbiBteSBQ cm9ibGVtIFN0YXRlbWVudCBkcmFmdC4gRG8geW91IGhhdmUgc29tZSBjb25jcmV0ZXMgb24gd2hh dCBzdWNoIGEgJnF1b3Q7cmVwbGFjZSBYLjUwOSZxdW90OyBwcm9wb3NhbCBtaWdodCBsb29rIGxp a2U/PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkkg c3VnZ2VzdCB0aGF0IGV2ZW4gd2l0aCBmdWxsIHN1cHBvcnQgZm9yIHN1Y2ggYSBwcm9wb3NhbCwg aXQgd291bGQgc3RpbGwgbWFrZSBzZW5zZSB0byBzdGFuZGFyZGl6ZSBhICZxdW90O2xlc3MgY2hh bmdlIHRvIHRoZSAxOTgwcyBiYWdnYWdlJnF1b3Q7IHNvIHRoYXQgZXhpc3Rpbmcgc3lzdGVtcyBo YXZlIHNvbWV0aGluZyB0aGV5IGNhbiBkbyBpbiB0aGUgc2hvcnQgdGVybS4gU3BlYWtpbmcNCiBh cyBhIFBLSSB2ZW5kb3IsIHRoaXMgaXMgc3RhcnRpbmcgdG8gYmUgYW4gdW5jb21mb3J0YWJseSBo b3QgaXNzdWUgd2l0aCBvdXIgY3VzdG9tZXJzIHdobyBhcmUgZGVwbG95aW5nIDIwIHllYXIgbGlm ZXRpbWUgZGV2aWNlcyBhbmQgd2FudCBwb3N0LXF1YW50dW0gcHJvdGVjdGlvbiBvbiB0aGVtIGxp a2Ugbm93IHdpdGggbGlrZSBubyBjb2RlIGNoYW5nZXMuPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48 bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPlNvIGV4YWN0bHkgYXMgeW91IHNheSAmcXVvdDtw ZW9wbGUgaW52ZXN0ZWQgaW4geC41MDktYmFzZWQgUEtJIG1heSByZWFzb25hYmx5IHByZWZlciBs ZXNzLWNoYW5nZSB0byBtb3JlLWNoYW5nZSZxdW90OyA6UDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mIzQzOzEuJm5ic3A7 IFdl4oCZdmUgaGVhcmQgZnJvbSBvcmdhbml6YXRpb25zIGludGVyZXN0ZWQgaW4gdG9vbHMgbGlr ZSB0aGVzZSBidXQgZnJvbSBhIOKAnHdlIHN0aWxsIGhhdmVu4oCZdCBmaW5pc2hlZCB0aGUgRUNE U0EgbWlncmF0aW9uIHlldOKAnSBwZXJzcGVjdGl2ZS4mbmJzcDsgSW5lcnRpYSBtYXkgbm90IGJl IHRoZSBiZXN0IHJlYXNvbiB0byBwdXJzdWUgYW4gaWRlYSwgYnV0IEkgdGhpbmsgdGhlcmUgaXMg ZGVtYW5kIGZvciBhIHNvbHV0aW9uDQogd2l0aGluIFguNTA5LjxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj5Ob3QgdGhhdCB3ZSBzaG91bGRu4oCZdCBhbHNvIHRha2UgdGhpcyBvcHBvcnR1bml0eSB0 byBkbyB0aGluZ3MgcmlnaHQgZm9yIHRob3NlIGFibGUgdG8gYWRhcHQgbW9yZSByYXBpZGx5LCBz byB0aGF0IHRoZXkgY2FuIGRyb3AgdGhlIDE5ODBzIGJhZ2dhZ2UgKGFuZCBub3Qgc2FkZGxlIHRo ZW1zZWx2ZXMgd2l0aCBuZXcgMjAyMHMgYmFnZ2FnZSBhcyB3ZWxsIDotKSApLiZuYnNwOyBJdCBp cyBhbiBlaXRoZXIvb3IgcHJvcG9zaXRpb24/Jm5ic3A7DQogSWYgaXTigJlzIOKAnGJvdGjigJ0s IGlzIHRoZXJlIGRlc2lyZSB0byBhY3R1YWxseSB3b3JrIG9uIGJvdGgsIG9yIHdpbGwgb25lIGlu ZXZpdGFibHkgZW5kIHVwIGNvbnN1bWluZyBhbGwgdGhlIGludGVyZXN0L3Jlc291cmNlcz88bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+RGFuaWVsPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0gLSAtPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij5NaWtlIE91bnN3b3J0aCB8IE9mZmljZTogJiM0MzsxICg2MTMpIDI3MC0yODczPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0tLS0tT3Jp Z2luYWwgTWVzc2FnZS0tLS0tPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5Gcm9tOiBTZWNkaXNwYXRj aCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmciPnNlY2Rp c3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBPbiBCZWhhbGYgT2YgU3RlcGhlbiBGYXJy ZWxsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5TZW50OiBUaHVyc2RheSwgU2VwdGVtYmVyIDEyLCAy MDE5IDI6MjggUE08bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPlRvOiBTY290dCBGbHVocmVyIChzZmx1 aHJlcikgJmx0OzxhIGhyZWY9Im1haWx0bzpzZmx1aHJlckBjaXNjby5jb20iPnNmbHVocmVyQGNp c2NvLmNvbTwvYT4mZ3Q7OyBEci4gUGFsYSAmbHQ7PGEgaHJlZj0ibWFpbHRvOm1hZHdvbGZAb3Bl bmNhLm9yZyI+bWFkd29sZkBvcGVuY2Eub3JnPC9hPiZndDs7DQo8YSBocmVmPSJtYWlsdG86c2Vj ZGlzcGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoQGlldGYub3JnPC9hPjxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjM2LjBwdCI+U3ViamVjdDogW0VYVEVSTkFMXVJlOiBbU2VjZGlzcGF0Y2hdIFByb2JsZW0gc3Rh dGVtZW50IGZvciBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBLSTxvOnA+PC9vOnA+PC9w Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPkhpeWEsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPk9uIDEyLzA5LzIwMTkgMjA6MDgsIFNjb3R0IEZsdWhyZXIgKHNmbHVocmVyKSB3 cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpu b25lO2JvcmRlci1sZWZ0OnNvbGlkICNCNUM0REYgNC41cHQ7cGFkZGluZzowY20gMGNtIDBjbSA0 LjBwdDttYXJnaW4tbGVmdDozLjc1cHQ7bWFyZ2luLXJpZ2h0OjBjbSIgaWQ9Ik1BQ19PVVRMT09L X0FUVFJJQlVUSU9OX0JMT0NLUVVPVEUiPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkkgYWdyZWUgdGhhdCB0aGlzIGlzIGFuIGltcG9ydGFu dCBwcm9ibGVtIHRvIHNvbHZlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5EZXBlbmRpbmcsIG9uIHRoZSAmcXVvdDt0aGlz LCZxdW90OyBJIGFncmVlIG9yIGRpc2FncmVlOi0pPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkRpc2N1c3Npb24gb2YgaG93IHRvIGdldCB3aGF0IFBL SSBvZmZlcnMgaW4gYSB3b3JsZCB3aGVyZSBjdXJyZW50IGFzeW1tZXRyaWMgYWxnb3JpdGhtcyBt aWdodCBiZSB3ZWFrIGFuZCB3aGVyZSBxdWFudHVtLXJlc2lzdGFudCwgYnV0IG5ldywgYWxnb3Jp dGhtcyBhcmUgZW1lcmdpbmcsIGlzIGFuIGV4Y2VsbGVudCB0b3BpYyB0byBzdGFydCB0byBjb25z aWRlci48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ SSBhbHNvIHRoaW5rIGl0IHNlZW1zIGEgYml0IG1hZCB0byBjb25zaWRlciB4LjUwOSBhcyB0aGUg bWFpbiB0aGluZyB0byBjb25zaWRlciBzbyBJJ20gbm90IGF0IGFsbCBrZWVuIG9uIHNlZWluZyB0 aGlzIHByb2JsZW0gc3BhY2UgYXMgYmVpbmcgb25lIHdoZXJlIGFsbCB3ZSBuZWVkIGlzIHlldCBh bm90aGVyIHN0aWNraW5nIHBsYXN0ZXIgZm9yIHguNTA5LiBUaGF0DQogc2FpZCwgSSBkbyBnZXQg dGhhdCBwZW9wbGUgaW52ZXN0ZWQgaW4geC41MDktYmFzZWQgUEtJIG1heSByZWFzb25hYmx5IHBy ZWZlciBsZXNzLWNoYW5nZSB0byBtb3JlLWNoYW5nZSwgSSBqdXN0IHRoaW5rIHdlIG1heSBiZSBz YWQgaWYgd2UgbWlzcyBhbm90aGVyIG9wcG9ydHVuaXR5IHRvIG1vdmUgb24gbGVhdmluZyBiZWhp bmQgc29tZSBvZiB0aGlzIDE5ODAncyBiYWdnYWdlLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86 cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5DaGVlcnMsPG86cD48L286cD48L3A+DQo8L2Rpdj4N CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5T LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxi bG9ja3F1b3RlIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCAjQjVDNERGIDQu NXB0O3BhZGRpbmc6MGNtIDBjbSAwY20gNC4wcHQ7bWFyZ2luLWxlZnQ6My43NXB0O21hcmdpbi1y aWdodDowY20iIGlkPSJNQUNfT1VUTE9PS19BVFRSSUJVVElPTl9CTE9DS1FVT1RFIj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5PbmUgbWln aHQgdGhpbmsgd2UgaGF2ZSBwbGVudHkgb2YgdGltZSwgZ2l2ZW4gdGhhdCBSZWFsIFF1YW50dW0N CjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5 bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Q29tcHV0ZXJzIGFyZSwgbW9yZSB0aGFuIGxpa2VseSwg bW9yZSB0aGFuIDEwIHllYXJzIGF3YXksIGFuZCBldmVuDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQi Pm9uY2UgeW91IGhhdmUgb25lLCB5b3UgY2Fubm90IHVzZSB5b3VyIFF1YW50dW0gQ29tcHV0ZXIg dG8gYnJlYWsgdGhlDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmF1dGhlbnRpY2F0aW9uIG9mIHJl Y29yZGVkIGNvbnZlcnNhdGlvbnMuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5PbiB0aGUgb3RoZXIg aGFuZCwgYXV0aGVudGljYXRpb24gYWxzbyBicmluZ3MgaW4gYWRkaXRpb25hbCBpc3N1ZXM7DQo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPmluc3RlYWQgb2YgaGF2aW5nIGEgdHdvIHBhcnR5IHN5c3Rl bSAod2hlcmUgYXMgbG9uZyBhcyBib3RoIHRoZSBjbGllbnQNCjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBw dCI+YW5kIHRoZSBzZXJ2ZXIgc3VwcG9ydCBhIHBvc3RxdWFudHVtIGFsZ29yaXRobSwgdGhleSBj YW4gbmVnb3RpYXRlDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPml0KSwgd2Ugbm93IGhhdmUgYW4g KGF0IGxlYXN0KSB0aHJlZSBwYXJ0eSBzeXN0ZW0sIHRoZSBjbGllbnQsIHRoZQ0KPG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij5zZXJ2ZXIsIGFuZCB0aGUgQ0EuJm5ic3A7Jm5ic3A7dGhpcyBhZGRpdGlv bmFsIHBhcnR5IG1ha2VzIHRoZSB1cGdyYWRlIHBhdGggbW9yZQ0KPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYu MHB0Ij5jb21wbGljYXRlZC4mbmJzcDsmbmJzcDtTbywgd2hpbGUgd2UgaGF2ZSBtb3JlIHRpbWUs IHdlIG1heSBuZWVkIGl0LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+SSBkb27igJl0IHRoaW5rIGl0 4oCZcyB0b28gZWFybHkgdG8gc3RhcnQgdGhpbmtpbmcgYWJvdXQgdGhlIGlzc3Vlcy4uPG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWxlZnQ6MzYuMHB0Ij5Gcm9tOiBTZWNkaXNwYXRjaCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNl Y2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmciPnNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc8 L2E+Jmd0OyBPbiBCZWhhbGYgT2YgRHIuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5QYWxhIFNlbnQ6 IFRodXJzZGF5LCBTZXB0ZW1iZXIgMTIsIDIwMTkgMTA6MzkgQU0gVG86PG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij48YSBocmVmPSJtYWlsdG86c2VjZGlzcGF0Y2hAaWV0Zi5vcmciPnNlY2Rpc3BhdGNo QGlldGYub3JnPC9hPiBTdWJqZWN0OiBSZTogW1NlY2Rpc3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVu dCBmb3INCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+cG9zdC1xdWFudHVtIG11bHRpLWFsZ29yaXRo bSBQS0k8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkhpIFNlY0Rpc3BhdGNoLCBNaWtlLDxvOnA+PC9v OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdp bi1sZWZ0OjM2LjBwdCI+T3VyIGluZHVzdHJ5IChDYWJsZSkgaXMgd29ya2luZyBvbiB0aGlzIHBy b2JsZW0gYWxyZWFkeSAtIHNvbWUgb2Ygb3VyDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPm1lbWJl cnMgaGF2ZSBzdGFydGVkIGludmVzdGlnYXRpbmcgZmV3IHRoaW5ncyBpbiB0aGUgcG9zdC1xdWFu dHVtDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmZpZWxkIGFuZCBpbiBwYXJ0aWN1bGFyIGhvdyB0 byBwcm90ZWN0IG91ciBQS0lzIGluIHRoaXMgdW5jZXJ0YWluDQo8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPmVudmlyb25tZW50LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+V2l0aCBmZXcgYmlsbGlvbnMg Y2VydGlmaWNhdGVzIGlzc3VlZCBhY3Jvc3MgdGhlIGluZHVzdHJ5LCB3ZSBoZWF2aWx5DQo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDozNi4wcHQiPnJlbHkgb24gY2VydGlmaWNhdGVzIGZvciBkZXZpY2UgYXV0aGVu dGljYXRpb24gYW5kLCB0aGVyZWZvcmUsIHdlIG5lZWQNCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ dG8gd29yayBvbiBhIHNvbHV0aW9uIHRvZGF5LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2 Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Rm9yIHVz LCB0aGUgdXNlIG9mIENvbXBvc2l0ZSBDcnlwdG8gaXMgcXVpdGUgYW4gaW50ZXJlc3RpbmcgcGF0 aCB0bw0KPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5wdXJzdWUgYmVjYXVzZSBpdCBwcm92aWRlcyBh biBlYXN5IHdheSB0byBwcm90ZWN0IHRvZGF5IG91ciBQS0lzDQo8bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPmFnYWluc3QgdGhlIGZhY3Rvcml6YXRpb24gdGhyZWF0IChub3Qgb25seSBjZXJ0aWZpY2F0 ZXMsIGJ1dCBhbGwgdGhlDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmRhdGEgc3RydWN0dXJlcyBm b3IgUEtJWCkgdGh1cyBhbGxvd2luZyB0byB2ZXJpZnkgdGhlIGF1dGhlbnRpY2F0aW9uDQo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDozNi4wcHQiPndpdGggUG9zdC1RdWFudHVtIGFsZ29yaXRobXMgd2hlbiB3ZSB3 aWxsIG5lZWQgdG8gbWFrZSB0aGUgc3dpdGNoDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPihkZWZl cnJlZCBBbGdvcml0aG0gQWdpbGl0eSkuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5XZSBpbnRlbmQg dG8gc3VwcG9ydCB0aGlzIGlkZWEgYW5kIGFjdGl2ZWx5IGRlcGxveSBpdCBmb3Igb3VyIFBLSXMg YW5kDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmV2ZW50dWFsbHkgZXhwYW5kIHRoZSBhZG9wdGlv biBvZiB0aGlzIGFwcHJvYWNoIGluIG90aGVyIGVudmlyb25tZW50cw0KPG86cD48L286cD48L3A+ DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij53ZSBhcmUgZW5nYWdlZCBpbiAoZS5nLiwgbWVkaWNhbCBkZXZpY2VzLCBjZWxsdWxh ciBuZXR3b3JrcywgV2lGaQ0KPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5BbGxpYW5jZSBhbmQgV0JB LCBldGMuKTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+TG9va2luZyBmb3J3YXJkIHRvIGZpbmQgYSBn b29kIGhvbWUgZm9yIHRoaXMgcHJvamVjdCB3aXRoaW4gdGhlIElFVEY8bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPi0gYSBzaW1wbGUgYnV0IHBvd2VyZnVsIHRvb2wgZm9yIG91ciAmcXVvdDtQS0kgdG9v bGJveGVzJnF1b3Q7PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5DaGVlcnMsIE1heDxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+SGkgU2VjRGlzcGF0Y2gsPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5UaGlzIGdv dCBib3VuY2VkIGhlcmUgZnJvbSBMQU1QUyBiZWNhdXNlIHRoZSBzY29wZSBpcyBwb3RlbnRpYWxs eSBtb3JlDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPnRoYW4gYSAmcXVvdDtsaW1pdGVkJnF1b3Q7 IHBraXggY2hhbmdlLCBhbmQgYmVjYXVzZSB0aGlzIG5lZWRzIG11bHRpLVdHDQo8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPnZpc2liaWxpdHkgdG8gZGVjaWRlIG9uIGEgY2F0ZWdvcnkgb2Ygc29sdXRp b24uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5CYWNrZ3JvdW5kIC8gaGlzdG9yeTxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+LS0tLS0tLS0tLS0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPlRo ZSBQb3N0LVF1YW50dW0gY29tbXVuaXR5IChmb3IgZXhhbXBsZSwgc3Vycm91bmRpbmcgdGhlIE5J U1QgUFFDDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmNvbXBldGl0aW9uKSwgaXMgcHVzaGluZyBm b3IgJnF1b3Q7aHlicmlkaXplZCZxdW90OyBjcnlwdG8gdGhhdCBjb21iaW5lcyBSU0EvRUNDDQo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPndpdGggbmV3IHByaW1pdGl2ZXMgaW4gb3JkZXIgdG8gaGVk Z2Ugb3VyIGJldHMgYWdhaW5zdCBib3RoIHF1YW50dW0NCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ YWR2ZXJzYXJpZXMsIGFuZCBhbHNvIGFsZ29yaXRobWljIC8gbWF0aGVtYXRpY2FsIGJyZWFrcyBv ZiB0aGUgbmV3DQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPnByaW1pdGl2ZXMuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij5BIHllYXIgYW5kIGEgaGFsZiBhZ28sIGEgZHJhZnQgd2FzIHB1dCB0byBMQU1Q UyBmb3IgcHV0dGluZyBQUSBwdWJsaWMNCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+a2V5IGFuZCBz aWduYXR1cmVzIGludG8gWC41MDl2MyBleHRlbnNpb25zLiBUaGlzIGRyYWZ0IGhhcyBiZWVuDQo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPmFsbG93ZWQgdG8gZXhwaXJlLCBidXQgaXMgYmVpbmcgcHVy c3VlZCBhdCB0aGUgSVRVLjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PGEgaHJlZj0iaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHJ1c2tvdnNreS1sYW1wcy1wcS1oeWJyaWQt eDUwOSI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHJ1c2tvdnNreS1s YW1wcy1wcS1oeWJyaWQteDUwOTwvYT48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi88bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+RWFybGllciB0aGlzIHll YXIsIGEgbmV3IGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIGRlZmluaW5nDQo8bzpwPjwvbzpw PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPiZxdW90O2NvbXBvc2l0ZSZxdW90OyBwdWJsaWMga2V5IGFuZCBzaWduYXR1 cmUgYWxnb3JpdGhtcyB0aGF0LCBlc3NlbnRpYWxseSwNCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+ DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ Y29uY2F0ZW5hdGUgbXVsdGlwbGUgY3J5cHRvIGFsZ29yaXRobXMgaW50byBhIHNpbmdsZSBrZXkg b3Igc2lnbmF0dXJlDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPm9jdGV0IHN0cmluZy4gVGhpcyBk cmFmdCBzdGFsbGVkIGluIExBTVBTIG92ZXIgd2hldGhlciBpdCBpcyB0aGUNCjxvOnA+PC9vOnA+ PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1s ZWZ0OjM2LjBwdCI+Y29ycmVjdCBvdmVyYWxsIGFwcHJvYWNoLjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBw dCI+PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtb3Vuc3dv cnRoLXBxLWNvbXBvc2l0ZS1zaWdzLyI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2Mv ZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdzLzwvYT48bzpwPjwvbzpwPjwvcD4NCjwv ZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPk5vdyBJJ20gdGFraW5nIGEgc3RlcCBiYWNrIGFuZCBzdWJtaXR0aW5nIGEgZHJhZnQgdGhh dCBhY3RzIGFzIGENCjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z b05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+c2VtaS1mb3JtYWwgcHJvYmxlbSBz dGF0ZW1lbnQsIGFuZCBhbiBvdmVydmlldyBvZiB0aGUgdGhyZWUgbWFpbg0KPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij5jYXRlZ29yaWVzIG9mIHNvbHV0aW9ucy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQi PjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgt cHJvYmxlbS1zdGF0ZW1lbnQvIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFm dC1wcS1wa2l4LXByb2JsZW0tc3RhdGVtZW50LzwvYT48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPk15 IE9waW5pb248bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPlBlcnNvbmFsbHksIEknbSBmYWlybHkgYWdub3N0aWMgdG8gdGhlIGNob3NlbiBzb2x1 dGlvbiwgYnV0IGZlZWwgdGhhdA0KPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij53ZSBuZWVkIHNvbWUg a2luZCBvZiBzdGFuZGFyZChzKSBhcm91bmQgdGhlIHBvc3QtcXVhbnR1bSB0cmFuc2l0aW9uDQo8 bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPmZvciBjZXJ0aWZpY2F0ZXMgYW5kIFBLSS4gUGVyc29uYWxs eSwgSSBmZWVsIHRoYXQgQ29tcG9zaXRlIGlzIG1hdHVyZQ0KPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0 Ij5lbm91Z2ggYXMgYW4gaWRlYSB0byBzdGFuZGFyZGl6ZSBhcyBhIHRvb2wgaW4gb3VyIHRvb2xi b3ggZm9yIGNvbnRleHRzDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPndoZXJlIGl0IG1ha2VzIHNl bnNlLCBldmVuIGlmIGEgZGlmZmVyZW50IG1lY2hhbmlzbSBpcyBwcmVmZXJyZWQgZm9yDQo8bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDozNi4wcHQiPlRMUyBhbmQgSVBTRUMvSUtFLjxvOnA+PC9vOnA+PC9wPg0KPC9k aXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBw dCI+UmVxdWVzdGVkIGFjdGlvbiBmcm9tIFNFQ0RJU1BBVENIPG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0 Ij4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4NCjwvZGl2 Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQi PjEuIEZlZWRiYWNrIG9uIHRoZSBwcm9ibGVtIHN0YXRlbWVudCBkcmFmdC48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1lbnQvIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC1wcS1wa2l4LXByb2JsZW0tc3RhdGVtZW50LzwvYT48bzpwPjwvbzpwPjwvcD4N CjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoz Ni4wcHQiPjIuIERpc2N1c3Npb24gb2YgaG93IHRvIHByb2dyZXNzIHRoaXMuPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij5QUyBJJ20gYSBuZXcgSUVURidlciwgcGxlYXNlIGJlIGdlbnRsZSA6UDxvOnA+ PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h cmdpbi1sZWZ0OjM2LjBwdCI+VGhhbmtzLDxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+LSAtIC08bzpw PjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJt YXJnaW4tbGVmdDozNi4wcHQiPk1pa2UgT3Vuc3dvcnRoIHwgU29mdHdhcmUgU2VjdXJpdHkgQXJj aGl0ZWN0PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5FbnRydXN0IERhdGFjYXJkPG86cD48L286cD48 L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxl ZnQ6MzYuMHB0Ij4tLSBCZXN0IFJlZ2FyZHMsIE1hc3NpbWlsaWFubyBQYWxhLCBQaC5ELiBPcGVu Q0EgTGFicyBEaXJlY3RvciBbT3BlbkNBDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkxvZ29dPG86 cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0i bWFyZ2luLWxlZnQ6MzYuMHB0Ij5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXyBTZWNkaXNwYXRjaCBtYWlsaW5nDQo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPmxp c3QgPGEgaHJlZj0ibWFpbHRvOlNlY2Rpc3BhdGNoQGlldGYub3JnIj4NClNlY2Rpc3BhdGNoQGll dGYub3JnPC9hPiA8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O b3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxhIGhyZWY9Imh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2giPmh0dHBzOi8vd3d3LmlldGYub3Jn L21haWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2g8L2E+PG86cD48L286cD48L3A+DQo8L2Rpdj4N CjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+U2VjZGlzcGF0Y2ggbWFpbGluZyBsaXN0PG86cD48 L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy Z2luLWxlZnQ6MzYuMHB0Ij48YSBocmVmPSJtYWlsdG86U2VjZGlzcGF0Y2hAaWV0Zi5vcmciPlNl Y2Rpc3BhdGNoQGlldGYub3JnPC9hPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+PGEgaHJlZj0iaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaCI+aHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZWNkaXNwYXRjaDwvYT48bzpwPjwvbzpwPjwv cD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVm dDozNi4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4N CjwvaHRtbD4NCg== --_000_9A0D239FB81B4324A66DB652B63E9CEDisaracom_-- From nobody Thu Sep 12 18:40:58 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0D6B120154 for ; Thu, 12 Sep 2019 18:40:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=OSahVxKN; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=PRWezEqn Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMD1G-ul8Ctq for ; Thu, 12 Sep 2019 18:40:53 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44E2C120090 for ; Thu, 12 Sep 2019 18:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12132; q=dns/txt; s=iport; t=1568338853; x=1569548453; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=c8cGysbqrJV4V00TNcParR6cJoOKr0JKPX47wC9/UcU=; b=OSahVxKNh8F/FYkB0adgnz42QBfRWacQWqysX4iMgrHXIpxKk/CVTmLO 6gnGQpgnG5I8N4ep1xoR5zhLMP6xOmf3id0vIrtxJ8WntMXoFPWUQUFr1 ISXxIvDNyyYnG9Z6EIfO7FOr+xZCGYMowew74HTmLU5WygPu0Q6cZusoO A=; IronPort-PHdr: =?us-ascii?q?9a23=3AkJ84aRUy3Ptvb1rjWRLlnEvEKCTV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtankiH81HTFZj9lmwMFNeH4D1YFiB6nA=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ANBgDG8npd/4gNJK1jAxwBAQEEAQE?= =?us-ascii?q?HBAEBgWeBRSQsA21WIAQLKoQhg0cDimtNgg9+lnKCUgNUCQEBAQwBARgLCgI?= =?us-ascii?q?BAYFLgi9FAheCRiM4EwIDCQEBBAEBAQIBBgRthS4MhUoBAQEBAgEBARAREQw?= =?us-ascii?q?BASwMBAcCAgIBCBEEAQEBAgImAgICFBELFQgIAgQBEggMBweDAYFqAw4PAQI?= =?us-ascii?q?MoBUCgTiIYXOBMoJ9AQEFgQYBP0GDAxiCFgMGBYEHKIo1gUMYgUA/gRFGghc?= =?us-ascii?q?1PoJhAQECAQGBNhEYFQomgkQygiaMYC8BAoIunB1uCoIhhwGFDYkEgjSHQI8?= =?us-ascii?q?WhEaJOYgEkGoCBAIEBQIOAQEFgWkhN4EIEQhwFTuCbIFJeQwXFYM6hRSFCAE?= =?us-ascii?q?2c4EpjCuCVAEB?= X-IronPort-AV: E=Sophos;i="5.64,499,1559520000"; d="scan'208";a="325199197" Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Sep 2019 01:40:51 +0000 Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x8D1epN8031371 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 13 Sep 2019 01:40:51 GMT Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Sep 2019 20:40:50 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 12 Sep 2019 21:40:49 -0400 Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 12 Sep 2019 20:40:49 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kYBnrLfKHuL2BOhMkojqqNVa2c5AZvU+Vcb1MZ9UTB3NBTVOfOUSQ9ykRNJ2L4vnOnJh6iKwTiOE7RFXvUvNX+2ftDhYJ2Slsrh1sufK8s08top865GeLBSkPGkLsAdi9H9xyCo7Fmw/5m6xwupDoriFRGfTKWU8qqTeBTHTjenDzBLrxO8oOiwxJdq9e1uUKI4qnGyp5STNcsN9H3hwPNvdGbNDvtDXM29b8aL7SNFuxPe04HMXZJH3EXNXDQIFMPx3K+9X5+q1NhwsAf0dlQsN5yvT0dvmGL8NMUexjE0PLSzqBdFHOHP/KkU6lM/AAOGNBIscvtLgW+7oE81UHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c8cGysbqrJV4V00TNcParR6cJoOKr0JKPX47wC9/UcU=; b=YUnvuJpxYnwLt+bCSYy3Tf26hGRK3obth1PHc2DrWoQl4Vxb1uIxPPKjU5nh/lbu8auLlM9JLzGCSAIDBtwZIhoRhQ4XKgFu2DvKzlXg1mM1kHWpIBacRzuAh4x8F5tq6r3d4F2X2msP3tYYoaTzKSToqEhtliYml5bRcF9CCLwq6Msl7QVDMRpTSf///9SAopGnNDQgKM62Nmmb6thGz6LpI9mY8RYv98Ik8YMFvjwHEJgUtKgqtz9suMMun2j1N42RA1RDCHwR1zQznPwkrZgouAsLDD3pYnW7bqlOJMHBuQ4vtl3HoVprt25i6gsUrNcgGN9RNIfh1C6aBeab5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c8cGysbqrJV4V00TNcParR6cJoOKr0JKPX47wC9/UcU=; b=PRWezEqnRTqZx1KBPNc9CzAkz5B0kvGPekVq6Rej6WmHgarHOTzTY2evXbsFqJYTuvcuTIQMHNEPjQ4CVMd+RWrsTTMmN/nNOxlFeA9NskvNNYhWXzjspg2RXr1G9i4lstDypL/kc4Iws03CM8ArVYxrdh2NgMM1NMOxat0KrGg= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2625.namprd11.prod.outlook.com (52.135.242.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17; Fri, 13 Sep 2019 01:40:48 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20%7]) with mapi id 15.20.2263.016; Fri, 13 Sep 2019 01:40:48 +0000 From: "Panos Kampanakis (pkampana)" To: Mike Ounsworth , Stephen Farrell , "Scott Fluhrer (sfluhrer)" , "Dr. Pala" , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaaLo3tFFwI2ExUmqy34JmS70Haco1O7w Date: Fri, 13 Sep 2019 01:40:47 +0000 Message-ID: References: <87ef491b-0faa-06b4-e0f4-61673cba3914@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1005::c3] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ea89238a-4709-4ba7-17c4-08d737eb66f3 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN7PR11MB2625; x-ms-traffictypediagnostic: BN7PR11MB2625: x-ms-exchange-purlcount: 4 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0159AC2B97 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(366004)(346002)(136003)(396003)(189003)(199004)(13464003)(2501003)(14454004)(446003)(6506007)(46003)(11346002)(76116006)(66556008)(6246003)(52536014)(53546011)(66476007)(561944003)(33656002)(76176011)(8936002)(2906002)(64756008)(966005)(186003)(66446008)(102836004)(66946007)(7696005)(53936002)(9686003)(256004)(8676002)(305945005)(5660300002)(478600001)(71200400001)(486006)(14444005)(6306002)(81166006)(55016002)(81156014)(99286004)(25786009)(6436002)(229853002)(74316002)(476003)(316002)(86362001)(45080400002)(110136005)(6116002)(71190400001)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2625; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: /7qshrMjpNWtmJIxHXzVNNxJQ1jXqBvL72poIm5wCFhGgGwnO1ss0LOK3S6A3/ujx/K6cNdbbf3YwEn55NGxQCpbZfcdE1lcgPrzILKDeXsJyQl2mUHQ1HxdcyiGq5E2MfOS3A6h/Scq2CTGzXVKxqTu7vfvpRaGwYQZ6fGwDvSLla1TAI4NamKQrVTYs7KTu7RTUTRCXUcwMso2wBfsADAEbnEYC4Dg8S/r1j5ROTFvK75OlGe0ceLdy6Re9RpsHsKXfhj+D64L0O+CtEv+MMLvxHmAXGGtK23g25ujei5TC2mK827YZbmAW09SWCUTsx/54kfQawWmQJIsHB/G6za89+j/IsO7mDdQLfUPI3RytFWlb0tlyH0Q5UxcXX+5Cq+z1QatBIZcy+qF/cMK+7mdioEbDUfpSegF5j/9zyw= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: ea89238a-4709-4ba7-17c4-08d737eb66f3 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2019 01:40:47.6736 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8mRVz/6sUjtz2UovHsRofACnp+nY+9FuOUu+MmW94jN4qUQUizc4pUuwC4DF7Iy2DpHUl9Mtbl6eB2zI+NfKbA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2625 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com X-Outbound-Node: alln-core-3.cisco.com Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 01:40:56 -0000 PiBJIGFsc28gdGhpbmsgaXQgc2VlbXMgYSBiaXQgbWFkIHRvIGNvbnNpZGVyIHguNTA5IGFzIHRo ZSBtYWluIHRoaW5nIHRvIGNvbnNpZGVyIHNvIEknbSBub3QgYXQgYWxsIGtlZW4gb24gc2VlaW5n IHRoaXMgcHJvYmxlbSBzcGFjZSBhcyBiZWluZyBvbmUgd2hlcmUgYWxsIHdlIG5lZWQgaXMgeWV0 IGFub3RoZXIgc3RpY2tpbmcgcGxhc3RlciBmb3IgeC41MDkuIFRoYXQgc2FpZCwgSSBkbyBnZXQg dGhhdCBwZW9wbGUgaW52ZXN0ZWQgaW4geC41MDktYmFzZWQgUEtJIG1heSByZWFzb25hYmx5IHBy ZWZlciBsZXNzLWNoYW5nZSB0byBtb3JlLWNoYW5nZSwgSSBqdXN0IHRoaW5rIHdlIG1heSBiZSBz YWQgaWYgd2UgbWlzcyBhbm90aGVyIG9wcG9ydHVuaXR5IHRvIG1vdmUgb24gbGVhdmluZyBiZWhp bmQgc29tZSBvZiB0aGlzIDE5ODAncyBiYWdnYWdlLg0KDQpYLjUwOS1iYXNlZCBQS0kgbWF5IHJl YXNvbmFibHkgcHJlZmVyIGxlc3MtY2hhbmdlIHRvIG1vcmUtY2hhbmdlLiBUaGF0IHdvdWxkIGJl IGFsbW9zdCBhbGwgdXNlY2FzZXMuIEkgYW0gbm90IHN1cmUgSSBjYW4gcmVhbGlzdGljYWxseSBl bnZpc2lvbiBhIFBRIHdvcmxkIHRoYXQgZG9lcyBhdXRoZW50aWNhdGlvbiBjb21wbGV0ZWx5IGRp ZmZlcmVudGx5IHRoYW4gaG93IHRoZSB3b3JsZCBoYXMgYmVlbiBkb2luZyBpdCBmb3IgZGVjYWRl cy4gDQoNCkJhc2VkIG9uIGRldGFpbGVkIGV4cGVyaW1lbnRzIChhbmQgYSBwYXBlciB0byBiZSBw dWJsaXNoZWQgc29vbikgSSBhbSBjb252aW5jZWQgdGhhdCB0d28gb2YgdGhlIFBRIHNpZ25hdHVy ZSBjYW5kaWRhdGVzIGluIHRoZSBOSVNUIFBRIGNvbXBldGl0aW9uIGNvdWxkIGJlIHZpYWJsZSBm b3IgdGhlIHdheSBQS0lYIHdvcmtzIHRvZGF5LiBBbmQgYmFzZWQgb24gcmVwb3J0cyBJIGhhdmUg c2VlbiBmcm9tIEdvb2dsZSwgQ2xvdWRmbGFyZSwgQVdTIGFuZCBNaWNyb3NvZnQgYW5kIGJhc2Vk IG9uIHRoZSBOSVNUIEtFTSBhbGdvcml0aG0gY2FuZGlkYXRlcyBjaGFyYWN0ZXJpc3RpY3MgdGhl cmUgYXJlIGtleSBleGNoYW5nZSBvcHRpb25zIHRoYXQgY291bGQgcGxheSBvayBpbiBhbG1vc3Qg YWxsIHVzZWNhc2VzIG9mIHNlY3VyZSB0dW5uZWxzIHRvZGF5LiANCg0KQmVmb3JlIHdlIGJvaWwg dGhlIG9jZWFuIGFsdGhvdWdoIGl0IGhhcyBiZWVuIGJvaWxlZCBhbHJlYWR5LCB3ZSBuZWVkIHRv IGJlIHN1cmUgaXQgbmVlZHMgYm9pbGluZy4gSSBhbSBub3QgY29udmluY2VkIGl0IGRvZXMuIA0K DQpQYW5vcw0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogU2VjZGlzcGF0Y2gg PHNlY2Rpc3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBNaWtlIE91bnN3b3J0 aA0KU2VudDogVGh1cnNkYXksIFNlcHRlbWJlciAxMiwgMjAxOSAzOjQ3IFBNDQpUbzogU3RlcGhl biBGYXJyZWxsIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPjsgU2NvdHQgRmx1aHJlciAoc2Zs dWhyZXIpIDxzZmx1aHJlckBjaXNjby5jb20+OyBEci4gUGFsYSA8bWFkd29sZkBvcGVuY2Eub3Jn Pjsgc2VjZGlzcGF0Y2hAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hdIFtFWFRF Uk5BTF1SZTogUHJvYmxlbSBzdGF0ZW1lbnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0 aG0gUEtJDQoNCkhpIFN0ZXBoZW4sDQoNClRoYXQncyBhbiBleGNpdGluZyBzb2x1dGlvbiBzcGFj ZSB0aGF0J3Mgb3J0aG9nb25hbCB0byB0aGUgb25lcyB0aGF0IEkgd3JvdGUgdXAgaW4gbXkgUHJv YmxlbSBTdGF0ZW1lbnQgZHJhZnQuIERvIHlvdSBoYXZlIHNvbWUgY29uY3JldGVzIG9uIHdoYXQg c3VjaCBhICJyZXBsYWNlIFguNTA5IiBwcm9wb3NhbCBtaWdodCBsb29rIGxpa2U/DQoNCkkgc3Vn Z2VzdCB0aGF0IGV2ZW4gd2l0aCBmdWxsIHN1cHBvcnQgZm9yIHN1Y2ggYSBwcm9wb3NhbCwgaXQg d291bGQgc3RpbGwgbWFrZSBzZW5zZSB0byBzdGFuZGFyZGl6ZSBhICJsZXNzIGNoYW5nZSB0byB0 aGUgMTk4MHMgYmFnZ2FnZSIgc28gdGhhdCBleGlzdGluZyBzeXN0ZW1zIGhhdmUgc29tZXRoaW5n IHRoZXkgY2FuIGRvIGluIHRoZSBzaG9ydCB0ZXJtLiBTcGVha2luZyBhcyBhIFBLSSB2ZW5kb3Is IHRoaXMgaXMgc3RhcnRpbmcgdG8gYmUgYW4gdW5jb21mb3J0YWJseSBob3QgaXNzdWUgd2l0aCBv dXIgY3VzdG9tZXJzIHdobyBhcmUgZGVwbG95aW5nIDIwIHllYXIgbGlmZXRpbWUgZGV2aWNlcyBh bmQgd2FudCBwb3N0LXF1YW50dW0gcHJvdGVjdGlvbiBvbiB0aGVtIGxpa2Ugbm93IHdpdGggbGlr ZSBubyBjb2RlIGNoYW5nZXMuDQoNClNvIGV4YWN0bHkgYXMgeW91IHNheSAicGVvcGxlIGludmVz dGVkIGluIHguNTA5LWJhc2VkIFBLSSBtYXkgcmVhc29uYWJseSBwcmVmZXIgbGVzcy1jaGFuZ2Ug dG8gbW9yZS1jaGFuZ2UiIDpQDQoNCi0gLSAtDQpNaWtlIE91bnN3b3J0aCB8IE9mZmljZTogKzEg KDYxMykgMjcwLTI4NzMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFNlY2Rp c3BhdGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgU3RlcGhl biBGYXJyZWxsDQpTZW50OiBUaHVyc2RheSwgU2VwdGVtYmVyIDEyLCAyMDE5IDI6MjggUE0NClRv OiBTY290dCBGbHVocmVyIChzZmx1aHJlcikgPHNmbHVocmVyQGNpc2NvLmNvbT47IERyLiBQYWxh IDxtYWR3b2xmQG9wZW5jYS5vcmc+OyBzZWNkaXNwYXRjaEBpZXRmLm9yZw0KU3ViamVjdDogW0VY VEVSTkFMXVJlOiBbU2VjZGlzcGF0Y2hdIFByb2JsZW0gc3RhdGVtZW50IGZvciBwb3N0LXF1YW50 dW0gbXVsdGktYWxnb3JpdGhtIFBLSQ0KDQoNCkhpeWEsDQoNCk9uIDEyLzA5LzIwMTkgMjA6MDgs IFNjb3R0IEZsdWhyZXIgKHNmbHVocmVyKSB3cm90ZToNCj4gSSBhZ3JlZSB0aGF0IHRoaXMgaXMg YW4gaW1wb3J0YW50IHByb2JsZW0gdG8gc29sdmUuDQoNCkRlcGVuZGluZywgb24gdGhlICJ0aGlz LCIgSSBhZ3JlZSBvciBkaXNhZ3JlZTotKQ0KDQpEaXNjdXNzaW9uIG9mIGhvdyB0byBnZXQgd2hh dCBQS0kgb2ZmZXJzIGluIGEgd29ybGQgd2hlcmUgY3VycmVudCBhc3ltbWV0cmljIGFsZ29yaXRo bXMgbWlnaHQgYmUgd2VhayBhbmQgd2hlcmUgcXVhbnR1bS1yZXNpc3RhbnQsIGJ1dCBuZXcsIGFs Z29yaXRobXMgYXJlIGVtZXJnaW5nLCBpcyBhbiBleGNlbGxlbnQgdG9waWMgdG8gc3RhcnQgdG8g Y29uc2lkZXIuDQoNCkkgYWxzbyB0aGluayBpdCBzZWVtcyBhIGJpdCBtYWQgdG8gY29uc2lkZXIg eC41MDkgYXMgdGhlIG1haW4gdGhpbmcgdG8gY29uc2lkZXIgc28gSSdtIG5vdCBhdCBhbGwga2Vl biBvbiBzZWVpbmcgdGhpcyBwcm9ibGVtIHNwYWNlIGFzIGJlaW5nIG9uZSB3aGVyZSBhbGwgd2Ug bmVlZCBpcyB5ZXQgYW5vdGhlciBzdGlja2luZyBwbGFzdGVyIGZvciB4LjUwOS4gVGhhdCBzYWlk LCBJIGRvIGdldCB0aGF0IHBlb3BsZSBpbnZlc3RlZCBpbiB4LjUwOS1iYXNlZCBQS0kgbWF5IHJl YXNvbmFibHkgcHJlZmVyIGxlc3MtY2hhbmdlIHRvIG1vcmUtY2hhbmdlLCBJIGp1c3QgdGhpbmsg d2UgbWF5IGJlIHNhZCBpZiB3ZSBtaXNzIGFub3RoZXIgb3Bwb3J0dW5pdHkgdG8gbW92ZSBvbiBs ZWF2aW5nIGJlaGluZCBzb21lIG9mIHRoaXMgMTk4MCdzIGJhZ2dhZ2UuDQoNCkNoZWVycywNClMu DQoNCj4gDQo+IE9uZSBtaWdodCB0aGluayB3ZSBoYXZlIHBsZW50eSBvZiB0aW1lLCBnaXZlbiB0 aGF0IFJlYWwgUXVhbnR1bSANCj4gQ29tcHV0ZXJzIGFyZSwgbW9yZSB0aGFuIGxpa2VseSwgbW9y ZSB0aGFuIDEwIHllYXJzIGF3YXksIGFuZCBldmVuIA0KPiBvbmNlIHlvdSBoYXZlIG9uZSwgeW91 IGNhbm5vdCB1c2UgeW91ciBRdWFudHVtIENvbXB1dGVyIHRvIGJyZWFrIHRoZSANCj4gYXV0aGVu dGljYXRpb24gb2YgcmVjb3JkZWQgY29udmVyc2F0aW9ucy4NCj4gDQo+IE9uIHRoZSBvdGhlciBo YW5kLCBhdXRoZW50aWNhdGlvbiBhbHNvIGJyaW5ncyBpbiBhZGRpdGlvbmFsIGlzc3VlczsgDQo+ IGluc3RlYWQgb2YgaGF2aW5nIGEgdHdvIHBhcnR5IHN5c3RlbSAod2hlcmUgYXMgbG9uZyBhcyBi b3RoIHRoZSBjbGllbnQgDQo+IGFuZCB0aGUgc2VydmVyIHN1cHBvcnQgYSBwb3N0cXVhbnR1bSBh bGdvcml0aG0sIHRoZXkgY2FuIG5lZ290aWF0ZSANCj4gaXQpLCB3ZSBub3cgaGF2ZSBhbiAoYXQg bGVhc3QpIHRocmVlIHBhcnR5IHN5c3RlbSwgdGhlIGNsaWVudCwgdGhlIA0KPiBzZXJ2ZXIsIGFu ZCB0aGUgQ0EuICB0aGlzIGFkZGl0aW9uYWwgcGFydHkgbWFrZXMgdGhlIHVwZ3JhZGUgcGF0aCBt b3JlIA0KPiBjb21wbGljYXRlZC4gIFNvLCB3aGlsZSB3ZSBoYXZlIG1vcmUgdGltZSwgd2UgbWF5 IG5lZWQgaXQuDQo+IA0KPiBJIGRvbuKAmXQgdGhpbmsgaXTigJlzIHRvbyBlYXJseSB0byBzdGFy dCB0aGlua2luZyBhYm91dCB0aGUgaXNzdWVzLi4NCj4gDQo+IEZyb206IFNlY2Rpc3BhdGNoIDxz ZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgRHIuDQo+IFBhbGEgU2Vu dDogVGh1cnNkYXksIFNlcHRlbWJlciAxMiwgMjAxOSAxMDozOSBBTSBUbzoNCj4gc2VjZGlzcGF0 Y2hAaWV0Zi5vcmcgU3ViamVjdDogUmU6IFtTZWNkaXNwYXRjaF0gUHJvYmxlbSBzdGF0ZW1lbnQg Zm9yIA0KPiBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBLSQ0KPiANCj4gDQo+IEhpIFNl Y0Rpc3BhdGNoLCBNaWtlLA0KPiANCj4gT3VyIGluZHVzdHJ5IChDYWJsZSkgaXMgd29ya2luZyBv biB0aGlzIHByb2JsZW0gYWxyZWFkeSAtIHNvbWUgb2Ygb3VyIA0KPiBtZW1iZXJzIGhhdmUgc3Rh cnRlZCBpbnZlc3RpZ2F0aW5nIGZldyB0aGluZ3MgaW4gdGhlIHBvc3QtcXVhbnR1bSANCj4gZmll bGQgYW5kIGluIHBhcnRpY3VsYXIgaG93IHRvIHByb3RlY3Qgb3VyIFBLSXMgaW4gdGhpcyB1bmNl cnRhaW4gDQo+IGVudmlyb25tZW50Lg0KPiANCj4gV2l0aCBmZXcgYmlsbGlvbnMgY2VydGlmaWNh dGVzIGlzc3VlZCBhY3Jvc3MgdGhlIGluZHVzdHJ5LCB3ZSBoZWF2aWx5IA0KPiByZWx5IG9uIGNl cnRpZmljYXRlcyBmb3IgZGV2aWNlIGF1dGhlbnRpY2F0aW9uIGFuZCwgdGhlcmVmb3JlLCB3ZSBu ZWVkIA0KPiB0byB3b3JrIG9uIGEgc29sdXRpb24gdG9kYXkuDQo+IA0KPiBGb3IgdXMsIHRoZSB1 c2Ugb2YgQ29tcG9zaXRlIENyeXB0byBpcyBxdWl0ZSBhbiBpbnRlcmVzdGluZyBwYXRoIHRvIA0K PiBwdXJzdWUgYmVjYXVzZSBpdCBwcm92aWRlcyBhbiBlYXN5IHdheSB0byBwcm90ZWN0IHRvZGF5 IG91ciBQS0lzIA0KPiBhZ2FpbnN0IHRoZSBmYWN0b3JpemF0aW9uIHRocmVhdCAobm90IG9ubHkg Y2VydGlmaWNhdGVzLCBidXQgYWxsIHRoZSANCj4gZGF0YSBzdHJ1Y3R1cmVzIGZvciBQS0lYKSB0 aHVzIGFsbG93aW5nIHRvIHZlcmlmeSB0aGUgYXV0aGVudGljYXRpb24gDQo+IHdpdGggUG9zdC1R dWFudHVtIGFsZ29yaXRobXMgd2hlbiB3ZSB3aWxsIG5lZWQgdG8gbWFrZSB0aGUgc3dpdGNoIA0K PiAoZGVmZXJyZWQgQWxnb3JpdGhtIEFnaWxpdHkpLg0KPiANCj4gV2UgaW50ZW5kIHRvIHN1cHBv cnQgdGhpcyBpZGVhIGFuZCBhY3RpdmVseSBkZXBsb3kgaXQgZm9yIG91ciBQS0lzIGFuZCANCj4g ZXZlbnR1YWxseSBleHBhbmQgdGhlIGFkb3B0aW9uIG9mIHRoaXMgYXBwcm9hY2ggaW4gb3RoZXIg ZW52aXJvbm1lbnRzIA0KPiB3ZSBhcmUgZW5nYWdlZCBpbiAoZS5nLiwgbWVkaWNhbCBkZXZpY2Vz LCBjZWxsdWxhciBuZXR3b3JrcywgV2lGaSANCj4gQWxsaWFuY2UgYW5kIFdCQSwgZXRjLikNCj4g DQo+IExvb2tpbmcgZm9yd2FyZCB0byBmaW5kIGEgZ29vZCBob21lIGZvciB0aGlzIHByb2plY3Qg d2l0aGluIHRoZSBJRVRGDQo+IC0gYSBzaW1wbGUgYnV0IHBvd2VyZnVsIHRvb2wgZm9yIG91ciAi UEtJIHRvb2xib3hlcyINCj4gDQo+IENoZWVycywgTWF4DQo+IA0KPiANCj4gDQo+IEhpIFNlY0Rp c3BhdGNoLA0KPiANCj4gDQo+IA0KPiBUaGlzIGdvdCBib3VuY2VkIGhlcmUgZnJvbSBMQU1QUyBi ZWNhdXNlIHRoZSBzY29wZSBpcyBwb3RlbnRpYWxseSBtb3JlIA0KPiB0aGFuIGEgImxpbWl0ZWQi IHBraXggY2hhbmdlLCBhbmQgYmVjYXVzZSB0aGlzIG5lZWRzIG11bHRpLVdHIA0KPiB2aXNpYmls aXR5IHRvIGRlY2lkZSBvbiBhIGNhdGVnb3J5IG9mIHNvbHV0aW9uLg0KPiANCj4gDQo+IA0KPiAN Cj4gDQo+IA0KPiANCj4gQmFja2dyb3VuZCAvIGhpc3RvcnkNCj4gDQo+IC0tLS0tLS0tLS0tLS0t LS0tLS0tDQo+IA0KPiANCj4gDQo+IFRoZSBQb3N0LVF1YW50dW0gY29tbXVuaXR5IChmb3IgZXhh bXBsZSwgc3Vycm91bmRpbmcgdGhlIE5JU1QgUFFDIA0KPiBjb21wZXRpdGlvbiksIGlzIHB1c2hp bmcgZm9yICJoeWJyaWRpemVkIiBjcnlwdG8gdGhhdCBjb21iaW5lcyBSU0EvRUNDIA0KPiB3aXRo IG5ldyBwcmltaXRpdmVzIGluIG9yZGVyIHRvIGhlZGdlIG91ciBiZXRzIGFnYWluc3QgYm90aCBx dWFudHVtIA0KPiBhZHZlcnNhcmllcywgYW5kIGFsc28gYWxnb3JpdGhtaWMgLyBtYXRoZW1hdGlj YWwgYnJlYWtzIG9mIHRoZSBuZXcgDQo+IHByaW1pdGl2ZXMuDQo+IA0KPiANCj4gDQo+IA0KPiAN Cj4gQSB5ZWFyIGFuZCBhIGhhbGYgYWdvLCBhIGRyYWZ0IHdhcyBwdXQgdG8gTEFNUFMgZm9yIHB1 dHRpbmcgUFEgcHVibGljIA0KPiBrZXkgYW5kIHNpZ25hdHVyZXMgaW50byBYLjUwOXYzIGV4dGVu c2lvbnMuIFRoaXMgZHJhZnQgaGFzIGJlZW4gDQo+IGFsbG93ZWQgdG8gZXhwaXJlLCBidXQgaXMg YmVpbmcgcHVyc3VlZCBhdCB0aGUgSVRVLg0KPiANCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRm Lm9yZy9kb2MvZHJhZnQtdHJ1c2tvdnNreS1sYW1wcy1wcS1oeWJyaWQteDUwOQ0KPiAvDQo+DQo+ IA0KPiANCj4gDQo+IA0KPiANCj4gRWFybGllciB0aGlzIHllYXIsIGEgbmV3IGRyYWZ0IHdhcyBw dXQgdG8gTEFNUFMgZm9yIGRlZmluaW5nIA0KPiAiY29tcG9zaXRlIiBwdWJsaWMga2V5IGFuZCBz aWduYXR1cmUgYWxnb3JpdGhtcyB0aGF0LCBlc3NlbnRpYWxseSwgDQo+IGNvbmNhdGVuYXRlIG11 bHRpcGxlIGNyeXB0byBhbGdvcml0aG1zIGludG8gYSBzaW5nbGUga2V5IG9yIHNpZ25hdHVyZSAN Cj4gb2N0ZXQgc3RyaW5nLiBUaGlzIGRyYWZ0IHN0YWxsZWQgaW4gTEFNUFMgb3ZlciB3aGV0aGVy IGl0IGlzIHRoZSANCj4gY29ycmVjdCBvdmVyYWxsIGFwcHJvYWNoLg0KPiANCj4gaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdz Lw0KPiANCj4gDQo+IA0KPiANCj4gDQo+IE5vdyBJJ20gdGFraW5nIGEgc3RlcCBiYWNrIGFuZCBz dWJtaXR0aW5nIGEgZHJhZnQgdGhhdCBhY3RzIGFzIGEgDQo+IHNlbWktZm9ybWFsIHByb2JsZW0g c3RhdGVtZW50LCBhbmQgYW4gb3ZlcnZpZXcgb2YgdGhlIHRocmVlIG1haW4gDQo+IGNhdGVnb3Jp ZXMgb2Ygc29sdXRpb25zLg0KPiANCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2Mv ZHJhZnQtcHEtcGtpeC1wcm9ibGVtLXN0YXRlbWVudC8NCj4gDQo+IA0KPiANCj4gDQo+IA0KPiAN Cj4gDQo+IA0KPiANCj4gTXkgT3Bpbmlvbg0KPiANCj4gLS0tLS0tLS0tLQ0KPiANCj4gDQo+IA0K PiBQZXJzb25hbGx5LCBJJ20gZmFpcmx5IGFnbm9zdGljIHRvIHRoZSBjaG9zZW4gc29sdXRpb24s IGJ1dCBmZWVsIHRoYXQgDQo+IHdlIG5lZWQgc29tZSBraW5kIG9mIHN0YW5kYXJkKHMpIGFyb3Vu ZCB0aGUgcG9zdC1xdWFudHVtIHRyYW5zaXRpb24gDQo+IGZvciBjZXJ0aWZpY2F0ZXMgYW5kIFBL SS4gUGVyc29uYWxseSwgSSBmZWVsIHRoYXQgQ29tcG9zaXRlIGlzIG1hdHVyZSANCj4gZW5vdWdo IGFzIGFuIGlkZWEgdG8gc3RhbmRhcmRpemUgYXMgYSB0b29sIGluIG91ciB0b29sYm94IGZvciBj b250ZXh0cyANCj4gd2hlcmUgaXQgbWFrZXMgc2Vuc2UsIGV2ZW4gaWYgYSBkaWZmZXJlbnQgbWVj aGFuaXNtIGlzIHByZWZlcnJlZCBmb3IgDQo+IFRMUyBhbmQgSVBTRUMvSUtFLg0KPiANCj4gDQo+ IA0KPiANCj4gDQo+IA0KPiANCj4gDQo+IA0KPiBSZXF1ZXN0ZWQgYWN0aW9uIGZyb20gU0VDRElT UEFUQ0gNCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gDQo+ IA0KPiAxLiBGZWVkYmFjayBvbiB0aGUgcHJvYmxlbSBzdGF0ZW1lbnQgZHJhZnQuDQo+IGh0dHBz Oi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1l bnQvDQo+IA0KPiANCj4gDQo+IDIuIERpc2N1c3Npb24gb2YgaG93IHRvIHByb2dyZXNzIHRoaXMu DQo+IA0KPiANCj4gDQo+IA0KPiANCj4gDQo+IA0KPiANCj4gDQo+IFBTIEknbSBhIG5ldyBJRVRG J2VyLCBwbGVhc2UgYmUgZ2VudGxlIDpQDQo+IA0KPiANCj4gDQo+IFRoYW5rcywNCj4gDQo+IC0g LSAtDQo+IA0KPiBNaWtlIE91bnN3b3J0aCB8IFNvZnR3YXJlIFNlY3VyaXR5IEFyY2hpdGVjdA0K PiANCj4gRW50cnVzdCBEYXRhY2FyZA0KPiANCj4gLS0gQmVzdCBSZWdhcmRzLCBNYXNzaW1pbGlh bm8gUGFsYSwgUGguRC4gT3BlbkNBIExhYnMgRGlyZWN0b3IgW09wZW5DQSANCj4gTG9nb10NCj4g DQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXyBT ZWNkaXNwYXRjaCBtYWlsaW5nIA0KPiBsaXN0IFNlY2Rpc3BhdGNoQGlldGYub3JnIA0KPiBodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoDQo+IA0KX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NClNlY2Rpc3BhdGNoIG1h aWxpbmcgbGlzdA0KU2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vc2VjZGlzcGF0Y2gNCg== From nobody Fri Sep 13 02:42:54 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 235F2120288 for ; Fri, 13 Sep 2019 02:42:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RSGzjBAmXhT for ; Fri, 13 Sep 2019 02:42:50 -0700 (PDT) Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBEF512006A for ; Fri, 13 Sep 2019 02:42:49 -0700 (PDT) Received: by mail-qk1-x733.google.com with SMTP id s18so27557569qkj.3 for ; Fri, 13 Sep 2019 02:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gL4dz3y4EHy8QP32frVbB7wk5R8hqMEyiycly0AR/Ik=; b=kk7x2JTsm7ZdouDaf8ysG4MVNRMqF5vnNh3eY+jAlcbfTpTZ7OBHRSjTl15Pa7BY+R /vt9IaJTqgJ/c3WHmd4KACITuSzcUVeMNn0am0iRcOve2q4mSEWJLKDIENRDyU28sHLb gj0jjWSvAQ7hq04P3bDBhu2QRjuS177yuH7+jH/wb0tmz9g31Y+3qClWXh0OLBoQ+Ixr lldTVWr7I4eDL9sE2H5IAOTjnhSu3OO64PNSxBfxWuix92NxVOW32pO4rHVw4spV7YJi V1oNrGy1kRaK3zcjJ46BshzY614GrGVtfjfu98eWEJfrvZ8eHKuB2nZl539+AN3TQRRb 1E9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=gL4dz3y4EHy8QP32frVbB7wk5R8hqMEyiycly0AR/Ik=; b=HOe8RDcy8tYEpiuHeW2DBL8V5dY599K2Al9K3LCGLj7F/PlHT5pbfDR66cEaEtJHvk jLkVuyT1LWBdCUt9NfBKqnnv2FbQMPXWaEOhn6XOeJALdTqG67wwusoSpdYa4tuYHBxT epdxDe6zkJXzAO+DE6xybhqXjnpzF28cI4KhvvVRqE1kKeZILIrL6zlSbScjsIIZM8rp nBoUI6DuKqJtuvlNO/Ww4hV0NeYWwGHjF98JEj9nW9J17EPA4JjucsqHpwWbrikDKt4P wsOlNHcVDSQ2+bj25oM+fKpkwl3+o8/iD1LrAcEAo3YdPABid3lqqD4IIiPh515mofkP 4yAg== X-Gm-Message-State: APjAAAV7nvlvabzrfdlxJ8sHhCFsT/MJy3hIMOnjv7CQ0a3TUR6O+0cJ 6g9N4tMb3V7Xo6QGvLCOGIJLYkcRZQk= X-Google-Smtp-Source: APXvYqyeGqtP7kkIOZC0RNFLmPkabSn9Z3tcMNKR2Gt7yBbCTA8d1sgVk6zNTEz/UUh7NESkEelqZA== X-Received: by 2002:a37:a545:: with SMTP id o66mr45149063qke.96.1568367768907; Fri, 13 Sep 2019 02:42:48 -0700 (PDT) Received: from [192.168.1.4] (146-115-73-78.s5196.c3-0.arl-cbr1.sbo-arl.ma.cable.rcncustomer.com. [146.115.73.78]) by smtp.gmail.com with ESMTPSA id v12sm10635963qtb.5.2019.09.13.02.42.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Sep 2019 02:42:48 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Kathleen Moriarty X-Mailer: iPhone Mail (16G102) In-Reply-To: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> Date: Fri, 13 Sep 2019 05:42:47 -0400 Cc: "secdispatch@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> To: Mike Ounsworth Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 09:42:52 -0000 Mike, Are you looking for an agenda spot in Singapore? Additionally, it would be good to see discussion on list in advance, so than= k you for posting your message. Best regards, Kathleen=20 Sent from my mobile device > On Sep 11, 2019, at 5:11 PM, Mike Ounsworth wrote: >=20 > Hi SecDispatch, >=20 > This got bounced here from LAMPS because the scope is potentially more tha= n a "limited" pkix change, and because this needs multi-WG visibility to dec= ide on a category of solution. >=20 >=20 >=20 > Background / history > -------------------- >=20 > The Post-Quantum community (for example, surrounding the NIST PQC competit= ion), is pushing for "hybridized" crypto that combines RSA/ECC with new prim= itives in order to hedge our bets against both quantum adversaries, and also= algorithmic / mathematical breaks of the new primitives. >=20 >=20 > A year and a half ago, a draft was put to LAMPS for putting PQ public key a= nd signatures into X.509v3 extensions. This draft has been allowed to expire= , but is being pursued at the ITU. > https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ >=20 >=20 > Earlier this year, a new draft was put to LAMPS for defining "composite" p= ublic key and signature algorithms that, essentially, concatenate multiple c= rypto algorithms into a single key or signature octet string. This draft sta= lled in LAMPS over whether it is the correct overall approach. > https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ >=20 >=20 > Now I'm taking a step back and submitting a draft that acts as a semi-form= al problem statement, and an overview of the three main categories of soluti= ons. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >=20 >=20 >=20 >=20 > My Opinion > ---------- >=20 > Personally, I'm fairly agnostic to the chosen solution, but feel that we n= eed some kind of standard(s) around the post-quantum transition for certific= ates and PKI. Personally, I feel that Composite is mature enough as an idea t= o standardize as a tool in our toolbox for contexts where it makes sense, ev= en if a different mechanism is preferred for TLS and IPSEC/IKE. >=20 >=20 >=20 >=20 > Requested action from SECDISPATCH > --------------------------------- >=20 > 1. Feedback on the problem statement draft. https://datatracker.ietf.org/d= oc/draft-pq-pkix-problem-statement/ >=20 > 2. Discussion of how to progress this. >=20 >=20 >=20 >=20 > PS I'm a new IETF'er, please be gentle :P >=20 > Thanks, > - - - > Mike Ounsworth | Software Security Architect > Entrust Datacard >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch From nobody Fri Sep 13 07:03:02 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAACA120047 for ; Fri, 13 Sep 2019 07:03:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p55qVCNmJvsc for ; Fri, 13 Sep 2019 07:02:58 -0700 (PDT) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBFA112002F for ; Fri, 13 Sep 2019 07:02:57 -0700 (PDT) IronPort-SDR: nitwSFkXZMbSHXez0Woj3oHLn7ygmr+lofJt2VrofF/uZYVi7rxSAMhv4WX79zs3fIWrRdWEZP 010SfGZuqX1g== X-IronPort-AV: E=Sophos; i="5.64,501,1559538000"; d="scan'208,217"; a="56941357" Received: from pmspex05.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.52]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 13 Sep 2019 09:02:57 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX05.corporate.datacard.com (192.168.211.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 13 Sep 2019 09:02:56 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Fri, 13 Sep 2019 09:02:56 -0500 From: Mike Ounsworth To: Kathleen Moriarty CC: "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AdVo5XY9fEgsAHwkSEunmRFqOiv5LABXAwiA///03jw= Date: Fri, 13 Sep 2019 14:02:56 +0000 Message-ID: <23FA6A308F3F02C9.8f40790f-5eb6-454b-8b4d-384b9ac18637@mail.outlook.com> References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com>, In-Reply-To: Accept-Language: en-CA, en-US Content-Language: en-CA X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted Content-Type: multipart/alternative; boundary="_000_23FA6A308F3F02C98f40790f5eb6454b8b4d384b9ac18637mailout_" MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 14:03:01 -0000 --_000_23FA6A308F3F02C98f40790f5eb6454b8b4d384b9ac18637mailout_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgS2F0aGxlZW4sDQoNCkknbSBuZXcgdG8gSUVURiwgYW5kIGxvb2tpbmcgZm9yIGd1aWRhbmNl LiBJZiBhbiBhZ2VuZGEgc3BvdCBpbiBTaW5nYXBvcmUgaXMgdGhlIHJpZ2h0IG5leHQgc3RlcCB0 byBnZXQgdmlzaWJpbGl0eSBhbmQgZGlzY3Vzc2lvbiwgdGhlbiBJJ20gaGFwcHkgdG8gZG8gdGhh dC4NCg0KVGhhbmtzIQ0KLU1pa2UNCg0KDQoNCkZyb206IEthdGhsZWVuIE1vcmlhcnR5DQpTZW50 OiBGcmlkYXksIFNlcHRlbWJlciAxMywgMDQ6NDINClN1YmplY3Q6IFtFWFRFUk5BTF1SZTogW1Nl Y2Rpc3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVudCBmb3IgcG9zdC1xdWFudHVtIG11bHRpLWFsZ29y aXRobSBQS0kNClRvOiBNaWtlIE91bnN3b3J0aA0KQ2M6IHNlY2Rpc3BhdGNoQGlldGYub3JnDQoN Cg0KV0FSTklORzogVGhpcyBlbWFpbCBvcmlnaW5hdGVkIG91dHNpZGUgb2YgRW50cnVzdCBEYXRh Y2FyZC4NCkRPIE5PVCBDTElDSyBsaW5rcyBvciBhdHRhY2htZW50cyB1bmxlc3MgeW91IHRydXN0 IHRoZSBzZW5kZXIgYW5kIGtub3cgdGhlIGNvbnRlbnQgaXMgc2FmZS4NCg0KTWlrZSwNCg0KQXJl IHlvdSBsb29raW5nIGZvciBhbiBhZ2VuZGEgc3BvdCBpbiBTaW5nYXBvcmU/DQoNCkFkZGl0aW9u YWxseSwgaXQgd291bGQgYmUgZ29vZCB0byBzZWUgZGlzY3Vzc2lvbiBvbiBsaXN0IGluIGFkdmFu Y2UsIHNvIHRoYW5rIHlvdSBmb3IgcG9zdGluZyB5b3VyIG1lc3NhZ2UuDQoNCkJlc3QgcmVnYXJk cywNCkthdGhsZWVuDQoNClNlbnQgZnJvbSBteSBtb2JpbGUgZGV2aWNlDQoNCj4gT24gU2VwIDEx LCAyMDE5LCBhdCA1OjExIFBNLCBNaWtlIE91bnN3b3J0aCA8TWlrZS5PdW5zd29ydGhAZW50cnVz dGRhdGFjYXJkLmNvbT4gd3JvdGU6DQo+DQo+IEhpIFNlY0Rpc3BhdGNoLA0KPg0KPiBUaGlzIGdv dCBib3VuY2VkIGhlcmUgZnJvbSBMQU1QUyBiZWNhdXNlIHRoZSBzY29wZSBpcyBwb3RlbnRpYWxs eSBtb3JlIHRoYW4gYSAibGltaXRlZCIgcGtpeCBjaGFuZ2UsIGFuZCBiZWNhdXNlIHRoaXMgbmVl ZHMgbXVsdGktV0cgdmlzaWJpbGl0eSB0byBkZWNpZGUgb24gYSBjYXRlZ29yeSBvZiBzb2x1dGlv bi4NCj4NCj4NCj4NCj4gQmFja2dyb3VuZCAvIGhpc3RvcnkNCj4gLS0tLS0tLS0tLS0tLS0tLS0t LS0NCj4NCj4gVGhlIFBvc3QtUXVhbnR1bSBjb21tdW5pdHkgKGZvciBleGFtcGxlLCBzdXJyb3Vu ZGluZyB0aGUgTklTVCBQUUMgY29tcGV0aXRpb24pLCBpcyBwdXNoaW5nIGZvciAiaHlicmlkaXpl ZCIgY3J5cHRvIHRoYXQgY29tYmluZXMgUlNBL0VDQyB3aXRoIG5ldyBwcmltaXRpdmVzIGluIG9y ZGVyIHRvIGhlZGdlIG91ciBiZXRzIGFnYWluc3QgYm90aCBxdWFudHVtIGFkdmVyc2FyaWVzLCBh bmQgYWxzbyBhbGdvcml0aG1pYyAvIG1hdGhlbWF0aWNhbCBicmVha3Mgb2YgdGhlIG5ldyBwcmlt aXRpdmVzLg0KPg0KPg0KPiBBIHllYXIgYW5kIGEgaGFsZiBhZ28sIGEgZHJhZnQgd2FzIHB1dCB0 byBMQU1QUyBmb3IgcHV0dGluZyBQUSBwdWJsaWMga2V5IGFuZCBzaWduYXR1cmVzIGludG8gWC41 MDl2MyBleHRlbnNpb25zLiBUaGlzIGRyYWZ0IGhhcyBiZWVuIGFsbG93ZWQgdG8gZXhwaXJlLCBi dXQgaXMgYmVpbmcgcHVyc3VlZCBhdCB0aGUgSVRVLg0KPiBodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC08aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQt dHJ1c2tvdnNreS1sYW1wcy1wcS1oeWJyaWQteDUwOS8+dHJ1c2tvdnNreTxodHRwczovL2RhdGF0 cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC10cnVza292c2t5LWxhbXBzLXBxLWh5YnJpZC14NTA5 Lz4tbGFtcHMtcHEtaHlicmlkLXg1MDkvPGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9j L2RyYWZ0LXRydXNrb3Zza3ktbGFtcHMtcHEtaHlicmlkLXg1MDkvPg0KPg0KPg0KPiBFYXJsaWVy IHRoaXMgeWVhciwgYSBuZXcgZHJhZnQgd2FzIHB1dCB0byBMQU1QUyBmb3IgZGVmaW5pbmcgImNv bXBvc2l0ZSIgcHVibGljIGtleSBhbmQgc2lnbmF0dXJlIGFsZ29yaXRobXMgdGhhdCwgZXNzZW50 aWFsbHksIGNvbmNhdGVuYXRlIG11bHRpcGxlIGNyeXB0byBhbGdvcml0aG1zIGludG8gYSBzaW5n bGUga2V5IG9yIHNpZ25hdHVyZSBvY3RldCBzdHJpbmcuIFRoaXMgZHJhZnQgc3RhbGxlZCBpbiBM QU1QUyBvdmVyIHdoZXRoZXIgaXQgaXMgdGhlIGNvcnJlY3Qgb3ZlcmFsbCBhcHByb2FjaC4NCj4g aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtPGh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncy8+b3Vuc3dv cnRoPGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1j b21wb3NpdGUtc2lncy8+LXBxLWNvbXBvc2l0ZS08aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9y Zy9kb2MvZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdzLz5zaWdzPGh0dHBzOi8vZGF0 YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1wcS1jb21wb3NpdGUtc2lncy8+ LzxodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1vdW5zd29ydGgtcHEtY29t cG9zaXRlLXNpZ3MvPg0KPg0KPg0KPiBOb3cgSSdtIHRha2luZyBhIHN0ZXAgYmFjayBhbmQgc3Vi bWl0dGluZyBhIGRyYWZ0IHRoYXQgYWN0cyBhcyBhIHNlbWktZm9ybWFsIHByb2JsZW0gc3RhdGVt ZW50LCBhbmQgYW4gb3ZlcnZpZXcgb2YgdGhlIHRocmVlIG1haW4gY2F0ZWdvcmllcyBvZiBzb2x1 dGlvbnMuDQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgt cHJvYmxlbS1zdGF0ZW1lbnQvDQo+DQo+DQo+DQo+DQo+IE15IE9waW5pb24NCj4gLS0tLS0tLS0t LQ0KPg0KPiBQZXJzb25hbGx5LCBJJ20gZmFpcmx5IGFnbm9zdGljIHRvIHRoZSBjaG9zZW4gc29s dXRpb24sIGJ1dCBmZWVsIHRoYXQgd2UgbmVlZCBzb21lIGtpbmQgb2Ygc3RhbmRhcmQocykgYXJv dW5kIHRoZSBwb3N0LXF1YW50dW0gdHJhbnNpdGlvbiBmb3IgY2VydGlmaWNhdGVzIGFuZCBQS0ku IFBlcnNvbmFsbHksIEkgZmVlbCB0aGF0IENvbXBvc2l0ZSBpcyBtYXR1cmUgZW5vdWdoIGFzIGFu IGlkZWEgdG8gc3RhbmRhcmRpemUgYXMgYSB0b29sIGluIG91ciB0b29sYm94IGZvciBjb250ZXh0 cyB3aGVyZSBpdCBtYWtlcyBzZW5zZSwgZXZlbiBpZiBhIGRpZmZlcmVudCBtZWNoYW5pc20gaXMg cHJlZmVycmVkIGZvciBUTFMgYW5kIElQU0VDL0lLRS4NCj4NCj4NCj4NCj4NCj4gUmVxdWVzdGVk IGFjdGlvbiBmcm9tIFNFQ0RJU1BBVENIDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQ0KPg0KPiAxLiBGZWVkYmFjayBvbiB0aGUgcHJvYmxlbSBzdGF0ZW1lbnQgZHJhZnQuIGh0 dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0 ZW1lbnQvDQo+DQo+IDIuIERpc2N1c3Npb24gb2YgaG93IHRvIHByb2dyZXNzIHRoaXMuDQo+DQo+ DQo+DQo+DQo+IFBTIEknbSBhIG5ldyBJRVRGJ2VyLCBwbGVhc2UgYmUgZ2VudGxlIDpQDQo+DQo+ IFRoYW5rcywNCj4gLSAtIC0NCj4gTWlrZSBPdW5zd29ydGggfCBTb2Z0d2FyZSBTZWN1cml0eSBB cmNoaXRlY3QNCj4gRW50cnVzdCBEYXRhY2FyZA0KPg0KPiBfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QNCj4g U2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0 aW5mby9zZWNkaXNwYXRjaA0KDQoNCg0K --_000_23FA6A308F3F02C98f40790f5eb6454b8b4d384b9ac18637mailout_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5Pg0KPGRpdiBkaXI9ImF1 dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZh bWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpIaSBL YXRobGVlbiw8YnI+DQo8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0 aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7 IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KSSdtIG5ldyB0byBJRVRGLCBhbmQg bG9va2luZyBmb3IgZ3VpZGFuY2UuIElmIGFuIGFnZW5kYSBzcG90IGluIFNpbmdhcG9yZSBpcyB0 aGUgcmlnaHQgbmV4dCBzdGVwIHRvIGdldCB2aXNpYmlsaXR5IGFuZCBkaXNjdXNzaW9uLCB0aGVu IEknbSBoYXBweSB0byBkbyB0aGF0Ljxicj4NCjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8i IHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWls eTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpUaGFua3Mh PGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJn aW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEx cHQ7IGNvbG9yOiBibGFjazsgIj4NCjxzcGFuIGlkPSJPdXRsb29rU2lnbmF0dXJlIj4NCjxkaXYg ZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsg Zm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAi Pg0KLU1pa2U8L2Rpdj4NCjwvc3Bhbj48YnI+DQo8YnI+DQo8YnI+DQo8L2Rpdj4NCjxkaXYgZGly PSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9u dC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0K RnJvbTogS2F0aGxlZW4gTW9yaWFydHk8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHls ZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNh bnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KU2VudDogRnJpZGF5 LCBTZXB0ZW1iZXIgMTMsIDA0OjQyPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9 ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5z LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NClN1YmplY3Q6IFtFWFRF Uk5BTF1SZTogW1NlY2Rpc3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVudCBmb3IgcG9zdC1xdWFudHVt IG11bHRpLWFsZ29yaXRobSBQS0k8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0i ZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMt c2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KVG86IE1pa2UgT3Vuc3dv cnRoPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBt YXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6 IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCkNjOiBzZWNkaXNwYXRjaEBpZXRmLm9yZzxicj4NCjxi cj4NCjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsg bWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpXQVJOSU5HOiBUaGlzIGVtYWlsIG9yaWdpbmF0ZWQg b3V0c2lkZSBvZiBFbnRydXN0IERhdGFjYXJkLjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8i IHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWls eTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpETyBOT1Qg Q0xJQ0sgbGlua3Mgb3IgYXR0YWNobWVudHMgdW5sZXNzIHlvdSB0cnVzdCB0aGUgc2VuZGVyIGFu ZCBrbm93IHRoZSBjb250ZW50IGlzIHNhZmUuPGJyPg0KPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0i YXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQt ZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCk1p a2UsPGJyPg0KPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjog bHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250 LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCkFyZSB5b3UgbG9va2luZyBmb3IgYW4gYWdl bmRhIHNwb3QgaW4gU2luZ2Fwb3JlPzxicj4NCjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8i IHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWls eTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpBZGRpdGlv bmFsbHksIGl0IHdvdWxkIGJlIGdvb2QgdG8gc2VlIGRpc2N1c3Npb24gb24gbGlzdCBpbiBhZHZh bmNlLCBzbyB0aGFuayB5b3UgZm9yIHBvc3RpbmcgeW91ciBtZXNzYWdlLjxicj4NCjxicj4NCjwv ZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBw YWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xv cjogYmxhY2s7ICI+DQpCZXN0IHJlZ2FyZHMsPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIg c3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5 OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCkthdGhsZWVu IDxicj4NCjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0 cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1z aXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQpTZW50IGZyb20gbXkgbW9iaWxlIGRldmljZTxi cj4NCjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsg bWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IE9uIFNlcCAxMSwgMjAxOSwgYXQgNToxMSBQ TSwgTWlrZSBPdW5zd29ydGggJmx0O01pa2UuT3Vuc3dvcnRoQGVudHJ1c3RkYXRhY2FyZC5jb20m Z3Q7IHdyb3RlOjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246 IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9u dC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBk aXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBm b250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+ DQomZ3Q7IEhpIFNlY0Rpc3BhdGNoLDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxl PSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fu cy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwv ZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBw YWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xv cjogYmxhY2s7ICI+DQomZ3Q7IFRoaXMgZ290IGJvdW5jZWQgaGVyZSBmcm9tIExBTVBTIGJlY2F1 c2UgdGhlIHNjb3BlIGlzIHBvdGVudGlhbGx5IG1vcmUgdGhhbiBhICZxdW90O2xpbWl0ZWQmcXVv dDsgcGtpeCBjaGFuZ2UsIGFuZCBiZWNhdXNlIHRoaXMgbmVlZHMgbXVsdGktV0cgdmlzaWJpbGl0 eSB0byBkZWNpZGUgb24gYSBjYXRlZ29yeSBvZiBzb2x1dGlvbi48YnI+DQo8L2Rpdj4NCjxkaXYg ZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsg Zm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAi Pg0KJmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBs dHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQt c2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGly PSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9u dC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0K Jmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7 IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6 ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyBCYWNrZ3JvdW5kIC8gaGlzdG9yeTxicj4N CjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAw OyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBj b2xvcjogYmxhY2s7ICI+DQomZ3Q7IC0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPg0KPC9kaXY+DQo8 ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6 IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFj azsgIj4NCiZndDsgPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlv bjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBm b250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgVGhlIFBvc3QtUXVhbnR1bSBj b21tdW5pdHkgKGZvciBleGFtcGxlLCBzdXJyb3VuZGluZyB0aGUgTklTVCBQUUMgY29tcGV0aXRp b24pLCBpcyBwdXNoaW5nIGZvciAmcXVvdDtoeWJyaWRpemVkJnF1b3Q7IGNyeXB0byB0aGF0IGNv bWJpbmVzIFJTQS9FQ0Mgd2l0aCBuZXcgcHJpbWl0aXZlcyBpbiBvcmRlciB0byBoZWRnZSBvdXIg YmV0cyBhZ2FpbnN0IGJvdGggcXVhbnR1bSBhZHZlcnNhcmllcywgYW5kIGFsc28gYWxnb3JpdGht aWMgLyBtYXRoZW1hdGljYWwgYnJlYWtzDQogb2YgdGhlIG5ldyBwcmltaXRpdmVzLjxicj4NCjwv ZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBw YWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xv cjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJk aXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1z ZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2 Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRk aW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjog YmxhY2s7ICI+DQomZ3Q7IEEgeWVhciBhbmQgYSBoYWxmIGFnbywgYSBkcmFmdCB3YXMgcHV0IHRv IExBTVBTIGZvciBwdXR0aW5nIFBRIHB1YmxpYyBrZXkgYW5kIHNpZ25hdHVyZXMgaW50byBYLjUw OXYzIGV4dGVuc2lvbnMuIFRoaXMgZHJhZnQgaGFzIGJlZW4gYWxsb3dlZCB0byBleHBpcmUsIGJ1 dCBpcyBiZWluZyBwdXJzdWVkIGF0IHRoZSBJVFUuPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0 byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFt aWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsg PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtdHJ1c2tvdnNr eS1sYW1wcy1wcS1oeWJyaWQteDUwOS8iPg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k b2MvZHJhZnQtPC9hPjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry YWZ0LXRydXNrb3Zza3ktbGFtcHMtcHEtaHlicmlkLXg1MDkvIj50cnVza292c2t5PC9hPjxhIGhy ZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXRydXNrb3Zza3ktbGFt cHMtcHEtaHlicmlkLXg1MDkvIj4tbGFtcHMtcHEtaHlicmlkLXg1MDkvPC9hPjxicj4NCjwvZGl2 Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRk aW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjog YmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJl Y3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0K PGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5n OiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxh Y2s7ICI+DQomZ3Q7IEVhcmxpZXIgdGhpcyB5ZWFyLCBhIG5ldyBkcmFmdCB3YXMgcHV0IHRvIExB TVBTIGZvciBkZWZpbmluZyAmcXVvdDtjb21wb3NpdGUmcXVvdDsgcHVibGljIGtleSBhbmQgc2ln bmF0dXJlIGFsZ29yaXRobXMgdGhhdCwgZXNzZW50aWFsbHksIGNvbmNhdGVuYXRlIG11bHRpcGxl IGNyeXB0byBhbGdvcml0aG1zIGludG8gYSBzaW5nbGUga2V5IG9yIHNpZ25hdHVyZSBvY3RldCBz dHJpbmcuIFRoaXMgZHJhZnQgc3RhbGxlZCBpbiBMQU1QUyBvdmVyIHdoZXRoZXIgaXQNCiBpcyB0 aGUgY29ycmVjdCBvdmVyYWxsIGFwcHJvYWNoLjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8i IHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWls eTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxh IGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW91bnN3b3J0aC1w cS1jb21wb3NpdGUtc2lncy8iPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LTwvYT48YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1vdW5z d29ydGgtcHEtY29tcG9zaXRlLXNpZ3MvIj5vdW5zd29ydGg8L2E+PGEgaHJlZj0iaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdz LyI+LXBxLWNvbXBvc2l0ZS08L2E+PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9y Zy9kb2MvZHJhZnQtb3Vuc3dvcnRoLXBxLWNvbXBvc2l0ZS1zaWdzLyI+c2lnczwvYT48YSBocmVm PSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1vdW5zd29ydGgtcHEtY29t cG9zaXRlLXNpZ3MvIj4vPC9hPjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJk aXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1z ZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2 Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRk aW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjog YmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJl Y3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJp ZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IE5vdyBJJ20gdGFraW5n IGEgc3RlcCBiYWNrIGFuZCBzdWJtaXR0aW5nIGEgZHJhZnQgdGhhdCBhY3RzIGFzIGEgc2VtaS1m b3JtYWwgcHJvYmxlbSBzdGF0ZW1lbnQsIGFuZCBhbiBvdmVydmlldyBvZiB0aGUgdGhyZWUgbWFp biBjYXRlZ29yaWVzIG9mIHNvbHV0aW9ucy48YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBz dHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6 IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YSBo cmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1wcS1wa2l4LXByb2Js ZW0tc3RhdGVtZW50LyI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcHEt cGtpeC1wcm9ibGVtLXN0YXRlbWVudC88L2E+PGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIg c3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5 OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgPGJy Pg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46 IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7 IGNvbG9yOiBibGFjazsgIj4NCiZndDsgPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5 bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBz YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgPGJyPg0K PC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7 IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNv bG9yOiBibGFjazsgIj4NCiZndDsgPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9 ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5z LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgTXkgT3Bpbmlv bjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFy Z2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx MXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IC0tLS0tLS0tLS08YnI+DQo8L2Rpdj4NCjxkaXYg ZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsg Zm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAi Pg0KJmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBs dHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQt c2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyBQZXJzb25hbGx5LCBJJ20gZmFpcmx5 IGFnbm9zdGljIHRvIHRoZSBjaG9zZW4gc29sdXRpb24sIGJ1dCBmZWVsIHRoYXQgd2UgbmVlZCBz b21lIGtpbmQgb2Ygc3RhbmRhcmQocykgYXJvdW5kIHRoZSBwb3N0LXF1YW50dW0gdHJhbnNpdGlv biBmb3IgY2VydGlmaWNhdGVzIGFuZCBQS0kuIFBlcnNvbmFsbHksIEkgZmVlbCB0aGF0IENvbXBv c2l0ZSBpcyBtYXR1cmUgZW5vdWdoIGFzIGFuIGlkZWEgdG8gc3RhbmRhcmRpemUgYXMgYSB0b29s IGluIG91cg0KIHRvb2xib3ggZm9yIGNvbnRleHRzIHdoZXJlIGl0IG1ha2VzIHNlbnNlLCBldmVu IGlmIGEgZGlmZmVyZW50IG1lY2hhbmlzbSBpcyBwcmVmZXJyZWQgZm9yIFRMUyBhbmQgSVBTRUMv SUtFLjxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsg bWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1 dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZh bWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7 IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFy Z2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx MXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8i IHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWls eTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxi cj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2lu OiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0 OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IFJlcXVlc3RlZCBhY3Rpb24gZnJvbSBTRUNESVNQQVRD SDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFy Z2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx MXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLTxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsg bWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1 dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZh bWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7 IDEuIEZlZWRiYWNrIG9uIHRoZSBwcm9ibGVtIHN0YXRlbWVudCBkcmFmdC4gPGEgaHJlZj0iaHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcHEtcGtpeC1wcm9ibGVtLXN0YXRl bWVudC8iPg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtcHEtcGtpeC1w cm9ibGVtLXN0YXRlbWVudC88L2E+PGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9 ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5z LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgPGJyPg0KPC9k aXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBh ZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9y OiBibGFjazsgIj4NCiZndDsgMi4gRGlzY3Vzc2lvbiBvZiBob3cgdG8gcHJvZ3Jlc3MgdGhpcy48 YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdp bjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFw dDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBz dHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6 IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YnI+ DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjog MDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsg Y29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHls ZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNh bnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YnI+DQo8 L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBsdHI7IG1hcmdpbjogMDsg cGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgY29s b3I6IGJsYWNrOyAiPg0KJmd0OyBQUyBJJ20gYSBuZXcgSUVURidlciwgcGxlYXNlIGJlIGdlbnRs ZSA6UDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsg bWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXpl OiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1 dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZh bWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7 IFRoYW5rcyw8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9uOiBs dHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZvbnQt c2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyAtIC0gLTxicj4NCjwvZGl2Pg0KPGRp diBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAw OyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7 ICI+DQomZ3Q7IE1pa2UgT3Vuc3dvcnRoIHwgU29mdHdhcmUgU2VjdXJpdHkgQXJjaGl0ZWN0PGJy Pg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46 IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7 IGNvbG9yOiBibGFjazsgIj4NCiZndDsgRW50cnVzdCBEYXRhY2FyZDxicj4NCjwvZGl2Pg0KPGRp diBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAw OyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7 ICI+DQomZ3Q7IDxicj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIHN0eWxlPSJkaXJlY3Rpb246 IGx0cjsgbWFyZ2luOiAwOyBwYWRkaW5nOiAwOyBmb250LWZhbWlseTogc2Fucy1zZXJpZjsgZm9u dC1zaXplOiAxMXB0OyBjb2xvcjogYmxhY2s7ICI+DQomZ3Q7IF9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIg c3R5bGU9ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5 OiBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgU2Vj ZGlzcGF0Y2ggbWFpbGluZyBsaXN0PGJyPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9 ImRpcmVjdGlvbjogbHRyOyBtYXJnaW46IDA7IHBhZGRpbmc6IDA7IGZvbnQtZmFtaWx5OiBzYW5z LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IGNvbG9yOiBibGFjazsgIj4NCiZndDsgU2VjZGlzcGF0 Y2hAaWV0Zi5vcmc8YnI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBzdHlsZT0iZGlyZWN0aW9u OiBsdHI7IG1hcmdpbjogMDsgcGFkZGluZzogMDsgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7IGZv bnQtc2l6ZTogMTFwdDsgY29sb3I6IGJsYWNrOyAiPg0KJmd0OyA8YSBocmVmPSJodHRwczovL3d3 dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoIj5odHRwczovL3d3dy5pZXRm Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NlY2Rpc3BhdGNoPC9hPjxicj4NCjxicj4NCjxicj4NCjxi cj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_23FA6A308F3F02C98f40790f5eb6454b8b4d384b9ac18637mailout_-- From nobody Fri Sep 13 07:07:44 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3478F120043 for ; Fri, 13 Sep 2019 07:07:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mnyszz4Y20Xs for ; Fri, 13 Sep 2019 07:07:32 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94E3712002F for ; Fri, 13 Sep 2019 07:07:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B8F21BE3E; Fri, 13 Sep 2019 15:07:30 +0100 (IST) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeNjyL55mAbD; Fri, 13 Sep 2019 15:07:30 +0100 (IST) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 739ACBE2E; Fri, 13 Sep 2019 15:07:30 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568383650; bh=befHdCv/H7eyCfNczExKTQ5pD5XsUE+21nmV0ceKfSg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=HEApt0XIeBrvK0X7NbcL418oZb8Q1ouOFhcn9i1amGhKHl+qimMR8+oUsuXOxnHms 9soC98/OSUx93otW6IvWbHNu6Jk8Iw3zCRLdtFyQySxkYnyFSUH+XiEZQVV2GezoFb PS/DsfSfFouLem2QIp9H89tcmNVCC6XRvtM5qg8s= To: Mike Ounsworth , Kathleen Moriarty Cc: "secdispatch@ietf.org" References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> <23FA6A308F3F02C9.8f40790f-5eb6-454b-8b4d-384b9ac18637@mail.outlook.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <23d741b6-073a-a6b9-4bc7-b68d94cbb5fa@cs.tcd.ie> Date: Fri, 13 Sep 2019 15:07:24 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <23FA6A308F3F02C9.8f40790f-5eb6-454b-8b4d-384b9ac18637@mail.outlook.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3ywJRBl81TGJFIdivAavhj2QbGIYrT6NG" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Sep 2019 14:07:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3ywJRBl81TGJFIdivAavhj2QbGIYrT6NG Content-Type: multipart/mixed; boundary="ahNMzArNvtKxLwKX8FCWskgO0P3Jbw12l"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , Kathleen Moriarty Cc: "secdispatch@ietf.org" Message-ID: <23d741b6-073a-a6b9-4bc7-b68d94cbb5fa@cs.tcd.ie> Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> <23FA6A308F3F02C9.8f40790f-5eb6-454b-8b4d-384b9ac18637@mail.outlook.com> In-Reply-To: <23FA6A308F3F02C9.8f40790f-5eb6-454b-8b4d-384b9ac18637@mail.outlook.com> --ahNMzArNvtKxLwKX8FCWskgO0P3Jbw12l Content-Type: multipart/mixed; boundary="------------10AA727D2123DDEF8B32DF01" Content-Language: en-GB This is a multi-part message in MIME format. --------------10AA727D2123DDEF8B32DF01 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 13/09/2019 15:02, Mike Ounsworth wrote: > Hi Kathleen, >=20 > I'm new to IETF, and looking for guidance. If an agenda spot in > Singapore is the right next step to get visibility and discussion, > then I'm happy to do that. FWIW, while I'm not keen on Mike's particular proposal, I would also support having a slot to discuss this a bit. (On the basis that I might well be wrong, as often happens, or to help tee up a bigger discussion if one's desirable later:-) Cheers, S. >=20 > Thanks! -Mike >=20 >=20 >=20 > From: Kathleen Moriarty Sent: Friday, September 13, 04:42 Subject: > [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum > multi-algorithm PKI To: Mike Ounsworth Cc: secdispatch@ietf.org >=20 >=20 > WARNING: This email originated outside of Entrust Datacard. DO NOT > CLICK links or attachments unless you trust the sender and know the > content is safe. >=20 > Mike, >=20 > Are you looking for an agenda spot in Singapore? >=20 > Additionally, it would be good to see discussion on list in advance, > so thank you for posting your message. >=20 > Best regards, Kathleen >=20 > Sent from my mobile device >=20 >> On Sep 11, 2019, at 5:11 PM, Mike Ounsworth >> wrote: >>=20 >> Hi SecDispatch, >>=20 >> This got bounced here from LAMPS because the scope is potentially >> more than a "limited" pkix change, and because this needs multi-WG >> visibility to decide on a category of solution. >>=20 >>=20 >>=20 >> Background / history -------------------- >>=20 >> The Post-Quantum community (for example, surrounding the NIST PQC >> competition), is pushing for "hybridized" crypto that combines >> RSA/ECC with new primitives in order to hedge our bets against both >> quantum adversaries, and also algorithmic / mathematical breaks of >> the new primitives. >>=20 >>=20 >> A year and a half ago, a draft was put to LAMPS for putting PQ >> public key and signatures into X.509v3 extensions. This draft has >> been allowed to expire, but is being pursued at the ITU.=20 >> https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509= / >> >> >> >>=20 Earlier this year, a new draft was put to LAMPS for defining "composite" public key and signature algorithms that, essentially, concatenate multiple crypto algorithms into a single key or signature octet string. This draft stalled in LAMPS over whether it is the correct overall approa= ch. >> https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ >> >> >> >>=20 Now I'm taking a step back and submitting a draft that acts as a semi-formal problem statement, and an overview of the three main categories of solutions. >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >>=20 >>=20 >>=20 >>=20 >> My Opinion ---------- >>=20 >> Personally, I'm fairly agnostic to the chosen solution, but feel >> that we need some kind of standard(s) around the post-quantum >> transition for certificates and PKI. Personally, I feel that >> Composite is mature enough as an idea to standardize as a tool in >> our toolbox for contexts where it makes sense, even if a different >> mechanism is preferred for TLS and IPSEC/IKE. >>=20 >>=20 >>=20 >>=20 >> Requested action from SECDISPATCH=20 >> --------------------------------- >>=20 >> 1. Feedback on the problem statement draft. >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >>=20 >> 2. Discussion of how to progress this. >>=20 >>=20 >>=20 >>=20 >> PS I'm a new IETF'er, please be gentle :P >>=20 >> Thanks, - - - Mike Ounsworth | Software Security Architect Entrust >> Datacard >>=20 >> _______________________________________________ Secdispatch mailing >> list Secdispatch@ietf.org=20 >> https://www.ietf.org/mailman/listinfo/secdispatch >=20 >=20 >=20 >=20 > _______________________________________________ Secdispatch mailing > list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------10AA727D2123DDEF8B32DF01 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------10AA727D2123DDEF8B32DF01-- --ahNMzArNvtKxLwKX8FCWskgO0P3Jbw12l-- --3ywJRBl81TGJFIdivAavhj2QbGIYrT6NG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl17opwACgkQWrL68XsX K+pAdg/8C0IDuQfm2PWR98PDlIUCIyFBWKmJXujUK5XLqbPJZ0mewga12y9UVi5t zJfE8OBguDlZ7LDjK7bou32FD0EBeDaHU0Cqe0Scxfly2PNTQkOem6MZsH8cuI0A wJxljbkNYsT6SzCPujbj6BAFUXTZ1cJmf/cEqQ/BjjrR43+bgfxA0G1WKFECMKr2 jvAn1rB3kU2beEkh+3Q1JTZiATSvlwYr/rDZ+Akj1gmqlGvKPe1+gB8bP/G/gc87 mrEqXJvSVA7SKXl4lPOo+bzR/qzsDBoP//CsTTycycc8QKOFeEfsjnfp011dnYuz s3suMhDuW/WKGdxPpAxiOaIgpD+rDmfZiqSxW+sFsy7cX9GeWcQ3L/mkG3QATvMW Hkd1qLybTDVvfdM3ah/QVQARCEt9xAx1qZpTS7W4/PcFXkmnRHQryZbcNgViC1Rx 0PGaZBziH42swQ+mwwScX2NMwV0VBRBPBxUxyFfjE+VYNyWjKPp6v0vgYwoF6xV0 t9n/hmumbRKzSXgaGDzCAAWOncnQ4S/93r2R0by1DmP3vYuWavy3dBsdFetiPDoS 2vv1hcNWDW1II670393soQFeA+GtxVE/cfNNo1iIvk4ddUmQep5qlURkBGRj0Fec PQixqWrVg13HfFN9rVuI5sbcgXcaI0/56Zo6d9Kl4qlRIL4rQm4= =MLit -----END PGP SIGNATURE----- --3ywJRBl81TGJFIdivAavhj2QbGIYrT6NG-- From nobody Fri Sep 13 19:19:06 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC6E1201C6 for ; Fri, 13 Sep 2019 19:19:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c522P2OvZWie for ; Fri, 13 Sep 2019 19:18:57 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 145D21200B8 for ; Fri, 13 Sep 2019 19:18:57 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [142.169.78.188]) by relay.sandelman.ca (Postfix) with ESMTPS id 5E6B21F459 for ; Sat, 14 Sep 2019 02:18:55 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 9E088488B; Sat, 14 Sep 2019 03:19:33 +0100 (WEST) From: Michael Richardson To: "secdispatch\@ietf.org" In-reply-to: References: Comments: In-reply-to "Scott Fluhrer (sfluhrer)" message dated "Thu, 12 Sep 2019 19:08:49 -0000." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Sat, 14 Sep 2019 04:19:33 +0200 Message-ID: <28224.1568427573@dooku.sandelman.ca> Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2019 02:19:00 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable > One might think we have plenty of time, given that Real Quantum > Computers are, more than likely, more than 10 years away, and even on= ce > you have one, you cannot use your Quantum Computer to break the > authentication of recorded conversations. No, we really don't have plenty of time. Some suggest that it is actually already rather *late* Long-lived devices (such as automobiles) are being designed today, for production in mid-2020s, and many will be on the road until 2040. =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl18TjUACgkQlUzhVv38 QpBLwwgAoFE4qTlWItsjglSHRrcaWbn7KmecsoR7bXfJZAFYzyGWRHalOCONdy5E CybUN1tuMMHy5SbZ1cmEWilFudcG5iZaCjKgp+Y/DD6ImpGySfsYG+D9GGrkgaRJ TNzN/nNVX6c6qhqP/f+QTOa3OgYiQo8kg70TuYzBBHRtYU4R5NQpjPaaJaJsB9h9 ALqa0vhFSze7RI9UsF/X/Nm8VYDzCvKMGaN0rg5P7raYdPZFXNHK6f4uv0xOniIw uK74JZP1g6iWNu7ZRqwitAejJ9gkC4uzBM8Yf6gI/WXAmv2a+OAXastoqO5sdm8G 1qI1uob6FtRvAWy/kds8fUf7eNbfFQ== =eOo+ -----END PGP SIGNATURE----- --=-=-=-- From nobody Fri Sep 13 19:28:11 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C45B1200B4 for ; Fri, 13 Sep 2019 19:28:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptqWKoAKxpQv for ; Fri, 13 Sep 2019 19:28:06 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047B4120026 for ; Fri, 13 Sep 2019 19:28:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CA50FBE2F; Sat, 14 Sep 2019 03:28:02 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e7TYiySW92P2; Sat, 14 Sep 2019 03:28:01 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F1F07BE2E; Sat, 14 Sep 2019 03:28:00 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568428081; bh=+QSBFjCS8XiXQiSca+Ae6ESmHV3xacvB+lBUQRi3ssc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=rAuCuoqiC1m8LrBHLnQsli1MDzMHKm4hxVsnO7T/MjYLRdO6AUZaSYbcNRPzQk6JU 4vqcPWa9ecIZlvrfOj3jCYOB7m7osHYnrUSfmdPhjKLiwIPi/9TjaPOSgtdsiKh21s MaKMBF4tCPy4UvPMCM49pv69K42QUzrtKvMAIaAg= To: Michael Richardson , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Sat, 14 Sep 2019 03:28:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <28224.1568427573@dooku.sandelman.ca> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JtBLnu1tpWiKZChPzu35276ZLZEDOVqJZ" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2019 02:28:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JtBLnu1tpWiKZChPzu35276ZLZEDOVqJZ Content-Type: multipart/mixed; boundary="37xsjOFqeBYy1tuxsAtQzK1K4pOwl8aEb"; protected-headers="v1" From: Stephen Farrell To: Michael Richardson , "secdispatch@ietf.org" Message-ID: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> In-Reply-To: <28224.1568427573@dooku.sandelman.ca> --37xsjOFqeBYy1tuxsAtQzK1K4pOwl8aEb Content-Type: multipart/mixed; boundary="------------B9C0BC75FED23DD5D8B36FF8" Content-Language: en-GB This is a multi-part message in MIME format. --------------B9C0BC75FED23DD5D8B36FF8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 14/09/2019 03:19, Michael Richardson wrote: >=20 > > One might think we have plenty of time, given that Real Quantum > > Computers are, more than likely, more than 10 years away, and eve= n once > > you have one, you cannot use your Quantum Computer to break the > > authentication of recorded conversations. >=20 > No, we really don't have plenty of time. > Some suggest that it is actually already rather *late* >=20 > Long-lived devices (such as automobiles) are being designed today, for > production in mid-2020s, and many will be on the road until 2040. Count me unconvinced. Either those devices will have s/w update or they're screwed already even without requiring the putative existence of a quantum computer. And we are discussing authentication here, mostly of origins I guess, and not confidentiality, so post-facto attacks don't count afaics. I'd appreciate if someone could explain the specifics of the pressing issue here that requires us to not wait for e.g., the outcome of the NIST competition. Cheers, S. >=20 >=20 > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------B9C0BC75FED23DD5D8B36FF8 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------B9C0BC75FED23DD5D8B36FF8-- --37xsjOFqeBYy1tuxsAtQzK1K4pOwl8aEb-- --JtBLnu1tpWiKZChPzu35276ZLZEDOVqJZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl18UDAACgkQWrL68XsX K+rO5g/6Av3Z2XHQXnXYvBhW+lfN8RDyosA39+/bXd8usoVYQQ0ETkU3xT6ZNMLA 8q5c72fe7oz83UI3bUnszLN/vYfF3CWlGDUHwAifl0pA8fJNeEyUffaui6H7egfU YwaYJycF98cq2AlwZ6wUGWtjrkTCw5e85Iw95jQNbcxcA/Aar7Zrv7hsmtb+ZORB bJ5OP567LpXaVs1zbx32XvLJ3/+i2qxJGYA2fy3DDOt8CyRXtNigJIsfWRkCxXDz 4IoGWCH36zkctQZCE+dElLFiBmyOzm+dX5fCHCoLDK4fkyFanipLqd/jC5egdP1J DlIIeZ//ySzv7JT0d3HzBGfh46LNP3mQC4/uEb6glTyZFu4KTfUkWMbMo+dA/kjW TF8UVjpVekiZfr97ZWkWtmzyAoUhXMsvs0pN3uYV6nMR8GKn1HY/7aSQbDGIPhwf AW8GQQj35uQvFnJbR6pwf1jrMIGeN3bYRaXMEzzDbvzoBm3HuLA7WhPmf9dvzsjM zxo65ENONL0gWlag0+3kirT9Z6QK80Rr+eRGiROORRtR77WzKg420SyczL88xO70 YpbGq9Y4nVvfWjyVVkFPNA2BQJKiaPSBw0U/qrqV0UF3bpR2taiy8PLBRm8jO4eA 364Hzl6Tkom3zxNBXx6ZHtfMN/on1K8TH1y1WU32G315mgaQejs= =rCDW -----END PGP SIGNATURE----- --JtBLnu1tpWiKZChPzu35276ZLZEDOVqJZ-- From nobody Fri Sep 13 19:34:07 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EAF21200E3 for ; Fri, 13 Sep 2019 19:34:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCeXZ_DEvwVU for ; Fri, 13 Sep 2019 19:34:04 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30ADC120048 for ; Fri, 13 Sep 2019 19:34:04 -0700 (PDT) Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8E2Vv0Q003897; Sat, 14 Sep 2019 03:33:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=2EAsVTiFqh/rYJawVOkP3SP5ExNnpV/79mVVaMgmKcA=; b=h+ftpuWoM3m3Yhi7gJ2edfauTtRQK5O9OuXKMhIdUNarw+r/BgU2rSklNSUzH1UYpFMN 7u7NtFRnbIyKA4BV0QXMN7QlIqX0NSLZNw8GZK6XcM0h+ZV3c5/bN8dJ0g3suXcJHEtT H3agLjeCCFHyKqDS59BPBKFDkJEtWKL7/9RAdw6JLn6FfvZSbWBYJW4zV2oUfONCuCMp Gl16rHDz20JRROxXM5OteaCf6LD4y2kFlFiPtRONZ1RdN6Fv+JX3cYeSMUEHxJKxG0Fz H4AaKw1T33/qS6V6Abdbb6/y2tk/mm89+1c7Bkb/b9T/8BoyBYrmsgef/gboDwWlge0h Wg== Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2v0qf6g0ev-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Sep 2019 03:33:55 +0100 Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x8E2WG8v002458; Fri, 13 Sep 2019 22:33:54 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 2uyth0wk1g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 13 Sep 2019 22:33:54 -0400 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb6.msg.corp.akamai.com (172.27.123.54) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 13 Sep 2019 22:33:53 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 13 Sep 2019 22:33:53 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Fri, 13 Sep 2019 22:33:53 -0400 From: "Salz, Rich" To: Stephen Farrell , Michael Richardson , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXfVxcavif61SUGWKpDq+p2d8acoqyKAgAIKrYCAAAJdAP//vpSA Date: Sat, 14 Sep 2019 02:33:52 +0000 Message-ID: <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> References: <28224.1568427573@dooku.sandelman.ca> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.40.203] Content-Type: text/plain; charset="utf-8" Content-ID: <8D5538ECBBFC944BA26D7ED613F12D44@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-13_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=944 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909140023 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-13_11:2019-09-11,2019-09-13 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=919 malwarescore=0 suspectscore=0 phishscore=0 clxscore=1011 adultscore=0 impostorscore=0 bulkscore=0 priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909140023 Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2019 02:34:06 -0000 ICAgID4gTG9uZy1saXZlZCBkZXZpY2VzIChzdWNoIGFzIGF1dG9tb2JpbGVzKSBhcmUgYmVpbmcg ZGVzaWduZWQgdG9kYXksIGZvcg0KICAgID4gcHJvZHVjdGlvbiBpbiBtaWQtMjAyMHMsIGFuZCBt YW55IHdpbGwgYmUgb24gdGhlIHJvYWQgdW50aWwgMjA0MC4NCiAgICANCj4gICAgQ291bnQgbWUg dW5jb252aW5jZWQuDQogIA0KTWUgdG9vLg0KDQpTb21lb25lIHNob3VsZCBkaWcgdXAgYW5kIHBv c3QgdGhlIHZpZGVvIGxpbmsgdG8gS2VubnkgUGF0ZXJzb24ncyB0YWxrLiAgS2V5IHRha2UtYXdh eTogIHdhaXQgZm9yIE5JU1QsIGl0J3MgYWx3YXlzICJ0d28geWVhcnMgYXdheS4iDQoNCg0KDQo= From nobody Fri Sep 13 19:53:05 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3644A1200E3 for ; Fri, 13 Sep 2019 19:53:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLybZNjKo6-Y for ; Fri, 13 Sep 2019 19:53:01 -0700 (PDT) Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEE261200B4 for ; Fri, 13 Sep 2019 19:53:00 -0700 (PDT) Received: from dooku.sandelman.ca (unknown [142.169.78.188]) by relay.sandelman.ca (Postfix) with ESMTPS id 071481F459; Sat, 14 Sep 2019 02:52:59 +0000 (UTC) Received: by dooku.sandelman.ca (Postfix, from userid 179) id 2A0D0488B; Sat, 14 Sep 2019 03:53:37 +0100 (WEST) From: Michael Richardson To: Stephen Farrell cc: "secdispatch\@ietf.org" In-reply-to: References: <28224.1568427573@dooku.sandelman.ca> Comments: In-reply-to Stephen Farrell message dated "Sat, 14 Sep 2019 03:28:00 +0100." X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Date: Sat, 14 Sep 2019 04:53:37 +0200 Message-ID: <29967.1568429617@dooku.sandelman.ca> Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2019 02:53:03 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Stephen Farrell wrote: > On 14/09/2019 03:19, Michael Richardson wrote: >>=20 >> > One might think we have plenty of time, given that Real Quantum > >> Computers are, more than likely, more than 10 years away, and even >> once > you have one, you cannot use your Quantum Computer to break t= he >> > authentication of recorded conversations. >>=20 >> No, we really don't have plenty of time. Some suggest that it is >> actually already rather *late* >>=20 >> Long-lived devices (such as automobiles) are being designed today, f= or >> production in mid-2020s, and many will be on the road until 2040. > Count me unconvinced. > Either those devices will have s/w update or they're screwed already If QM mechanisms take a lot more ram or a lot more bandwidth, then software updates aren't going to help them. My understanding is that safety critical systems in cars are authenticating to each other over the internal buses (CAN, etc.) already. > even without requiring the putative existence of a quantum > computer. And we are discussing authentication here, mostly of origins > I guess, and not confidentiality, so post-facto attacks don't count > afaics. > I'd appreciate if someone could explain the specifics of the pressing > issue here that requires us to not wait for e.g., the outcome of the > NIST competition. I'm not saying that we can't wait to finalize things. I'm saying that we shouldn't wait for it to be finalized to start. Can we support multiple signatures inside a certificate? I don't think so. So what can we do? =2D-=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAl18VjAACgkQlUzhVv38 QpAyDQf/VkWMIUiHHCxiXV+4JT21fg8jHFelBN/nbC4t47kNdBKVNWPjppwQZ6eh FU4KR4g6462K460Mq/4bxdGNLrl9CGwcSe3Unh6es3mv/2txR6WermkejAqyd5iB RRnPmdIipFwoj4EG0mAzZv/BTY704HrLIFIftHiiTF0dRIOuoBfy/unEfYrxTWwI 2wLnBieu9RyJ1es6SiDUgR2ugqSbde6PcRV78q5C4+/RTagnFZVRQ8dPyte6Byj2 JbP/BdTNT+TnM3nTGsw7xaR1y7nyjgPSu2Vxa+T9LvlVPHewyP+xcTmJrTanSW49 yWIbMI42yQQHsHqM64/E/s/NSzCprw== =DlRI -----END PGP SIGNATURE----- --=-=-=-- From nobody Sun Sep 15 05:43:10 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 896391200EC for ; Sun, 15 Sep 2019 05:43:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6LqiEGyyAVf for ; Sun, 15 Sep 2019 05:43:05 -0700 (PDT) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03on0627.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0a::627]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D6751200E6 for ; Sun, 15 Sep 2019 05:43:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mvD+/XKBcwOUCBH5casJ9byGN9DAsxQDkhDSBloKHaEb9uY8qlrg02j45CKXTYYOj2PXi2MQraKbMZdAY6CDhYpaH/myHGBQ7u1XhUkLo1kv6sQmFa8KcPaUsPMgmoUTg22IXmkHaropGlmgfQYOnvCW/7UMjWIVKOXnUb1TKuCCmCLfrpoPSs2jns8lRsQMoGpAvB6cLZsRjY9np+DTLaKBOCC/LsK6m7v3TUSJulbBpTlMn8nUOHmfZPAdsqoGVBNQkVDnJhNDYvGuZrsT1cqtr8g1hhN+bV7GcL6JH05ZDAyHPMq1f+yIpA2PziK03aZq9sTy3PDfaJVshcI4Kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QWtAH0kWW+vXdGrDTzPllpv96komrvBfIESoUmcBkPU=; b=d1xcRGR4HYezF64mA8D4FaI/tnxh3Pt1j83U73+ilo27NEJ3LfU0oFdSA+dCvV/xFpzV+62u1aMYw8MsJ8qZmJn0ZGezm/FOkrzl9BVXDs/ArbQc4jPWZLxFB81cT7hK6vUoE70uZ7+6sCSY9KQJhZ948bB5XdmWDwunHgYkeJf03Z721WQ02QZxzvTz/3EasDBskzTdm4P0Q60dr1B65H2Uhtw3m8fDDG6k1R2vBcxznkDmUzyzsU4MYFAKCUr6fK2Op3zQCHMZUXwY2mDiBoDYflBl7m52IHd6E99vNE0cunHx036IVMxdmjn6da/mrPYqcj7oV1SPLF9Yz2IDYg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QWtAH0kWW+vXdGrDTzPllpv96komrvBfIESoUmcBkPU=; b=XKE4gyd35Qme3PiE7ucqGFqVtqWj6515a7nCEdecqXVpmjQ8gpWjnTPLv7y3s7zWsIrcQRXtiQe5AbY7gmj+92xOl4H6F9GW8PMhsFCgMdNssKHPZCtb/5S+OvcD9nmHKuZCnOHUqd1PjxBCfsC2L91C8lhB8ljJDvp5Ie0akFw= Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2217.eurprd07.prod.outlook.com (10.168.35.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.10; Sun, 15 Sep 2019 12:43:01 +0000 Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::758a:12ec:c6d:e8a9%10]) with mapi id 15.20.2284.009; Sun, 15 Sep 2019 12:43:01 +0000 From: Mohit Sethi M To: "Salz, Rich" , Stephen Farrell , Michael Richardson , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVa8MbNnpMHvDCx0qOQd7WCvo30A== Date: Sun, 15 Sep 2019 12:43:01 +0000 Message-ID: <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> In-Reply-To: <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com; x-originating-ip: [2001:14bb:140:38c6:2f01:7bf6:42ba:b0b7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd365eaf-eb65-4e81-7623-08d739da3eb2 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB2217; x-ms-traffictypediagnostic: HE1PR0701MB2217: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4714; x-forefront-prvs: 01613DFDC8 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(346002)(366004)(39860400002)(136003)(376002)(396003)(199004)(189003)(2906002)(8936002)(99286004)(65806001)(65956001)(6116002)(36756003)(66476007)(66946007)(76116006)(6246003)(66446008)(64756008)(66556008)(31686004)(58126008)(110136005)(316002)(229853002)(6486002)(53936002)(6306002)(6512007)(2501003)(81166006)(81156014)(76176011)(86362001)(6436002)(46003)(71200400001)(8676002)(31696002)(186003)(6506007)(53546011)(2616005)(7736002)(71190400001)(25786009)(102836004)(11346002)(446003)(14454004)(5660300002)(476003)(305945005)(478600001)(966005)(486006)(4744005)(256004)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2217; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: XkBh3DghvdxG1CrDgAtOpbeubEQhp/MJ21Zag3AnO6St8I/jdSpzfHuiGkJwKrB2xvqvxT33VyW6PGgddSPmAVp3POSvwKBFDg0jcrnV0mnHfj6yfSiEvcWFl0XlqeXVJTFTr/winRlsuaBc4xG28Xn+YTaqLriwrP39SPrU+r7P5H7hJZdJZfJF8TfGmqu5QgwqTiGu1HkUFEPN2A+3XbYXPy5vrY6OsZ6xN89HkisT72m/pPf7s9ZCldEHdKBX4N/3yxYjER4Pr401jf4CZnq0fVuMGcN5GvG1PKBfH+f++BUrWGr8SF7PzRcknxxptzdrfjgzoaxOjArET43jxkVd0BgolSv4vYbHWgqic1p4uk6Ez2nAVLrg+r9LBwhuWFAomP9/b71YOZ6GDuvkoh5BcR+3rG2bSgmNgZ+KJm4= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-ID: <16D64E4B78E3D241A604777B736BBEB0@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd365eaf-eb65-4e81-7623-08d739da3eb2 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2019 12:43:01.0762 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: mUCj3xzLJIjtO9sW1fRzZJfkqGui47cNTrE6sEQ94J9/evpieDcklHj/awXGKXx7iwrWubKZEHJiaXqDS2t1v/xT3CzA8SOk0OzF1Xd16B0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2217 Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Sep 2019 12:43:09 -0000 SW5kZWVkLiBJIGZvdW5kIEtlbm55J3MgdGFsayBvbiB0aGlzIHRvcGljIGZyb20gSUVURiA5OSB2 ZXJ5IA0KaW5mb3JtYXRpdmUuIEhlcmUgaXMgdGhlIGxpbms6DQoNCmh0dHBzOi8veW91dHUuYmUv YWJtZDFuNVdVdmM/dD0xNDQ1DQoNCi0tTW9oaXQNCg0KT24gOS8xNC8xOSA1OjMzIEFNLCBTYWx6 LCBSaWNoIHdyb3RlOg0KPiAgICAgID4gTG9uZy1saXZlZCBkZXZpY2VzIChzdWNoIGFzIGF1dG9t b2JpbGVzKSBhcmUgYmVpbmcgZGVzaWduZWQgdG9kYXksIGZvcg0KPiAgICAgID4gcHJvZHVjdGlv biBpbiBtaWQtMjAyMHMsIGFuZCBtYW55IHdpbGwgYmUgb24gdGhlIHJvYWQgdW50aWwgMjA0MC4N Cj4gICAgICANCj4+ICAgICBDb3VudCBtZSB1bmNvbnZpbmNlZC4NCj4gICAgDQo+IE1lIHRvby4N Cj4NCj4gU29tZW9uZSBzaG91bGQgZGlnIHVwIGFuZCBwb3N0IHRoZSB2aWRlbyBsaW5rIHRvIEtl bm55IFBhdGVyc29uJ3MgdGFsay4gIEtleSB0YWtlLWF3YXk6ICB3YWl0IGZvciBOSVNULCBpdCdz IGFsd2F5cyAidHdvIHllYXJzIGF3YXkuIg0KPg0KPg0KPg0KPiBfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBTZWNkaXNwYXRjaCBtYWlsaW5nIGxpc3QN Cj4gU2VjZGlzcGF0Y2hAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zZWNkaXNwYXRjaA0K From nobody Sun Sep 15 07:29:50 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C49912011C for ; Sun, 15 Sep 2019 07:29:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vIIuFRMeJ6XE for ; Sun, 15 Sep 2019 07:29:47 -0700 (PDT) Received: from mail-vk1-xa2b.google.com (mail-vk1-xa2b.google.com [IPv6:2607:f8b0:4864:20::a2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C311612011B for ; Sun, 15 Sep 2019 07:29:46 -0700 (PDT) Received: by mail-vk1-xa2b.google.com with SMTP id b17so2824841vkn.11 for ; Sun, 15 Sep 2019 07:29:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GMe3DxqClx8NhBs8d8zIum+sQVsD7jqsGne12+QqDag=; b=QNCjrjTWJ5Lqlm0LSyGYTYfGASZCkQRgjAIWqwig4xwGxqoZtEDQRD9GdUbhB8s5P+ 9AegQhy95MI0kXsW6PmuCZC2d+Ok1mp1+CG9YruWhqbg6KdGoyGpAqNFnQopa4HIDu1o JLI/sh+ubLv0eUlwzHV/fvmd1/U6LW3oVp4CzZ4oAREx3Fm0gkb8VrdKPXIyb384N9so Uil1cPnE72IWvp2oQa3sUrPOot4Tegw3OKdISr02BCiZtqXIHyqMk5TudkMlrqD5sNVo CgXH0GWgMzvM6/9dm006mLt1msNXRQDzrLLVOxpyuQiKSM+v/bQkfqI2whjO1mJptTPy KDtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GMe3DxqClx8NhBs8d8zIum+sQVsD7jqsGne12+QqDag=; b=n1vvnPKDjEOx978CXIwaXzs7KPttwUQdXuW6KnNCY15pqrlpekPmJkss/RPkBXZLjQ 286wcLZ6uoJwexDMIwZablJU5oGLIBwqlxBMI/SqTJlpTxiN0cEsidrIhq1ftpvjgagC 9t/2snlsi4PicAzSumlAR1TW1bziAOqs8dWDSDUOaL3NjEakGwoBAojOPJNE6ndQb1vr N81pZuX4uRhhbn4KXxe+GsjYeTQgxPR4Z9GRXiM9HGvaFAEvVbTjAedfNVWgPtZ9Lfdt WXBAiioXR+aENvqoZ3Js51XsTTCUlgrByZ/fKu2y1yt0qadFyidsk6LsjJKgHDI8a9jN IdVw== X-Gm-Message-State: APjAAAXgcknDQ0cnt+OAY1hs0gvMLNrkxN55B7ndQWnDNWBxPzMWxb7H G3gbuAQMqTyum5QThDNcgX2L6UJFkYQkxYvfh+s= X-Google-Smtp-Source: APXvYqymC60tHbhTHZxBROiBcVy6T/mNZA5KXa9c1YpsU0h1KCqRdNZ0+az30d46hFgBNBSgH+6HO1DJ/bMWCzmIfr0= X-Received: by 2002:a1f:df84:: with SMTP id w126mr548792vkg.63.1568557785759; Sun, 15 Sep 2019 07:29:45 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> In-Reply-To: <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> From: Ira McDonald Date: Sun, 15 Sep 2019 10:29:34 -0400 Message-ID: To: Mohit Sethi M , Ira McDonald Cc: "Salz, Rich" , Stephen Farrell , Michael Richardson , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000a145a90592985115" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Sep 2019 14:29:49 -0000 --000000000000a145a90592985115 Content-Type: text/plain; charset="UTF-8" Hi, Thanks for the link to Kenny's talk. Stephen - The hard problem for automotive vehicles is that, even if Quantum Computing never comes to pass, algorithms and various implementations go on having new weaknesses found over time. But decent performance requires hardware assist, in many cases. But automotive ECUs are very unlikely to start have large FPGAs added soon. Replacing 100s of expensive ECUs in fielded vehicles to allow practical algorithm agility is not going to happen. This issue that Michael Richardson mentioned is at the top of the list for the automotive cybersecurity community. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com PO Box 221 Grand Marais, MI 49839 906-494-2434 On Sun, Sep 15, 2019 at 8:43 AM Mohit Sethi M wrote: > Indeed. I found Kenny's talk on this topic from IETF 99 very > informative. Here is the link: > > https://youtu.be/abmd1n5WUvc?t=1445 > > --Mohit > > On 9/14/19 5:33 AM, Salz, Rich wrote: > > > Long-lived devices (such as automobiles) are being designed > today, for > > > production in mid-2020s, and many will be on the road until 2040. > > > >> Count me unconvinced. > > > > Me too. > > > > Someone should dig up and post the video link to Kenny Paterson's talk. > Key take-away: wait for NIST, it's always "two years away." > > > > > > > > _______________________________________________ > > Secdispatch mailing list > > Secdispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/secdispatch > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000a145a90592985115 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Thanks for the link to K= enny's talk.

Stephen - The hard problem for au= tomotive vehicles is that, even if
Quantum Computing never comes = to pass, algorithms and various
implementations go on having new = weaknesses found over time.
But decent performance requires hardw= are assist, in many cases.
But automotive ECUs are very unlikely = to start have large FPGAs
added soon.=C2=A0 Replacing 100s of exp= ensive ECUs in fielded vehicles
to allow practical algorithm agil= ity is not going to happen.=C2=A0 This issue
that Michael Richard= son mentioned is at the top of the list for the
automotive cybers= ecurity community.

Cheers,
- Ira

Ira McDonald (Musician / Software Archite= ct)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TC= G Metadata Access Protocol SG
Chair - Linux Found= ation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co= -Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Exp= ert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
ma= ilto: blueroof= music@gmail.com
PO Box 221=C2=A0 Grand Marais, MI 49839=C2=A0 906-49= 4-2434

<= /div>

<= /div>

On Sun, Sep 15, 2019 at 8:43 AM Mohit Sethi M <mohit.m.sethi=3D40ericsson.com@dmarc.ietf.org<= /a>> wrote:
I= ndeed. I found Kenny's talk on this topic from IETF 99 very
informative. Here is the link:

https://youtu.be/abmd1n5WUvc?t=3D1445

--Mohit

On 9/14/19 5:33 AM, Salz, Rich wrote:
>=C2=A0 =C2=A0 =C2=A0 > Long-lived devices (such as automobiles) are = being designed today, for
>=C2=A0 =C2=A0 =C2=A0 > production in mid-2020s, and many will be on = the road until 2040.
>=C2=A0 =C2=A0 =C2=A0
>>=C2=A0 =C2=A0 =C2=A0Count me unconvinced.
>=C2=A0 =C2=A0
> Me too.
>
> Someone should dig up and post the video link to Kenny Paterson's = talk.=C2=A0 Key take-away:=C2=A0 wait for NIST, it's always "two y= ears away."
>
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@= ietf.org
> https://www.ietf.org/mailman/listinfo/secdispa= tch
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000a145a90592985115-- From nobody Mon Sep 16 09:05:29 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 925141200FE for ; Mon, 16 Sep 2019 09:05:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SX2r0hwg4azN for ; Mon, 16 Sep 2019 09:05:24 -0700 (PDT) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3DA12004F for ; Mon, 16 Sep 2019 09:05:24 -0700 (PDT) IronPort-SDR: M1ajb7djimb1CNp0I4OODpB2ukuv/J05b6RV7POWo97r+xqP7bpMPvzGqkMRYJGAZ1g52Wiqs8 QFmzgXdjjBXw== X-IronPort-AV: E=Sophos;i="5.64,513,1559538000"; d="scan'208";a="57095386" Received: from pmspex04.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.51]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 16 Sep 2019 11:05:23 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX04.corporate.datacard.com (192.168.211.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 16 Sep 2019 11:05:23 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Mon, 16 Sep 2019 11:05:22 -0500 From: Mike Ounsworth To: Michael Richardson , Stephen Farrell CC: "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaZ2KAX3VFnPP10y+CPHZx6ks6acqxkeAgAACXQCAAAcogIADqdfw Date: Mon, 16 Sep 2019 16:05:22 +0000 Message-ID: References: <28224.1568427573@dooku.sandelman.ca> <29967.1568429617@dooku.sandelman.ca> In-Reply-To: <29967.1568429617@dooku.sandelman.ca> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 16:05:28 -0000 > Stephen Farrell wrote: > I'd appreciate if someone could explain the specifics of the pressing iss= ue here that requires us to not wait for e.g., the outcome of the NIST comp= etition. My Goal: multi-vendor interop on PQ certificates. I'm coming from the persp= ective of a CA; it can take years to distribute a root cert to all the plac= es it needs to be before you can really start using it. Plus, people want t= o playing with these things ASAP to understand the scope of infrastructure = changes required. There's the time pressure. I think you're right that to really deploy any meaningful 20 year root usin= g, for example the small lattice schemes, we'll need to wait for the NIST P= QC algs to stop having so much churn.=20 That said, laying the groundwork for the "hybrid" property in certificates = that the NIST PQC community is calling for will require much debate and a f= ew RFCs. This work is necessary and independent of the choice of algorithm = from the NIST PQC competition, so why should we wait until 2023 to _start_ = thinking about it? Why not do it in parallel, be able to offer alpha test v= ersions of PKI products before the conclusion of the NIST PQC, and be ready= to drop-in the NIST winners the day they're ready? - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Secdispatch On Behalf Of Michael Richa= rdson Sent: Friday, September 13, 2019 9:54 PM To: Stephen Farrell Cc: secdispatch@ietf.org Subject: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum mul= ti-algorithm PKI Stephen Farrell wrote: > On 14/09/2019 03:19, Michael Richardson wrote: >>=20 >> > One might think we have plenty of time, given that Real Quantum > >> Computers are, more than likely, more than 10 years away, and even >> once > you have one, you cannot use your Quantum Computer to break t= he >> > authentication of recorded conversations. >>=20 >> No, we really don't have plenty of time. Some suggest that it is >> actually already rather *late* >>=20 >> Long-lived devices (such as automobiles) are being designed today, f= or >> production in mid-2020s, and many will be on the road until 2040. > Count me unconvinced. > Either those devices will have s/w update or they're screwed already If QM mechanisms take a lot more ram or a lot more bandwidth, then software= updates aren't going to help them. My understanding is that safety critical systems in cars are authenticating= to each other over the internal buses (CAN, etc.) already. > even without requiring the putative existence of a quantum > computer. And we are discussing authentication here, mostly of origin= s > I guess, and not confidentiality, so post-facto attacks don't count > afaics. > I'd appreciate if someone could explain the specifics of the pressing > issue here that requires us to not wait for e.g., the outcome of the > NIST competition. I'm not saying that we can't wait to finalize things. I'm saying that we shouldn't wait for it to be finalized to start. Can we support multiple signatures inside a certificate? I don't think so. So what can we do? --=20 ] Never tell me the odds! | ipv6 mesh network= s [=20 ] Michael Richardson, Sandelman Software Works | network architect= [=20 ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [=20 =09 From nobody Mon Sep 16 11:05:51 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7773120047 for ; Mon, 16 Sep 2019 11:05:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0UEFmvBWzNx for ; Mon, 16 Sep 2019 11:05:47 -0700 (PDT) Received: from esa1.isaracorp.com (esa1.isaracorp.com [207.107.152.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3437A12003E for ; Mon, 16 Sep 2019 11:05:47 -0700 (PDT) IronPort-SDR: JuzealxwMv15lZQ1jmCokH0GebE4iEOHOh4ZJX3M9asRouV8X81g5fVthf4Q0Xa0H462AGBnzv TSOG0vlc4uSRBRQx5AgI/5PjTuFm48ksNODFMrLllbpWPBeLOhIlUe9Lzqw+snquTBXYPN0XjV w4Gx9dKz2oeFeSs5g1D8CCzoUeEKFCFS/nGzDfmFMCvyy7LZwUs6KhgyyUh+AeurhWxL3fr3EI f504ro6DqUpL4xfN23Vs6BKA7t/FgfqXvrcayUv0GRc2z2S5rwvdud4Gei3Cca6eyGkE9HeQ4Z MgE= Received: from unknown (HELO V0501WEXGPR02.isaracorp.com) ([10.5.9.20]) by ip1.isaracorp.com with ESMTP; 16 Sep 2019 18:05:46 +0000 Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR02.isaracorp.com (10.5.9.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1779.2; Mon, 16 Sep 2019 14:06:47 -0400 Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1779.002; Mon, 16 Sep 2019 14:06:47 -0400 From: Daniel Van Geest To: Michael Richardson , Stephen Farrell CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXgFtTFwjcz8+E6FXlBxfl7/XqcoqyKAgAIKrYCAAAJcAIAABymAgAPgdIA= Date: Mon, 16 Sep 2019 18:06:47 +0000 Message-ID: References: <28224.1568427573@dooku.sandelman.ca> <29967.1568429617@dooku.sandelman.ca> In-Reply-To: <29967.1568429617@dooku.sandelman.ca> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.31.5.52] Content-Type: multipart/alternative; boundary="_000_F7C0894D1BB047A3B4084BD828D9EE28isaracom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 18:05:50 -0000 --_000_F7C0894D1BB047A3B4084BD828D9EE28isaracom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TWljaGFlbCwNCg0KT24gMjAxOS0wOS0xMywgMTA6NTQgUE0sICJTZWNkaXNwYXRjaCBvbiBiZWhh bGYgb2YgTWljaGFlbCBSaWNoYXJkc29uIiA8c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZzxt YWlsdG86c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZz4gb24gYmVoYWxmIG9mIG1jckBzYW5k ZWxtYW4uY2E8bWFpbHRvOm1jckBzYW5kZWxtYW4uY2E+PiB3cm90ZToNCg0KQ2FuIHdlIHN1cHBv cnQgbXVsdGlwbGUgc2lnbmF0dXJlcyBpbnNpZGUgYSBjZXJ0aWZpY2F0ZT8gSSBkb24ndCB0aGlu ayBzby4NCg0KV2h5IG5vdD8gIE1pa2XigJlzIHByb2JsZW0gc3RhdGVtZW50IGRyYWZ0IGhhcyB0 d28gcG90ZW50aWFsIHRlY2huaWNhbCBzb2x1dGlvbnMgZG9pbmcganVzdCB0aGF0LCBlYWNoIHdp dGggYWR2YW50YWdlcyBhbmQgZGlzYWR2YW50YWdlcy4gIE9yIGlzIHRoZXJlIG1vcmUgb2YgYSBs b2dpc3RpY2FsIG9yIG90aGVyIGlzc3VlPyAgS25vd2luZyB3aHkgeW91IHRoaW5rIHdlIGNhbuKA mXQgc3VwcG9ydCBtdWx0aXBsZSBzaWduYXR1cmVzIGluc2lkZSBhIGNlcnRpZmljYXRlIGNvdWxk IGhlbHAgcmVmaW5lIHRoZSBwcm9ibGVtIHN0YXRlbWVudC4NCg0KVGhhbmtzLA0KRGFuaWVsIFZh biBHZWVzdA0KDQo= --_000_F7C0894D1BB047A3B4084BD828D9EE28isaracom_ Content-Type: text/html; charset="utf-8" Content-ID: <204F04448395954A9A75251CF323189E@isara.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowY207 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5h cHBsZS10YWItc3Bhbg0KCXttc28tc3R5bGUtbmFtZTphcHBsZS10YWItc3Bhbjt9DQpzcGFuLkVt YWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZh dWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0K QHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4w cHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRT ZWN0aW9uMTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tQ0EiIGxpbms9 ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPk1pY2hhZWwsPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+T24gMjAxOS0wOS0xMywgMTA6NTQgUE0s ICZxdW90O1NlY2Rpc3BhdGNoIG9uIGJlaGFsZiBvZiBNaWNoYWVsIFJpY2hhcmRzb24mcXVvdDsg Jmx0OzxhIGhyZWY9Im1haWx0bzpzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnIj5zZWNkaXNw YXRjaC1ib3VuY2VzQGlldGYub3JnPC9hPiBvbiBiZWhhbGYgb2YNCjxhIGhyZWY9Im1haWx0bzpt Y3JAc2FuZGVsbWFuLmNhIj5tY3JAc2FuZGVsbWFuLmNhPC9hPiZndDsgd3JvdGU6PG86cD48L286 cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+ Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjM2LjBwdCI+Q2FuIHdlIHN1cHBvcnQgbXVsdGlwbGUgc2lnbmF0dXJlcyBpbnNpZGUgYSBjZXJ0 aWZpY2F0ZT8gSSBkb24ndCB0aGluayBzby48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+V2h5IG5vdD8mbmJzcDsgTWlrZeKA mXMgcHJvYmxlbSBzdGF0ZW1lbnQgZHJhZnQgaGFzIHR3byBwb3RlbnRpYWwgdGVjaG5pY2FsIHNv bHV0aW9ucyBkb2luZyBqdXN0IHRoYXQsIGVhY2ggd2l0aCBhZHZhbnRhZ2VzIGFuZCBkaXNhZHZh bnRhZ2VzLiZuYnNwOyBPciBpcyB0aGVyZSBtb3JlIG9mIGEgbG9naXN0aWNhbCBvciBvdGhlciBp c3N1ZT8mbmJzcDsgS25vd2luZyB3aHkgeW91IHRoaW5rIHdlIGNhbuKAmXQgc3VwcG9ydCBtdWx0 aXBsZSBzaWduYXR1cmVzDQogaW5zaWRlIGEgY2VydGlmaWNhdGUgY291bGQgaGVscCByZWZpbmUg dGhlIHByb2JsZW0gc3RhdGVtZW50LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFua3MsPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5EYW5pZWwgVmFuIEdlZXN0PG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_F7C0894D1BB047A3B4084BD828D9EE28isaracom_-- From nobody Mon Sep 16 13:58:56 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DF041200DB for ; Mon, 16 Sep 2019 13:58:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4mtWGQfwftz for ; Mon, 16 Sep 2019 13:58:52 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69965120041 for ; Mon, 16 Sep 2019 13:58:52 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 8FD96BE2F for ; Mon, 16 Sep 2019 21:58:50 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjorguxYB4Bd for ; Mon, 16 Sep 2019 21:58:48 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 2D193BE2C for ; Mon, 16 Sep 2019 21:58:48 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568667528; bh=7+M/6JISnG+rCIakEqz7nbe9hkCwW22+VAmzn48fmmg=; h=References:From:To:Subject:Date:In-Reply-To:From; b=pX7BzJn+3emWTrOQwpfWZ9Gz6ksabl4XymzESTLrcvFN+Hw9nF7n1TMM8U75vJm60 n16VEoxt/SlVJBO1ZhxbDxx59lQMFgEQvz/CjXx4CDRcg4a084aEJaeX5C5mX+iYSt lnp8h/ihNyaiqWVSmrv23tePWeLCEUo88EEwGhJY= References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== To: "secdispatch@ietf.org" Message-ID: <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> Date: Mon, 16 Sep 2019 21:58:47 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0pHUeXY2zwoKza9FJjzaSqwlVbHyX37gf" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 20:58:55 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0pHUeXY2zwoKza9FJjzaSqwlVbHyX37gf Content-Type: multipart/mixed; boundary="dmlj4kMBevctZHmgV0JGvL8hSJsCK8W0p"; protected-headers="v1" From: Stephen Farrell To: "secdispatch@ietf.org" Message-ID: <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> In-Reply-To: --dmlj4kMBevctZHmgV0JGvL8hSJsCK8W0p Content-Type: multipart/mixed; boundary="------------20880D5F85E20A54862B87CA" Content-Language: en-GB This is a multi-part message in MIME format. --------------20880D5F85E20A54862B87CA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, Replying to various folks at once... On 15/09/2019 15:29, Ira McDonald wrote: > Hi, >=20 > Thanks for the link to Kenny's talk. >=20 > Stephen - The hard problem for automotive vehicles is that, even if > Quantum Computing never comes to pass, algorithms and various > implementations go on having new weaknesses found over time. > But decent performance requires hardware assist, in many cases. > But automotive ECUs are very unlikely to start have large FPGAs > added soon. Replacing 100s of expensive ECUs in fielded vehicles > to allow practical algorithm agility is not going to happen. This issu= e > that Michael Richardson mentioned is at the top of the list for the > automotive cybersecurity community. I don't understand how devices that are not going to be updated can support algorithm agility. Perhaps you mean that you want to deploy those devices soon and not update for a couple of decades or something? If so, that sound like a bad plan to me, and one that'd be better to not cater to really. (RFC8240 has lots of discussion of that.) On 16/09/2019 17:05, Mike Ounsworth wrote: > My Goal: multi-vendor interop on PQ certificates. That seems to beg the question again as to why x.509 is needed at all as part of a PQ solution. > I'm coming from the > perspective of a CA; it can take years to distribute a root cert to > all the places it needs to be before you can really start using it. > Plus, people want to playing with these things ASAP to understand the > scope of infrastructure changes required. There's the time pressure. > > I think you're right that to really deploy any meaningful 20 year > root using, for example the small lattice schemes, we'll need to wait > for the NIST PQC algs to stop having so much churn. > > That said, laying the groundwork for the "hybrid" property in > certificates that the NIST PQC community is calling for will require > much debate and a few RFCs. This work is necessary and independent of > the choice of algorithm from the NIST PQC competition, so why should > we wait until 2023 to _start_ thinking about it? Why not do it in > parallel, be able to offer alpha test versions of PKI products before > the conclusion of the NIST PQC, and be ready to drop-in the NIST > winners the day they're ready? One reason to not do it in parallel is that we don't know how the winning algorithm parameters will look. I can easily imagine NIST modifying how those are encoded and/or introducing new variations, after basic algorithms have been picked, leading to things having to be re-done. (Sorry if the quoting is messed up below, if so, it was messed up in my MUA before I started is my excuse:-) On 16/09/2019 19:06, Daniel Van Geest wrote: > Can we support multiple signatures inside a certificate? I don't > think so. > > Why not? Mike=E2=80=99s problem statement draft has two potential tech= nical > solutions doing just that, each with advantages and disadvantages. > Or is there more of a logistical or other issue? Knowing why you > think we can=E2=80=99t support multiple signatures inside a certificate= could > help refine the problem statement. Again, that assumes that x.509 is a sensible part of a solution. We should first question that. (Mike's draft [1] doesn't.) Secondly, even if x.509 additions were useful somehow for backwards compatibility (which I find hard to believe TBH) then dealing with >1 certificate is likely far easier than messing about inside certs and thereby breaking all the lovely/horrible x.509 code out there. So Mike's section 2.1 [1] is way easier than the 2.[2|3] approaches, despite it being the one with no specific drafts. Again, all that said, I do understand why it may be attractive for those who produce certificates to argue for putting the PQ magic beans inside x.509. There are costs elsewhere implied in doing that, so it ought not be a starting-out assumption. I don't consider the question as to why a PQ x.509 is needed nor why now has been satisfactorily answered so far. Cheers, S. [1] https://tools.ietf.org/html/draft-pq-pkix-problem-statement --------------20880D5F85E20A54862B87CA Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------20880D5F85E20A54862B87CA-- --dmlj4kMBevctZHmgV0JGvL8hSJsCK8W0p-- --0pHUeXY2zwoKza9FJjzaSqwlVbHyX37gf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl1/94cACgkQWrL68XsX K+rqbg/9Gmxe+4Y/ciYtlTfQZJcDMT8O9pr4FGyhBrkBM2pi/rs6rR9z9h5gPWPd D2SelE7XIXB5CoQUXfTLa3M7IQMmZvFzVXmWT/Y98Y6pIcLHwETPF9D+StWNUsUj Bb8aH9aBO9FCryA5CsLzviNhwN3sNuqexeCPYeTXSeXhzBKLwDfc3jUAVXyCmVf1 mcO4mBYpRjhou13HC8In0F1A/O3u+YedZp5jmNgCphWa8WxHW4MNE7w/4tVsqPoF 4dVsrOFZ5zFKiM/gy6KIlDRW2Se2EMpt/+dIQ6k0bJfGVPhFlDHo7ANHMxiB0FdG tu+sTZ1Hm8gGHhec3LSmi8UIdTGm5HIqbogwztRZQHQ06Nt5w19w7yyB3YzSI0xu 8dwUU3K6tbrcQMKshSIwN0dthMdUaLmimAOjgE5bmODonvdydwlBk0ptDeWa4Zey uGMnlPUtu5sK2G9wOF1ENQghuV3rAaCRf4OXHhqdf4CfYXhXnjHtCIvcs40vge72 VUWscUZkcUpsOJXcJhPACyxyVb4e8XFYqJqxk1rpn3TUPlZdsQh5CitjIxiUpGgu 376yeVv4WT8bZdDWrGoCbdpkqV9oy+N27jyG2mRn3CORwz2JaYXNxUAPt1RrmMnH Fgns46CPfXrhFuPZlCY0eMPec1IOTnokm28U2LV7ZcmWbja7kTc= =QHgC -----END PGP SIGNATURE----- --0pHUeXY2zwoKza9FJjzaSqwlVbHyX37gf-- From nobody Mon Sep 16 14:35:57 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FF7F1200C7 for ; Mon, 16 Sep 2019 14:35:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UBIaVTpp; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CiIe9Bf8 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mUUxtPLRPSEu for ; Mon, 16 Sep 2019 14:35:51 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB814120041 for ; Mon, 16 Sep 2019 14:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6622; q=dns/txt; s=iport; t=1568669750; x=1569879350; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=y5+nyU6untfCLeNV/YkdQK9git28fT3gzZ9UY8z/ISg=; b=UBIaVTppKQSVS8rz5gmoJU77GUKFhGHnXgJHNAhAsrYz2eGy3CGGZG79 b17WEfTSO+lDuvwEasn/9gLsJd6+33emXLH0izTOqf7JoLMdznbwEjEhY GrriazTLKoytqSCn1UdZNVygsQ18yxTAftNz45NFMZKiGMxAqHgHPUN0E c=; IronPort-PHdr: =?us-ascii?q?9a23=3A1r+jgxQZxSVHT584YfiP6TbzAdpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AiAgAS/39d/4YNJK1mGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBZ4FFUANtViAECyqEIYNHA4pxTYIPl3GCUgNUCQEBAQwBASMKAgE?= =?us-ascii?q?BhD8CF4JYIzgTAgMJAQEEAQEBAgEFBG2FLgyFSgEBAQECARILBhEMAQE4BAc?= =?us-ascii?q?EAgEIEQQBAQECAiYCAgIwFQgIAgQBEggMBweDAYFqAw4PAQIMolUCgTiIYXO?= =?us-ascii?q?BMoJ9AQEFhQ0YghcDBoEMKIt4GIFAP4ERRoJMPoJhAQEDgWAVgnQygiaMREc?= =?us-ascii?q?SgjGcMm4KgiKHBY4WgjWWZIRIiUGBOIZUjRWDYQIEAgQFAg4BAQWBaSGBPxE?= =?us-ascii?q?IcBU7gmyCQgwXg0+FFIU/c4Epj00BAQ?= X-IronPort-AV: E=Sophos;i="5.64,514,1559520000"; d="scan'208";a="630375774" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Sep 2019 21:35:49 +0000 Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x8GLZnil011212 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 16 Sep 2019 21:35:49 GMT Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 16:35:48 -0500 Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 16:35:48 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 16 Sep 2019 17:35:47 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dmJTnbHenbypCxo0R1Mr4icBGsEDzxCTOlCJ0aIwXGmm65jduJmXUFTzGvz+iIyeBHgjwWlZIwoKTXuiFBtqrNBASAT3h+XHGnjwPwxL8KPoJnYEzpKwKfmVWLJokxxbJd8jJeakDrjI3VHieRPbKIgF63Mq0gSduwIgXYX6pQzj36Byv9X5VquqAAPtj4h84BqecEqJ11XTdpcNTPzKVkGx3sCQtWKf4ML8sZ4XqUPQ56xuPhqlqXeOTLe3Nh3Aoz3o/Zh5k5C7iS/ZsHDNVxr2AfRLr/eNWXKgTaWYg6mcDIEx4OOqgzkoeddjdC999/Xku7YA9/Kak/JzbV5PUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y5+nyU6untfCLeNV/YkdQK9git28fT3gzZ9UY8z/ISg=; b=c6tS1v5+FTsUOrqARrI/YCdYyL2qRTmLDT3qaDmn3VsfcxPWZbmzzhs7f3zmmGOUEOzd2tkRccd+4UF5ArdtEMv7QR4f6eU7GAoBGmxct6iVIBo43hiPewaPblRT6pUhzA5v3PKJngGNWGKByRyqMTUwomeZR6vr0+44FSP+Ifr65O9GFZ4WxnHPQ/DIRwHCnDe9TheYLkR1IEhUtiJLcMJZS898Ico7ycXpTc88CrolI0lpnSUMlCyaagyj9toIkmFweXhjA44f8409aG9Jv/RBLOT81mAYsKTZkBVyTcxvzGB1jZr6eZsV+bqoO+BCzc1NR0DTxcM8WRdfp/B3jA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y5+nyU6untfCLeNV/YkdQK9git28fT3gzZ9UY8z/ISg=; b=CiIe9Bf8lXLnklHkjIYDQWDXplKxDu+Q3ERQ3ieez7RmJPYt5SlCL+cTB2UkYA4S7nI0MbvM9lrZftPquSpxiLObn9YYl05XeoyADyZ/T3k2tXLBXwfBYoeGgi0ZEV8Ui0MYG/acXM2YqdYWNMwePiiKE5c8Ej0kpm1Bl4jWjKw= Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by BN7PR11MB2627.namprd11.prod.outlook.com (52.135.255.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.23; Mon, 16 Sep 2019 21:35:46 +0000 Received: from BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20]) by BN7PR11MB2547.namprd11.prod.outlook.com ([fe80::20df:b3df:537d:fd20%7]) with mapi id 15.20.2263.023; Mon, 16 Sep 2019 21:35:46 +0000 From: "Panos Kampanakis (pkampana)" To: Stephen Farrell , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXfguOLYcR2lakuySIEKtpaW76coaBSAgAIKrYCAAAJdAIAAAaMAgAI8h4CAAB3FAIAB/xSAgAABVvA= Date: Mon, 16 Sep 2019 21:35:46 +0000 Message-ID: References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> In-Reply-To: <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1008::26] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bdf5e1b4-ba1d-499c-c2e7-08d73aedd606 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN7PR11MB2627; x-ms-traffictypediagnostic: BN7PR11MB2627: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0162ACCC24 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(366004)(346002)(39860400002)(396003)(51914003)(13464003)(189003)(199004)(9686003)(55016002)(99286004)(6306002)(446003)(7736002)(74316002)(305945005)(110136005)(296002)(86362001)(66476007)(2906002)(6506007)(6246003)(476003)(102836004)(53546011)(186003)(11346002)(52536014)(76116006)(316002)(66446008)(64756008)(66556008)(66946007)(76176011)(46003)(7696005)(53936002)(5660300002)(6116002)(8676002)(14444005)(486006)(81166006)(71190400001)(2501003)(229853002)(71200400001)(256004)(6436002)(81156014)(8936002)(14454004)(966005)(478600001)(33656002)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2627; H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: xfw77vYmKJRUYFNIMLxrbSps2DyQesZfsUCPPJ5l6+WZK9lDD36xy3O8tF9XxuXqIJdtOCGGRMcW4IRM78hk7qcOTgJ1fkIqnRlOE0YLU5k8/DOT2COAeS/Bdkw2WjLugaxcBbZ2pdYr55lpbR1gXBaEWvPElxa5sFU96grKtnAnRr4oszvzFBj8tY6FUpA3H6nes1r2YcAi8+rjhfXSRqLqNI7TMW/i92C4y32luQAjdBaJR0xd2k7qkNsmIAmbBJbxmQ1GgumHWut0j030QwgeJZQIgnpENHbF2w0gjFI6xmSKcPy9+OdlU7v3ogSscqRzhO+/pJkzP60B6ZZLTxXs91sKLNDmCgI4A3QSbrK+w4pWE5hwIhrgTOGtsRHq7YBWzZyRZsLp98UjCR8xxg1eTTUw/05ZzccNYetfvcI= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: bdf5e1b4-ba1d-499c-c2e7-08d73aedd606 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2019 21:35:46.8022 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ios7rIrLH6v6Ia37v2MEqz5zXEVIl8b99xSn7ubV55K30qqeNK9ahTdbJCcLQ0gO5nKAe/EGBNY55vs8PbYoDg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2627 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com X-Outbound-Node: alln-core-12.cisco.com Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:35:55 -0000 PiBUaGF0IHNlZW1zIHRvIGJlZyB0aGUgcXVlc3Rpb24gYWdhaW4gYXMgdG8gd2h5IHguNTA5IGlz IG5lZWRlZCBhdCBhbGwgYXMgcGFydCBvZiBhIFBRIHNvbHV0aW9uLiANCg0KQmVjYXVzZSB0aGVy ZSBpcyBub3RoaW5nIGVsc2UgYXMgd2lkZWx5IGFkb3B0ZWQuIFlvdSBoYXZlbid0IGFydGljdWxh dGVkIHdoYXQgd291bGQgcmVwbGFjZSBYLjUwOSBhbmQgaG93IHRoZSB3b3JsZCB3b3VsZCBtaWdy YXRlIGF3YXkgZnJvbSBzdWNoIGEgdWJpcXVpdG91cyBzdGFuZGFyZC4gDQpDb21wb3NpdGUgY2xh c3NpYytQUSBYLjUwOSBtYXkgbm90IGJlIHRoZSB3YXkgdG8gZ28sIGJ1dCByZXBsYWNpbmcgWC41 MDkgYWx0b2dldGhlciB3aXRoIHNvbWV0aGluZyBuZXcgaXMgbm90IGEgcmVhbGlzdGljIGdvYWwg aW1vLiANCg0KDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFNlY2Rpc3Bh dGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgU3RlcGhlbiBG YXJyZWxsDQpTZW50OiBNb25kYXksIFNlcHRlbWJlciAxNiwgMjAxOSA0OjU5IFBNDQpUbzogc2Vj ZGlzcGF0Y2hAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU2VjZGlzcGF0Y2hdIFByb2JsZW0gc3Rh dGVtZW50IGZvciBwb3N0LXF1YW50dW0gbXVsdGktYWxnb3JpdGhtIFBLSQ0KDQoNCkhpeWEsDQoN ClJlcGx5aW5nIHRvIHZhcmlvdXMgZm9sa3MgYXQgb25jZS4uLg0KDQpPbiAxNS8wOS8yMDE5IDE1 OjI5LCBJcmEgTWNEb25hbGQgd3JvdGU6DQo+IEhpLA0KPiANCj4gVGhhbmtzIGZvciB0aGUgbGlu ayB0byBLZW5ueSdzIHRhbGsuDQo+IA0KPiBTdGVwaGVuIC0gVGhlIGhhcmQgcHJvYmxlbSBmb3Ig YXV0b21vdGl2ZSB2ZWhpY2xlcyBpcyB0aGF0LCBldmVuIGlmIA0KPiBRdWFudHVtIENvbXB1dGlu ZyBuZXZlciBjb21lcyB0byBwYXNzLCBhbGdvcml0aG1zIGFuZCB2YXJpb3VzIA0KPiBpbXBsZW1l bnRhdGlvbnMgZ28gb24gaGF2aW5nIG5ldyB3ZWFrbmVzc2VzIGZvdW5kIG92ZXIgdGltZS4NCj4g QnV0IGRlY2VudCBwZXJmb3JtYW5jZSByZXF1aXJlcyBoYXJkd2FyZSBhc3Npc3QsIGluIG1hbnkg Y2FzZXMuDQo+IEJ1dCBhdXRvbW90aXZlIEVDVXMgYXJlIHZlcnkgdW5saWtlbHkgdG8gc3RhcnQg aGF2ZSBsYXJnZSBGUEdBcyBhZGRlZCANCj4gc29vbi4gIFJlcGxhY2luZyAxMDBzIG9mIGV4cGVu c2l2ZSBFQ1VzIGluIGZpZWxkZWQgdmVoaWNsZXMgdG8gYWxsb3cgDQo+IHByYWN0aWNhbCBhbGdv cml0aG0gYWdpbGl0eSBpcyBub3QgZ29pbmcgdG8gaGFwcGVuLiAgVGhpcyBpc3N1ZSB0aGF0IA0K PiBNaWNoYWVsIFJpY2hhcmRzb24gbWVudGlvbmVkIGlzIGF0IHRoZSB0b3Agb2YgdGhlIGxpc3Qg Zm9yIHRoZSANCj4gYXV0b21vdGl2ZSBjeWJlcnNlY3VyaXR5IGNvbW11bml0eS4NCg0KSSBkb24n dCB1bmRlcnN0YW5kIGhvdyBkZXZpY2VzIHRoYXQgYXJlIG5vdCBnb2luZyB0byBiZSB1cGRhdGVk IGNhbiBzdXBwb3J0IGFsZ29yaXRobSBhZ2lsaXR5LiBQZXJoYXBzIHlvdSBtZWFuIHRoYXQgeW91 IHdhbnQgdG8gZGVwbG95IHRob3NlIGRldmljZXMgc29vbiBhbmQgbm90IHVwZGF0ZSBmb3IgYSBj b3VwbGUgb2YgZGVjYWRlcyBvciBzb21ldGhpbmc/IElmIHNvLCB0aGF0IHNvdW5kIGxpa2UgYSBi YWQgcGxhbiB0byBtZSwgYW5kIG9uZSB0aGF0J2QgYmUgYmV0dGVyIHRvIG5vdCBjYXRlciB0byBy ZWFsbHkuIChSRkM4MjQwIGhhcyBsb3RzIG9mIGRpc2N1c3Npb24gb2YgdGhhdC4pDQoNCg0KT24g MTYvMDkvMjAxOSAxNzowNSwgTWlrZSBPdW5zd29ydGggd3JvdGU6DQo+IE15IEdvYWw6IG11bHRp LXZlbmRvciBpbnRlcm9wIG9uIFBRIGNlcnRpZmljYXRlcy4NCg0KVGhhdCBzZWVtcyB0byBiZWcg dGhlIHF1ZXN0aW9uIGFnYWluIGFzIHRvIHdoeSB4LjUwOSBpcyBuZWVkZWQgYXQgYWxsIGFzIHBh cnQgb2YgYSBQUSBzb2x1dGlvbi4NCg0KPiBJJ20gY29taW5nIGZyb20gdGhlDQo+IHBlcnNwZWN0 aXZlIG9mIGEgQ0E7IGl0IGNhbiB0YWtlIHllYXJzIHRvIGRpc3RyaWJ1dGUgYSByb290IGNlcnQg dG8gDQo+IGFsbCB0aGUgcGxhY2VzIGl0IG5lZWRzIHRvIGJlIGJlZm9yZSB5b3UgY2FuIHJlYWxs eSBzdGFydCB1c2luZyBpdC4NCj4gUGx1cywgcGVvcGxlIHdhbnQgdG8gcGxheWluZyB3aXRoIHRo ZXNlIHRoaW5ncyBBU0FQIHRvIHVuZGVyc3RhbmQgdGhlIA0KPiBzY29wZSBvZiBpbmZyYXN0cnVj dHVyZSBjaGFuZ2VzIHJlcXVpcmVkLiBUaGVyZSdzIHRoZSB0aW1lIHByZXNzdXJlLg0KPg0KPiBJ IHRoaW5rIHlvdSdyZSByaWdodCB0aGF0IHRvIHJlYWxseSBkZXBsb3kgYW55IG1lYW5pbmdmdWwg MjAgeWVhciByb290IA0KPiB1c2luZywgZm9yIGV4YW1wbGUgdGhlIHNtYWxsIGxhdHRpY2Ugc2No ZW1lcywgd2UnbGwgbmVlZCB0byB3YWl0IGZvciANCj4gdGhlIE5JU1QgUFFDIGFsZ3MgdG8gc3Rv cCBoYXZpbmcgc28gbXVjaCBjaHVybi4NCj4NCj4gVGhhdCBzYWlkLCBsYXlpbmcgdGhlIGdyb3Vu ZHdvcmsgZm9yIHRoZSAiaHlicmlkIiBwcm9wZXJ0eSBpbiANCj4gY2VydGlmaWNhdGVzIHRoYXQg dGhlIE5JU1QgUFFDIGNvbW11bml0eSBpcyBjYWxsaW5nIGZvciB3aWxsIHJlcXVpcmUgDQo+IG11 Y2ggZGViYXRlIGFuZCBhIGZldyBSRkNzLiBUaGlzIHdvcmsgaXMgbmVjZXNzYXJ5IGFuZCBpbmRl cGVuZGVudCBvZiANCj4gdGhlIGNob2ljZSBvZiBhbGdvcml0aG0gZnJvbSB0aGUgTklTVCBQUUMg Y29tcGV0aXRpb24sIHNvIHdoeSBzaG91bGQgDQo+IHdlIHdhaXQgdW50aWwgMjAyMyB0byBfc3Rh cnRfIHRoaW5raW5nIGFib3V0IGl0PyBXaHkgbm90IGRvIGl0IGluIA0KPiBwYXJhbGxlbCwgYmUg YWJsZSB0byBvZmZlciBhbHBoYSB0ZXN0IHZlcnNpb25zIG9mIFBLSSBwcm9kdWN0cyBiZWZvcmUg DQo+IHRoZSBjb25jbHVzaW9uIG9mIHRoZSBOSVNUIFBRQywgYW5kIGJlIHJlYWR5IHRvIGRyb3At aW4gdGhlIE5JU1QgDQo+IHdpbm5lcnMgdGhlIGRheSB0aGV5J3JlIHJlYWR5Pw0KDQpPbmUgcmVh c29uIHRvIG5vdCBkbyBpdCBpbiBwYXJhbGxlbCBpcyB0aGF0IHdlIGRvbid0IGtub3cgaG93IHRo ZSB3aW5uaW5nIGFsZ29yaXRobSBwYXJhbWV0ZXJzIHdpbGwgbG9vay4gSSBjYW4gZWFzaWx5IGlt YWdpbmUgTklTVCBtb2RpZnlpbmcgaG93IHRob3NlIGFyZSBlbmNvZGVkIGFuZC9vciBpbnRyb2R1 Y2luZyBuZXcgdmFyaWF0aW9ucywgYWZ0ZXIgYmFzaWMgYWxnb3JpdGhtcyBoYXZlIGJlZW4gcGlj a2VkLCBsZWFkaW5nIHRvIHRoaW5ncyBoYXZpbmcgdG8gYmUgcmUtZG9uZS4NCg0KKFNvcnJ5IGlm IHRoZSBxdW90aW5nIGlzIG1lc3NlZCB1cCBiZWxvdywgaWYgc28sIGl0IHdhcyBtZXNzZWQgdXAg aW4gbXkgTVVBIGJlZm9yZSBJIHN0YXJ0ZWQgaXMgbXkgZXhjdXNlOi0pIE9uIDE2LzA5LzIwMTkg MTk6MDYsIERhbmllbCBWYW4gR2Vlc3Qgd3JvdGU6DQo+IENhbiB3ZSBzdXBwb3J0IG11bHRpcGxl IHNpZ25hdHVyZXMgaW5zaWRlIGEgY2VydGlmaWNhdGU/IEkgZG9uJ3QgdGhpbmsgDQo+IHNvLg0K Pg0KPiBXaHkgbm90PyAgTWlrZeKAmXMgcHJvYmxlbSBzdGF0ZW1lbnQgZHJhZnQgaGFzIHR3byBw b3RlbnRpYWwgdGVjaG5pY2FsIA0KPiBzb2x1dGlvbnMgZG9pbmcganVzdCB0aGF0LCBlYWNoIHdp dGggYWR2YW50YWdlcyBhbmQgZGlzYWR2YW50YWdlcy4NCj4gT3IgaXMgdGhlcmUgbW9yZSBvZiBh IGxvZ2lzdGljYWwgb3Igb3RoZXIgaXNzdWU/ICBLbm93aW5nIHdoeSB5b3UgDQo+IHRoaW5rIHdl IGNhbuKAmXQgc3VwcG9ydCBtdWx0aXBsZSBzaWduYXR1cmVzIGluc2lkZSBhIGNlcnRpZmljYXRl IGNvdWxkIA0KPiBoZWxwIHJlZmluZSB0aGUgcHJvYmxlbSBzdGF0ZW1lbnQuDQoNCkFnYWluLCB0 aGF0IGFzc3VtZXMgdGhhdCB4LjUwOSBpcyBhIHNlbnNpYmxlIHBhcnQgb2YgYSBzb2x1dGlvbi4N CldlIHNob3VsZCBmaXJzdCBxdWVzdGlvbiB0aGF0LiAoTWlrZSdzIGRyYWZ0IFsxXSBkb2Vzbid0 LikNCg0KU2Vjb25kbHksIGV2ZW4gaWYgeC41MDkgYWRkaXRpb25zIHdlcmUgdXNlZnVsIHNvbWVo b3cgZm9yIGJhY2t3YXJkcyBjb21wYXRpYmlsaXR5ICh3aGljaCBJIGZpbmQgaGFyZCB0byBiZWxp ZXZlIFRCSCkgdGhlbiBkZWFsaW5nIHdpdGgNCj4xIGNlcnRpZmljYXRlIGlzIGxpa2VseSBmYXIg ZWFzaWVyIHRoYW4gbWVzc2luZyBhYm91dCBpbnNpZGUgY2VydHMNCmFuZCB0aGVyZWJ5IGJyZWFr aW5nIGFsbCB0aGUgbG92ZWx5L2hvcnJpYmxlIHguNTA5IGNvZGUgb3V0IHRoZXJlLg0KU28gTWlr ZSdzIHNlY3Rpb24gMi4xIFsxXSBpcyB3YXkgZWFzaWVyIHRoYW4gdGhlIDIuWzJ8M10gYXBwcm9h Y2hlcywgZGVzcGl0ZSBpdCBiZWluZyB0aGUgb25lIHdpdGggbm8gc3BlY2lmaWMgZHJhZnRzLg0K DQpBZ2FpbiwgYWxsIHRoYXQgc2FpZCwgSSBkbyB1bmRlcnN0YW5kIHdoeSBpdCBtYXkgYmUgYXR0 cmFjdGl2ZSBmb3IgdGhvc2Ugd2hvIHByb2R1Y2UgY2VydGlmaWNhdGVzIHRvIGFyZ3VlIGZvciBw dXR0aW5nIHRoZSBQUSBtYWdpYyBiZWFucyBpbnNpZGUgeC41MDkuIFRoZXJlIGFyZSBjb3N0cyBl bHNld2hlcmUgaW1wbGllZCBpbiBkb2luZyB0aGF0LCBzbyBpdCBvdWdodCBub3QgYmUgYSBzdGFy dGluZy1vdXQgYXNzdW1wdGlvbi4NCg0KSSBkb24ndCBjb25zaWRlciB0aGUgcXVlc3Rpb24gYXMg dG8gd2h5IGEgUFEgeC41MDkgaXMgbmVlZGVkIG5vciB3aHkgbm93IGhhcyBiZWVuIHNhdGlzZmFj dG9yaWx5IGFuc3dlcmVkIHNvIGZhci4NCg0KQ2hlZXJzLA0KUy4NCg0KWzFdIGh0dHBzOi8vdG9v bHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1wcS1wa2l4LXByb2JsZW0tc3RhdGVtZW50DQo= From nobody Mon Sep 16 14:37:50 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 890811200C7 for ; Mon, 16 Sep 2019 14:37:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lN1KjUA0tZaP for ; Mon, 16 Sep 2019 14:37:45 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69FEF120041 for ; Mon, 16 Sep 2019 14:37:45 -0700 (PDT) IronPort-SDR: mVaQJp6DgLZ59AASWZO+V0fB2K5vkCAe9dHZ3+R9owJKNeVUF116wIV0e+rmFpoVw1nQ4jIUfZ 2OfqPiMarXVg== X-IronPort-AV: E=Sophos;i="5.64,514,1559538000"; d="scan'208";a="1460943" Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 16 Sep 2019 16:37:43 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 16 Sep 2019 16:37:43 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Mon, 16 Sep 2019 16:37:43 -0500 From: Mike Ounsworth To: Stephen Farrell , "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaqTmZcXGWCwcF0WYVOY/XovtiqctBL+AgAAdxQCAAf8UgP//rotg Date: Mon, 16 Sep 2019 21:37:43 +0000 Message-ID: <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> In-Reply-To: <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:37:48 -0000 SGkgU3RlcGhlbiwNCg0KSSBmZWVsIGxpa2Ugd2UncmUgYXJndWluZyBpbiBjaXJjbGVzIGhlcmUg YW5kIG5vdCBtYWtpbmcgYW55IHByb2dyZXNzLg0KDQoNCg0KUmU6IGZpZ3VyaW5nIG91dCAiaHli cmlkIHNpZ25hdHVyZSBhdXRoZW50aWNhdGlvbiIgaW4gcGFyYWxsZWwgd2l0aCBOSVNUOyANCllv dSBzZWVtIHRvIGJlIGltcGx5aW5nIHRoYXQgd2UgY2FuJ3Qgd29yayBvbiBkZWZpbmluZyBtZXNz YWdlIHN0cnVjdHVyZXMgdG8gaG9sZCBtdWx0aXBsZSBrZXlzIGFuZCBzaWduYXR1cmVzIHVudGls IHdlIGtub3cgdGhlIGV4YWN0IGVuY29kaW5ncyBvZiB0aGUgTklTVCB3aW5uZXJzLiBJJ20gbm90 IHN1cmUgSSBmb2xsb3cgdGhlIHJlYXNvbiB3aHkuDQoNCkN1cnJlbnRseSwgc29tZXRoaW5nIGxp a2UsIGZvciBleGFtcGxlLCBDTVMgKFJGQyA1NjUyKSAgaXMgYWJzdHJhY3RlZCBhd2F5IGZyb20g dGhlIGVuY29kaW5ncyBvZiBhIGdpdmVuIGFsZ29yaXRobTsgYW4gYWxnb3JpdGhtIGNhbiBjaG9v c2UgYW55IG1ldGhvZCBpdCB3aXNoZXMgdG8gdHVybiBpdHMgcHVibGljIGtleSBhbmQgc2lnbmF0 dXJlIGludG8gYW4gb2N0ZXQgc3RyaW5nOyBob3cgaXQgZG9lcyBpdCBpcyBhbiBpbnRlcm5hbCBk ZXRhaWwgb2YgdGhlIGFsZ29yaXRobSBhbmQgaGFzIG5vIGJlYXJpbmcgb24gdGhlIENNUyBzcGVj LiBUaGlzIGlzIGFic3RyYWN0aW9uIGJldHdlZW4gcHJvdG9jb2wgYW5kIGNyeXB0byBpcyBhIGNv cmUgcGFydCBvZiBjcnlwdG8gYWdpbGl0eS4gU3VyZWx5IHdlIGNhbiBzdGFydCB0aGlua2luZyBh Ym91dCBob3cgdG8gcHJvcGVybHkgY29tYmluZSBtdWx0aXBsZSBzaWduYXR1cmVzIGJlZm9yZSB3 ZSBrbm93IGV4YWN0bHkgd2hhdCB0aG9zZSBzaWduYXR1cmVzIHdpbGwgYmUuDQoNCg0KDQpSZTog IldoeSBYLjUwOT8iDQpZb3Ugc2VlbSB0byBiZSBleHBlY3RpbmcgbWUgdG8ganVzdGlmeSB3aHkg WC41MDkgaXMgd29ydGgga2VlcGluZy4NCkknbSBleHBlY3RpbmcgeW91IHRvIHByb3Bvc2UgYW4g YWx0ZXJuYXRpdmUgYW5kIGp1c3RpZnkgd2h5IGl0J3MgYmV0dGVyLg0KV2UncmUgYXQgYSBzdGFs ZW1hdGUuIA0KDQpTaW5jZSBYLjUwOSBpcyB0aGUgYWNjZXB0ZWQgc3RhbmRhcmQsIEkgdGhpbmsg dGhlIGJhbGwncyBpbiB5b3VyIGNvdXJ0IGhlcmUgdG8ganVzdGlmeSB3aHkgaXQgc2hvdWxkIGJl IGJpbm5lZC4NCg0KDQotIC0gLQ0KTWlrZSBPdW5zd29ydGggfCBPZmZpY2U6ICsxICg2MTMpIDI3 MC0yODczDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBTZWNkaXNwYXRjaCA8 c2VjZGlzcGF0Y2gtYm91bmNlc0BpZXRmLm9yZz4gT24gQmVoYWxmIE9mIFN0ZXBoZW4gRmFycmVs bA0KU2VudDogTW9uZGF5LCBTZXB0ZW1iZXIgMTYsIDIwMTkgMzo1OSBQTQ0KVG86IHNlY2Rpc3Bh dGNoQGlldGYub3JnDQpTdWJqZWN0OiBbRVhURVJOQUxdUmU6IFtTZWNkaXNwYXRjaF0gUHJvYmxl bSBzdGF0ZW1lbnQgZm9yIHBvc3QtcXVhbnR1bSBtdWx0aS1hbGdvcml0aG0gUEtJDQoNCg0KSGl5 YSwNCg0KUmVwbHlpbmcgdG8gdmFyaW91cyBmb2xrcyBhdCBvbmNlLi4uDQoNCk9uIDE1LzA5LzIw MTkgMTU6MjksIElyYSBNY0RvbmFsZCB3cm90ZToNCj4gSGksDQo+IA0KPiBUaGFua3MgZm9yIHRo ZSBsaW5rIHRvIEtlbm55J3MgdGFsay4NCj4gDQo+IFN0ZXBoZW4gLSBUaGUgaGFyZCBwcm9ibGVt IGZvciBhdXRvbW90aXZlIHZlaGljbGVzIGlzIHRoYXQsIGV2ZW4gaWYgDQo+IFF1YW50dW0gQ29t cHV0aW5nIG5ldmVyIGNvbWVzIHRvIHBhc3MsIGFsZ29yaXRobXMgYW5kIHZhcmlvdXMgDQo+IGlt cGxlbWVudGF0aW9ucyBnbyBvbiBoYXZpbmcgbmV3IHdlYWtuZXNzZXMgZm91bmQgb3ZlciB0aW1l Lg0KPiBCdXQgZGVjZW50IHBlcmZvcm1hbmNlIHJlcXVpcmVzIGhhcmR3YXJlIGFzc2lzdCwgaW4g bWFueSBjYXNlcy4NCj4gQnV0IGF1dG9tb3RpdmUgRUNVcyBhcmUgdmVyeSB1bmxpa2VseSB0byBz dGFydCBoYXZlIGxhcmdlIEZQR0FzIGFkZGVkIA0KPiBzb29uLiAgUmVwbGFjaW5nIDEwMHMgb2Yg ZXhwZW5zaXZlIEVDVXMgaW4gZmllbGRlZCB2ZWhpY2xlcyB0byBhbGxvdyANCj4gcHJhY3RpY2Fs IGFsZ29yaXRobSBhZ2lsaXR5IGlzIG5vdCBnb2luZyB0byBoYXBwZW4uICBUaGlzIGlzc3VlIHRo YXQgDQo+IE1pY2hhZWwgUmljaGFyZHNvbiBtZW50aW9uZWQgaXMgYXQgdGhlIHRvcCBvZiB0aGUg bGlzdCBmb3IgdGhlIA0KPiBhdXRvbW90aXZlIGN5YmVyc2VjdXJpdHkgY29tbXVuaXR5Lg0KDQpJ IGRvbid0IHVuZGVyc3RhbmQgaG93IGRldmljZXMgdGhhdCBhcmUgbm90IGdvaW5nIHRvIGJlIHVw ZGF0ZWQgY2FuIHN1cHBvcnQgYWxnb3JpdGhtIGFnaWxpdHkuIFBlcmhhcHMgeW91IG1lYW4gdGhh dCB5b3Ugd2FudCB0byBkZXBsb3kgdGhvc2UgZGV2aWNlcyBzb29uIGFuZCBub3QgdXBkYXRlIGZv ciBhIGNvdXBsZSBvZiBkZWNhZGVzIG9yIHNvbWV0aGluZz8gSWYgc28sIHRoYXQgc291bmQgbGlr ZSBhIGJhZCBwbGFuIHRvIG1lLCBhbmQgb25lIHRoYXQnZCBiZSBiZXR0ZXIgdG8gbm90IGNhdGVy IHRvIHJlYWxseS4gKFJGQzgyNDAgaGFzIGxvdHMgb2YgZGlzY3Vzc2lvbiBvZiB0aGF0LikNCg0K DQpPbiAxNi8wOS8yMDE5IDE3OjA1LCBNaWtlIE91bnN3b3J0aCB3cm90ZToNCj4gTXkgR29hbDog bXVsdGktdmVuZG9yIGludGVyb3Agb24gUFEgY2VydGlmaWNhdGVzLg0KDQpUaGF0IHNlZW1zIHRv IGJlZyB0aGUgcXVlc3Rpb24gYWdhaW4gYXMgdG8gd2h5IHguNTA5IGlzIG5lZWRlZCBhdCBhbGwg YXMgcGFydCBvZiBhIFBRIHNvbHV0aW9uLg0KDQo+IEknbSBjb21pbmcgZnJvbSB0aGUNCj4gcGVy c3BlY3RpdmUgb2YgYSBDQTsgaXQgY2FuIHRha2UgeWVhcnMgdG8gZGlzdHJpYnV0ZSBhIHJvb3Qg Y2VydCB0byANCj4gYWxsIHRoZSBwbGFjZXMgaXQgbmVlZHMgdG8gYmUgYmVmb3JlIHlvdSBjYW4g cmVhbGx5IHN0YXJ0IHVzaW5nIGl0Lg0KPiBQbHVzLCBwZW9wbGUgd2FudCB0byBwbGF5aW5nIHdp dGggdGhlc2UgdGhpbmdzIEFTQVAgdG8gdW5kZXJzdGFuZCB0aGUgDQo+IHNjb3BlIG9mIGluZnJh c3RydWN0dXJlIGNoYW5nZXMgcmVxdWlyZWQuIFRoZXJlJ3MgdGhlIHRpbWUgcHJlc3N1cmUuDQo+ DQo+IEkgdGhpbmsgeW91J3JlIHJpZ2h0IHRoYXQgdG8gcmVhbGx5IGRlcGxveSBhbnkgbWVhbmlu Z2Z1bCAyMCB5ZWFyIHJvb3QgDQo+IHVzaW5nLCBmb3IgZXhhbXBsZSB0aGUgc21hbGwgbGF0dGlj ZSBzY2hlbWVzLCB3ZSdsbCBuZWVkIHRvIHdhaXQgZm9yIA0KPiB0aGUgTklTVCBQUUMgYWxncyB0 byBzdG9wIGhhdmluZyBzbyBtdWNoIGNodXJuLg0KPg0KPiBUaGF0IHNhaWQsIGxheWluZyB0aGUg Z3JvdW5kd29yayBmb3IgdGhlICJoeWJyaWQiIHByb3BlcnR5IGluIA0KPiBjZXJ0aWZpY2F0ZXMg dGhhdCB0aGUgTklTVCBQUUMgY29tbXVuaXR5IGlzIGNhbGxpbmcgZm9yIHdpbGwgcmVxdWlyZSAN Cj4gbXVjaCBkZWJhdGUgYW5kIGEgZmV3IFJGQ3MuIFRoaXMgd29yayBpcyBuZWNlc3NhcnkgYW5k IGluZGVwZW5kZW50IG9mIA0KPiB0aGUgY2hvaWNlIG9mIGFsZ29yaXRobSBmcm9tIHRoZSBOSVNU IFBRQyBjb21wZXRpdGlvbiwgc28gd2h5IHNob3VsZCANCj4gd2Ugd2FpdCB1bnRpbCAyMDIzIHRv IF9zdGFydF8gdGhpbmtpbmcgYWJvdXQgaXQ/IFdoeSBub3QgZG8gaXQgaW4gDQo+IHBhcmFsbGVs LCBiZSBhYmxlIHRvIG9mZmVyIGFscGhhIHRlc3QgdmVyc2lvbnMgb2YgUEtJIHByb2R1Y3RzIGJl Zm9yZSANCj4gdGhlIGNvbmNsdXNpb24gb2YgdGhlIE5JU1QgUFFDLCBhbmQgYmUgcmVhZHkgdG8g ZHJvcC1pbiB0aGUgTklTVCANCj4gd2lubmVycyB0aGUgZGF5IHRoZXkncmUgcmVhZHk/DQoNCk9u ZSByZWFzb24gdG8gbm90IGRvIGl0IGluIHBhcmFsbGVsIGlzIHRoYXQgd2UgZG9uJ3Qga25vdyBo b3cgdGhlIHdpbm5pbmcgYWxnb3JpdGhtIHBhcmFtZXRlcnMgd2lsbCBsb29rLiBJIGNhbiBlYXNp bHkgaW1hZ2luZSBOSVNUIG1vZGlmeWluZyBob3cgdGhvc2UgYXJlIGVuY29kZWQgYW5kL29yIGlu dHJvZHVjaW5nIG5ldyB2YXJpYXRpb25zLCBhZnRlciBiYXNpYyBhbGdvcml0aG1zIGhhdmUgYmVl biBwaWNrZWQsIGxlYWRpbmcgdG8gdGhpbmdzIGhhdmluZyB0byBiZSByZS1kb25lLg0KDQooU29y cnkgaWYgdGhlIHF1b3RpbmcgaXMgbWVzc2VkIHVwIGJlbG93LCBpZiBzbywgaXQgd2FzIG1lc3Nl ZCB1cCBpbiBteSBNVUEgYmVmb3JlIEkgc3RhcnRlZCBpcyBteSBleGN1c2U6LSkgT24gMTYvMDkv MjAxOSAxOTowNiwgRGFuaWVsIFZhbiBHZWVzdCB3cm90ZToNCj4gQ2FuIHdlIHN1cHBvcnQgbXVs dGlwbGUgc2lnbmF0dXJlcyBpbnNpZGUgYSBjZXJ0aWZpY2F0ZT8gSSBkb24ndCB0aGluayANCj4g c28uDQo+DQo+IFdoeSBub3Q/ICBNaWtl4oCZcyBwcm9ibGVtIHN0YXRlbWVudCBkcmFmdCBoYXMg dHdvIHBvdGVudGlhbCB0ZWNobmljYWwgDQo+IHNvbHV0aW9ucyBkb2luZyBqdXN0IHRoYXQsIGVh Y2ggd2l0aCBhZHZhbnRhZ2VzIGFuZCBkaXNhZHZhbnRhZ2VzLg0KPiBPciBpcyB0aGVyZSBtb3Jl IG9mIGEgbG9naXN0aWNhbCBvciBvdGhlciBpc3N1ZT8gIEtub3dpbmcgd2h5IHlvdSANCj4gdGhp bmsgd2UgY2Fu4oCZdCBzdXBwb3J0IG11bHRpcGxlIHNpZ25hdHVyZXMgaW5zaWRlIGEgY2VydGlm aWNhdGUgY291bGQgDQo+IGhlbHAgcmVmaW5lIHRoZSBwcm9ibGVtIHN0YXRlbWVudC4NCg0KQWdh aW4sIHRoYXQgYXNzdW1lcyB0aGF0IHguNTA5IGlzIGEgc2Vuc2libGUgcGFydCBvZiBhIHNvbHV0 aW9uLg0KV2Ugc2hvdWxkIGZpcnN0IHF1ZXN0aW9uIHRoYXQuIChNaWtlJ3MgZHJhZnQgWzFdIGRv ZXNuJ3QuKQ0KDQpTZWNvbmRseSwgZXZlbiBpZiB4LjUwOSBhZGRpdGlvbnMgd2VyZSB1c2VmdWwg c29tZWhvdyBmb3IgYmFja3dhcmRzIGNvbXBhdGliaWxpdHkgKHdoaWNoIEkgZmluZCBoYXJkIHRv IGJlbGlldmUgVEJIKSB0aGVuIGRlYWxpbmcgd2l0aA0KPjEgY2VydGlmaWNhdGUgaXMgbGlrZWx5 IGZhciBlYXNpZXIgdGhhbiBtZXNzaW5nIGFib3V0IGluc2lkZSBjZXJ0cw0KYW5kIHRoZXJlYnkg YnJlYWtpbmcgYWxsIHRoZSBsb3ZlbHkvaG9ycmlibGUgeC41MDkgY29kZSBvdXQgdGhlcmUuDQpT byBNaWtlJ3Mgc2VjdGlvbiAyLjEgWzFdIGlzIHdheSBlYXNpZXIgdGhhbiB0aGUgMi5bMnwzXSBh cHByb2FjaGVzLCBkZXNwaXRlIGl0IGJlaW5nIHRoZSBvbmUgd2l0aCBubyBzcGVjaWZpYyBkcmFm dHMuDQoNCkFnYWluLCBhbGwgdGhhdCBzYWlkLCBJIGRvIHVuZGVyc3RhbmQgd2h5IGl0IG1heSBi ZSBhdHRyYWN0aXZlIGZvciB0aG9zZSB3aG8gcHJvZHVjZSBjZXJ0aWZpY2F0ZXMgdG8gYXJndWUg Zm9yIHB1dHRpbmcgdGhlIFBRIG1hZ2ljIGJlYW5zIGluc2lkZSB4LjUwOS4gVGhlcmUgYXJlIGNv c3RzIGVsc2V3aGVyZSBpbXBsaWVkIGluIGRvaW5nIHRoYXQsIHNvIGl0IG91Z2h0IG5vdCBiZSBh IHN0YXJ0aW5nLW91dCBhc3N1bXB0aW9uLg0KDQpJIGRvbid0IGNvbnNpZGVyIHRoZSBxdWVzdGlv biBhcyB0byB3aHkgYSBQUSB4LjUwOSBpcyBuZWVkZWQgbm9yIHdoeSBub3cgaGFzIGJlZW4gc2F0 aXNmYWN0b3JpbHkgYW5zd2VyZWQgc28gZmFyLg0KDQpDaGVlcnMsDQpTLg0KDQpbMV0gaHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1lbnQNCg== From nobody Mon Sep 16 14:42:32 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32986120118 for ; Mon, 16 Sep 2019 14:42:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQZQVVmvG_7Z for ; Mon, 16 Sep 2019 14:42:24 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 596991200C7 for ; Mon, 16 Sep 2019 14:42:24 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6537CBE2F; Mon, 16 Sep 2019 22:42:21 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaXpQ20VSdDl; Mon, 16 Sep 2019 22:42:19 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4163CBE2C; Mon, 16 Sep 2019 22:42:19 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568670139; bh=IAwWc1oDQsC9EZZ2LfyilYiwsGxGgRXG9ctc7+uN6NA=; h=Subject:To:References:From:Date:In-Reply-To:From; b=bGhs3ypwAsniJlW7ZXNYNIwDhxuzyJXgU8sP86jlhGHqnYUPARoypQLXWVzrPDho9 MoNHBOciteWrJumbjUR7p42AnMNYPL31uVNGVUrxdBP0RQNbdtqRpcHg7E1S6qVXW/ wwCRjjsKQMON1Sin06dPS8EPMfRjGnv9++0ctjQ4= To: "Panos Kampanakis (pkampana)" , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <0d771bf0-309a-428f-4417-d0f784923189@cs.tcd.ie> Date: Mon, 16 Sep 2019 22:42:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DlGVkpDAyq4jKNe2Yk5h4KdthsvuDjtee" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:42:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DlGVkpDAyq4jKNe2Yk5h4KdthsvuDjtee Content-Type: multipart/mixed; boundary="UstdQYMFECyzKX7xaJTRaNm73iZkVdBmi"; protected-headers="v1" From: Stephen Farrell To: "Panos Kampanakis (pkampana)" , "secdispatch@ietf.org" Message-ID: <0d771bf0-309a-428f-4417-d0f784923189@cs.tcd.ie> Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> In-Reply-To: --UstdQYMFECyzKX7xaJTRaNm73iZkVdBmi Content-Type: multipart/mixed; boundary="------------DE4189989E94D1541A27B1C4" Content-Language: en-GB This is a multi-part message in MIME format. --------------DE4189989E94D1541A27B1C4 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 16/09/2019 22:35, Panos Kampanakis (pkampana) wrote: >> That seems to beg the question again as to why x.509 is needed at >> all as part of a PQ solution. >=20 > Because there is nothing else as widely adopted.=20 There is nothing "adopted" for PQ PKI, neither widely nor as a niche. > You haven't > articulated what would replace X.509=20 Yep, I said that before. It's worth a leisurely discussion as to what might be done. > and how the world would migrate > away from such a ubiquitous standard.=20 I didn't say we ought migrate away from x.509, for classic algorithm uses. Just as acme account handling doesn't use x.509, something that may be needed for a PQ PKI does not have to use x.509. Cheers, S. > Composite classic+PQ X.509 may > not be the way to go, but replacing X.509 altogether with something > new is not a realistic goal imo. >=20 >=20 >=20 >=20 > -----Original Message----- From: Secdispatch > On Behalf Of Stephen Farrell Sent: > Monday, September 16, 2019 4:59 PM To: secdispatch@ietf.org Subject: > Re: [Secdispatch] Problem statement for post-quantum multi-algorithm > PKI >=20 >=20 > Hiya, >=20 > Replying to various folks at once... >=20 > On 15/09/2019 15:29, Ira McDonald wrote: >> Hi, >>=20 >> Thanks for the link to Kenny's talk. >>=20 >> Stephen - The hard problem for automotive vehicles is that, even if >> Quantum Computing never comes to pass, algorithms and various=20 >> implementations go on having new weaknesses found over time. But >> decent performance requires hardware assist, in many cases. But >> automotive ECUs are very unlikely to start have large FPGAs added=20 >> soon. Replacing 100s of expensive ECUs in fielded vehicles to >> allow practical algorithm agility is not going to happen. This >> issue that Michael Richardson mentioned is at the top of the list >> for the automotive cybersecurity community. >=20 > I don't understand how devices that are not going to be updated can > support algorithm agility. Perhaps you mean that you want to deploy > those devices soon and not update for a couple of decades or > something? If so, that sound like a bad plan to me, and one that'd be > better to not cater to really. (RFC8240 has lots of discussion of > that.) >=20 >=20 > On 16/09/2019 17:05, Mike Ounsworth wrote: >> My Goal: multi-vendor interop on PQ certificates. >=20 > That seems to beg the question again as to why x.509 is needed at all > as part of a PQ solution. >=20 >> I'm coming from the perspective of a CA; it can take years to >> distribute a root cert to all the places it needs to be before you >> can really start using it. Plus, people want to playing with these >> things ASAP to understand the scope of infrastructure changes >> required. There's the time pressure. >>=20 >> I think you're right that to really deploy any meaningful 20 year >> root using, for example the small lattice schemes, we'll need to >> wait for the NIST PQC algs to stop having so much churn. >>=20 >> That said, laying the groundwork for the "hybrid" property in=20 >> certificates that the NIST PQC community is calling for will >> require much debate and a few RFCs. This work is necessary and >> independent of the choice of algorithm from the NIST PQC >> competition, so why should we wait until 2023 to _start_ thinking >> about it? Why not do it in parallel, be able to offer alpha test >> versions of PKI products before the conclusion of the NIST PQC, and >> be ready to drop-in the NIST winners the day they're ready? >=20 > One reason to not do it in parallel is that we don't know how the > winning algorithm parameters will look. I can easily imagine NIST > modifying how those are encoded and/or introducing new variations, > after basic algorithms have been picked, leading to things having to > be re-done. >=20 > (Sorry if the quoting is messed up below, if so, it was messed up in > my MUA before I started is my excuse:-) On 16/09/2019 19:06, Daniel > Van Geest wrote: >> Can we support multiple signatures inside a certificate? I don't >> think so. >>=20 >> Why not? Mike=E2=80=99s problem statement draft has two potential >> technical solutions doing just that, each with advantages and >> disadvantages. Or is there more of a logistical or other issue? >> Knowing why you think we can=E2=80=99t support multiple signatures ins= ide a >> certificate could help refine the problem statement. >=20 > Again, that assumes that x.509 is a sensible part of a solution. We > should first question that. (Mike's draft [1] doesn't.) >=20 > Secondly, even if x.509 additions were useful somehow for backwards > compatibility (which I find hard to believe TBH) then dealing with >> 1 certificate is likely far easier than messing about inside certs > and thereby breaking all the lovely/horrible x.509 code out there. So > Mike's section 2.1 [1] is way easier than the 2.[2|3] approaches, > despite it being the one with no specific drafts. >=20 > Again, all that said, I do understand why it may be attractive for > those who produce certificates to argue for putting the PQ magic > beans inside x.509. There are costs elsewhere implied in doing that, > so it ought not be a starting-out assumption. >=20 > I don't consider the question as to why a PQ x.509 is needed nor why > now has been satisfactorily answered so far. >=20 > Cheers, S. >=20 > [1] https://tools.ietf.org/html/draft-pq-pkix-problem-statement=20 > _______________________________________________ Secdispatch mailing > list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------DE4189989E94D1541A27B1C4 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------DE4189989E94D1541A27B1C4-- --UstdQYMFECyzKX7xaJTRaNm73iZkVdBmi-- --DlGVkpDAyq4jKNe2Yk5h4KdthsvuDjtee Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl2AAbkACgkQWrL68XsX K+onpQ//YWBIxl+qshWFj2IX6qIb/6Q5sl8Rw42KWfzQ70SmvKAVGo5PWw5JZJdb V3ssTvEIcUGpNEnZqhQ4rZaHVhZfxcdWB+Y/bim4t229UZPppOE7TqfEY15Vk/EZ IoLrFTSOV65nMuIkLA222Njxztqyn/kToO/iq8HeRGPKWLUBD9Nxa5W6Ijm9MKX8 uoIg/jubR3TmWiMxAEALG2DGT8ns2ivdq8kRdkFz8+KEz3QM7SSRZmGg2FkmnRum VNrJPeK6MXUYn6aY3AGfaomY3LyByxTKGIojEjrwOCkqBHSPQqWjT1f0i2g7AzjY 3nkXzMHxMXk5LO8ZSCs8IyxOnoE1hn96kb3aK6SvEOOJgWI4Lc3nr5iooNGqz0Bx E3Tls2TIJ3t5rx+u1UZdr9m54AH3i9R474UTdocYLno6E37BW8i1xA3nnj53u83d /vaGG98eGKrDxy9+YMGaPqmR65HV8FcEIy4NWsZwwrPNRpJt+MqzjZt28dtnqGiD VRGe4ZnWdrpkyH4jlVzrQYKMfpOrabLS/H1ag6BPYSFXUUbmWr+Wr+ZUIGrsHVSe ElBJImay1zPLvkDyMqnPBRucxXAxqmZSBQ4GCfu8y0vFIKGCc38wksg0RaTmShxH pNV+WYA16mZwThS5rqJozhZyH+WeT5H+WH7dPLBG2D95AV0fYz4= =5OpO -----END PGP SIGNATURE----- --DlGVkpDAyq4jKNe2Yk5h4KdthsvuDjtee-- From nobody Mon Sep 16 14:48:15 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0FE9120116 for ; Mon, 16 Sep 2019 14:48:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDokU1vgwC9U for ; Mon, 16 Sep 2019 14:48:09 -0700 (PDT) Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 570BB1200D5 for ; Mon, 16 Sep 2019 14:48:09 -0700 (PDT) Received: by mail-vs1-xe2f.google.com with SMTP id b1so668400vsr.10 for ; Mon, 16 Sep 2019 14:48:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QZ6MVXfNkKd/pWtMfe+nJprminxOrWf2ab53Tp0TTKQ=; b=BWYvWws9j54vCV3yGgquJEPr8YZx5W2C1PwvFFC5BhVADtSBC6XmI6hKpEkLEq60u9 d3QdvtuvhedLwh4UzTE4X1OnNXVQ0KuGw7LgL5cq/4lXMKGg3A4FHZsorRuR5NZla8ZA uW/8pyiZHs3+bcSj3JYL6SegcatgbGgTYdAYRrb9fttR3wtDHx9tvlDNG4CkDsDpukXJ RXNwjdAXyYQMB2i9XKuzFUHT24/ftxrNH6RDRKsK0eexOCqDdbpzdZ+wYOL3XDTL6ZWL +c3fwIJkZpezc8g92qYnJRTmlWrKlIXxFOi4+FPwkDtsZ2Txp3MO4WAO2iyVtqubgXE9 V67A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QZ6MVXfNkKd/pWtMfe+nJprminxOrWf2ab53Tp0TTKQ=; b=C3ZZ16ESpgXu1dNgmJURn6oHaXtUkM750Xk3TFfR6/+04lUaZTFjPIbh6QJLmOIRon LpItgq1/VcnqRVwQ0IzqvxtwF7QVv8S1jPQV36upmJa78Lvu382E8C8efLXOsAmd72U0 hYbpEXAiA8zyUYUdFxgN6m2mciVcf3iuTPxwltEycI53liMAMGkVc4Umde7MynORDVBc EGfA36+h+N86cdSU9qt4HX/2VDyt2e+XMrJ6nZ+Y5fb40+dDif6LR+H0p/ZWTkoYCJVy 9PZyjeJikgNRgtrCGvP1LnFNdRr+lUqpMYQuzKk9eGvZTT7XpcP79e44TfTZaZ3aoubZ 3mzg== X-Gm-Message-State: APjAAAV8Mt+ku9u5w2tlZVTkAE4LoTHWHxH73MJDNhdgIoK9uWvwj0CO 6TlSnSQINlQbD7ZMIjkW9ALzKzZkFUUnW4zA128= X-Google-Smtp-Source: APXvYqz6Q2yhvgK3qZTS6i7YwtfcYptPBNFapXVlHfeO7uP2sK+sG0+h2ZvEFxTaJ/4s06TkrtIl7WqsIvAlj+JHN8s= X-Received: by 2002:a67:f9cf:: with SMTP id c15mr110746vsq.240.1568670488440; Mon, 16 Sep 2019 14:48:08 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> In-Reply-To: <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> From: Ira McDonald Date: Mon, 16 Sep 2019 17:47:57 -0400 Message-ID: To: Stephen Farrell , Ira McDonald Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="0000000000003bb56f0592b28f30" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:48:13 -0000 --0000000000003bb56f0592b28f30 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Stephen, The autos *are* going to have regular OTA firmware updates to some of their ECUs (they already do so, in many cases). The unsolved problem is to change to a whole new family of crypto algorithms in those updates, because there couldn't be any crypto hardware acceleration. Autos already have application layer add-ons for internal vehicle network security in many cases. If those crypto algorithms (NOT standardized in SAE or by regulations) have to change, then the only cure is blanket replacement in a dealer service bay of all of the ECUs. Because the "son of AES" (for example) won't be feasible because of message timing constraints in those autos without hardware acceleration. These are typically constrained ECUs without the available horsepower to just use the software versions of entirely new crypto algorithms. I hope that was more clear. The problem is real and urgent, given the current digital ECU counts in autos (from 100 to 259 ECUs). I don't defend this situation at all, but the auto OEMs and the hands-off regulators have long since abandoned mechanical control units. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com PO Box 221 Grand Marais, MI 49839 906-494-2434 On Mon, Sep 16, 2019 at 4:59 PM Stephen Farrell wrote: > > Hiya, > > Replying to various folks at once... > > On 15/09/2019 15:29, Ira McDonald wrote: > > Hi, > > > > Thanks for the link to Kenny's talk. > > > > Stephen - The hard problem for automotive vehicles is that, even if > > Quantum Computing never comes to pass, algorithms and various > > implementations go on having new weaknesses found over time. > > But decent performance requires hardware assist, in many cases. > > But automotive ECUs are very unlikely to start have large FPGAs > > added soon. Replacing 100s of expensive ECUs in fielded vehicles > > to allow practical algorithm agility is not going to happen. This issu= e > > that Michael Richardson mentioned is at the top of the list for the > > automotive cybersecurity community. > > I don't understand how devices that are not going to be updated > can support algorithm agility. Perhaps you mean that you want to > deploy those devices soon and not update for a couple of decades > or something? If so, that sound like a bad plan to me, and one > that'd be better to not cater to really. (RFC8240 has lots of > discussion of that.) > > > On 16/09/2019 17:05, Mike Ounsworth wrote: > > My Goal: multi-vendor interop on PQ certificates. > > That seems to beg the question again as to why x.509 is needed > at all as part of a PQ solution. > > > I'm coming from the > > perspective of a CA; it can take years to distribute a root cert to > > all the places it needs to be before you can really start using it. > > Plus, people want to playing with these things ASAP to understand the > > scope of infrastructure changes required. There's the time pressure. > > > > I think you're right that to really deploy any meaningful 20 year > > root using, for example the small lattice schemes, we'll need to wait > > for the NIST PQC algs to stop having so much churn. > > > > That said, laying the groundwork for the "hybrid" property in > > certificates that the NIST PQC community is calling for will require > > much debate and a few RFCs. This work is necessary and independent of > > the choice of algorithm from the NIST PQC competition, so why should > > we wait until 2023 to _start_ thinking about it? Why not do it in > > parallel, be able to offer alpha test versions of PKI products before > > the conclusion of the NIST PQC, and be ready to drop-in the NIST > > winners the day they're ready? > > One reason to not do it in parallel is that we don't know how the > winning algorithm parameters will look. I can easily imagine NIST > modifying how those are encoded and/or introducing new variations, > after basic algorithms have been picked, leading to things having > to be re-done. > > (Sorry if the quoting is messed up below, if so, it was messed up > in my MUA before I started is my excuse:-) > On 16/09/2019 19:06, Daniel Van Geest wrote: > > Can we support multiple signatures inside a certificate? I don't > > think so. > > > > Why not? Mike=E2=80=99s problem statement draft has two potential tech= nical > > solutions doing just that, each with advantages and disadvantages. > > Or is there more of a logistical or other issue? Knowing why you > > think we can=E2=80=99t support multiple signatures inside a certificate= could > > help refine the problem statement. > > Again, that assumes that x.509 is a sensible part of a solution. > We should first question that. (Mike's draft [1] doesn't.) > > Secondly, even if x.509 additions were useful somehow for backwards > compatibility (which I find hard to believe TBH) then dealing with > >1 certificate is likely far easier than messing about inside certs > and thereby breaking all the lovely/horrible x.509 code out there. > So Mike's section 2.1 [1] is way easier than the 2.[2|3] approaches, > despite it being the one with no specific drafts. > > Again, all that said, I do understand why it may be attractive > for those who produce certificates to argue for putting the PQ > magic beans inside x.509. There are costs elsewhere implied in > doing that, so it ought not be a starting-out assumption. > > I don't consider the question as to why a PQ x.509 is needed > nor why now has been satisfactorily answered so far. > > Cheers, > S. > > [1] https://tools.ietf.org/html/draft-pq-pkix-problem-statement > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --0000000000003bb56f0592b28f30 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Stephen,

The autos *are* = going to have regular OTA firmware updates
to some of their ECUs = (they already do so, in many cases).

The unsolved = problem is to change to a whole new family of
crypto algorithms i= n those updates, because there couldn't
be any crypto hardwar= e acceleration.=C2=A0 Autos already have
application layer add-on= s for internal vehicle network security
in many cases.=C2=A0 If t= hose crypto algorithms (NOT standardized
in SAE or by regulations= ) have to change, then the only cure
is blanket replacement in a = dealer service bay of all of the
ECUs.=C2=A0 Because the "so= n of AES" (for example) won't be
feasible because of mes= sage timing constraints in those autos
without hardware accelerat= ion.=C2=A0 These are typically constrained
ECUs without the avail= able horsepower to just use the software
versions of entirely new= crypto algorithms.

I hope that was more clear.=C2= =A0 The problem is real and urgent,
given the current digital ECU= counts in autos (from 100 to 259
ECUs).

I don't defend this situation at all, but the auto OEMs and the
<= div>hands-off regulators have long since abandoned mechanical



On Mon, Sep 16, 2019 at 4:59 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>= wrote:

Hiya,

Replying to various folks at once...

On 15/09/2019 15:29, Ira McDonald wrote:
> Hi,
>
> Thanks for the link to Kenny's talk.
>
> Stephen - The hard problem for automotive vehicles is that, even if > Quantum Computing never comes to pass, algorithms and various
> implementations go on having new weaknesses found over time.
> But decent performance requires hardware assist, in many cases.
> But automotive ECUs are very unlikely to start have large FPGAs
> added soon.=C2=A0 Replacing 100s of expensive ECUs in fielded vehicles=
> to allow practical algorithm agility is not going to happen.=C2=A0 Thi= s issue
> that Michael Richardson mentioned is at the top of the list for the > automotive cybersecurity community.

I don't understand how devices that are not going to be updated
can support algorithm agility. Perhaps you mean that you want to
deploy those devices soon and not update for a couple of decades
or something? If so, that sound like a bad plan to me, and one
that'd be better to not cater to really. (RFC8240 has lots of
discussion of that.)


On 16/09/2019 17:05, Mike Ounsworth wrote:
> My Goal: multi-vendor interop on PQ certificates.

That seems to beg the question again as to why x.509 is needed
at all as part of a PQ solution.

> I'm coming from the
> perspective of a CA; it can take years to distribute a root cert to > all the places it needs to be before you can really start using it. > Plus, people want to playing with these things ASAP to understand the<= br> > scope of infrastructure changes required. There's the time pressur= e.
>
> I think you're right that to really deploy any meaningful 20 year<= br> > root using, for example the small lattice schemes, we'll need to w= ait
> for the NIST PQC algs to stop having so much churn.
>
> That said, laying the groundwork for the "hybrid" property i= n
> certificates that the NIST PQC community is calling for will require > much debate and a few RFCs. This work is necessary and independent of<= br> > the choice of algorithm from the NIST PQC competition, so why should > we wait until 2023 to _start_ thinking about it? Why not do it in
> parallel, be able to offer alpha test versions of PKI products before<= br> > the conclusion of the NIST PQC, and be ready to drop-in the NIST
> winners the day they're ready?

One reason to not do it in parallel is that we don't know how the
winning algorithm parameters will look. I can easily imagine NIST
modifying how those are encoded and/or introducing new variations,
after basic algorithms have been picked, leading to things having
to be re-done.

(Sorry if the quoting is messed up below, if so, it was messed up
in my MUA before I started is my excuse:-)
On 16/09/2019 19:06, Daniel Van Geest wrote:
> Can we support multiple signatures inside a certificate? I don't > think so.
>
> Why not?=C2=A0 Mike=E2=80=99s problem statement draft has two potentia= l technical
> solutions doing just that, each with advantages and disadvantages.
> Or is there more of a logistical or other issue?=C2=A0 Knowing why you=
> think we can=E2=80=99t support multiple signatures inside a certificat= e could
> help refine the problem statement.

Again, that assumes that x.509 is a sensible part of a solution.
We should first question that. (Mike's draft [1] doesn't.)

Secondly, even if x.509 additions were useful somehow for backwards
compatibility (which I find hard to believe TBH) then dealing with
>1 certificate is likely far easier than messing about inside certs
and thereby breaking all the lovely/horrible x.509 code out there.
So Mike's section 2.1 [1] is way easier than the 2.[2|3] approaches, despite it being the one with no specific drafts.

Again, all that said, I do understand why it may be attractive
for those who produce certificates to argue for putting the PQ
magic beans inside x.509. There are costs elsewhere implied in
doing that, so it ought not be a starting-out assumption.

I don't consider the question as to why a PQ x.509 is needed
nor why now has been satisfactorily answered so far.

Cheers,
S.

[1] https://tools.ietf.org/html/draft-pq-= pkix-problem-statement
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--0000000000003bb56f0592b28f30-- From nobody Mon Sep 16 14:53:38 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4BD120123 for ; Mon, 16 Sep 2019 14:53:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axtaiUtciDmb for ; Mon, 16 Sep 2019 14:53:35 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F104012011D for ; Mon, 16 Sep 2019 14:53:34 -0700 (PDT) Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by m0050093.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id x8GLqlgI023713; Mon, 16 Sep 2019 22:53:26 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=Ty/Ofd+F7wIOZAytpOVbSa7IiX1yxL5d0Nh6lpp48DI=; b=ncz72xMlVP1OxBhr2BZL5hIsWNwVR192h08q67n/OBb+t/6/dPPA2r4rL/BnDC/ikDXB L0ajnt0ducLOkTvnIUKwnCEczSB+Cn3tMU4i2BGOiVEfkvpy91aWqL7Tz2l6e03pcsF7 +/v/+SnKN60yuzQ9p/6LKawT10yxtWS7VCY9GAJ+jy6Sp28VtGdQ+d5DMTTR7yClGV4V agf4DaFJZELBlv6L8OWBkW3m6yryi/1Ixw2gltBe8DlYEMVb5RVpM9CeKbVk1IDCNuOY 8+uLzERfFNzklvICRiw8zDLRi9iuMwQXyEIuj16rsvhWilbd7JzRGdpEd/k6ZUB0NC2x wg== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0050093.ppops.net-00190b01. with ESMTP id 2v0qfp3jg3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Sep 2019 22:53:25 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x8GLmQVX024688; Mon, 16 Sep 2019 17:53:24 -0400 Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2v0uhw17sp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 16 Sep 2019 17:53:24 -0400 Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 17:53:23 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 17:53:23 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Mon, 16 Sep 2019 17:53:23 -0400 From: "Salz, Rich" To: Ira McDonald , Stephen Farrell CC: "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXfVxcavif61SUGWKpDq+p2d8acoqyKAgAIKrYCAAAJdAP//vpSAgAJ/loCAAB3FAIAB/xSAgAANvID//753gA== Date: Mon, 16 Sep 2019 21:53:23 +0000 Message-ID: <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.183] Content-Type: multipart/alternative; boundary="_000_452374187C964823A7C639E92586756Eakamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-16_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=963 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909160207 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-16_08:2019-09-11,2019-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 spamscore=0 mlxlogscore=945 suspectscore=0 impostorscore=0 bulkscore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 malwarescore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909160208 Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:53:37 -0000 --_000_452374187C964823A7C639E92586756Eakamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U28gd2h5IGFyZSBtdWx0aXBsZSBhbGdvcml0aG1zIG5lZWRlZCBpZiB0aGUgdGFyZ2V0IHBsYXRm b3JtIChjYXJzKSBjYW5ub3QgdXBkYXRlIHRvIGhhbmRsZSB0aGVtPw0K --_000_452374187C964823A7C639E92586756Eakamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: <3E9A2B1C260DE449A6CCDBFB9BDE21F7@akamai.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4g MS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUi IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPlNvIHdoeSBhcmUgbXVsdGlwbGUgYWxnb3JpdGhtcyBuZWVkZWQgaWYgdGhlIHRh cmdldCBwbGF0Zm9ybSAoY2FycykgY2Fubm90IHVwZGF0ZSB0byBoYW5kbGUgdGhlbT88bzpwPjwv bzpwPjwvcD4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_452374187C964823A7C639E92586756Eakamaicom_-- From nobody Mon Sep 16 14:56:57 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF39120125 for ; Mon, 16 Sep 2019 14:56:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HHergfsZ4wis for ; Mon, 16 Sep 2019 14:56:52 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7E212011E for ; Mon, 16 Sep 2019 14:56:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 05BB6BE2F; Mon, 16 Sep 2019 22:56:50 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v16mZidlrBG8; Mon, 16 Sep 2019 22:56:48 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C4ED6BE2C; Mon, 16 Sep 2019 22:56:47 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568671007; bh=wDN8DLeDSZQuYUL+6qUjOiaddWZ59s7xCGUBkDdEFD4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=yHv/ZkvciIbFmxOVmvTiD65dyq3P+PFvUJjISs4wwM48HUtVWW6lVolsSQBCuaJpU MYzgLGXzJGFupBmP4cDZaCECe+LGuo5mQU2Zow4p/R3CcvlHDtQkTNpiBW0vXvZswA GKwCF5WpYfvZnF75suoGziS4WdGAddhp+pOziADM= To: Mike Ounsworth , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Mon, 16 Sep 2019 22:56:46 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OguAnSOXhQ7Q80Fmqwo6wmuFE3g1LJF7q" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:56:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OguAnSOXhQ7Q80Fmqwo6wmuFE3g1LJF7q Content-Type: multipart/mixed; boundary="XXjE4Jky5UN8SMGbpSwJcIrL0sZW1cVUR"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , "secdispatch@ietf.org" Message-ID: Subject: Re: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> In-Reply-To: <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> --XXjE4Jky5UN8SMGbpSwJcIrL0sZW1cVUR Content-Type: multipart/mixed; boundary="------------4928B16B301224419FC49086" Content-Language: en-GB This is a multi-part message in MIME format. --------------4928B16B301224419FC49086 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 16/09/2019 22:37, Mike Ounsworth wrote: > Hi Stephen, >=20 > I feel like we're arguing in circles here and not making any > progress. I don't think we're arguing in circles. (When one of us says that again, you may have a case:-) > Re: figuring out "hybrid signature authentication" in parallel with > NIST; You seem to be implying that we can't work on defining message > structures to hold multiple keys and signatures until we know the > exact encodings of the NIST winners. I'm not sure I follow the reason > why. "can't work" is not what I said. I argued it'd be unwise. My experience of the output of NIST competitions is that it seems often followed by a year or so of confusion as to how to represent algorithm parameters and as to how many variants of algorithms are defined. I also recall the NULL AlgorithmIdentifier parameters fun with x.509 going on for years. I bet if you went to stackexchange you'd find quite recent questions resulting from that decades old lack of clarity in defining such things. >=20 > Currently, something like, for example, CMS (RFC 5652) is abstracted > away from the encodings of a given algorithm; an algorithm can choose > any method it wishes to turn its public key and signature into an > octet string; how it does it is an internal detail of the algorithm > and has no bearing on the CMS spec. This is abstraction between > protocol and crypto is a core part of crypto agility. Surely we can > start thinking about how to properly combine multiple signatures > before we know exactly what those signatures will be. Sure, chatting about that last is fine and I'm happy to engage. Starting from an assumption that that mixing is done inside x.509 is begging the question though. > Re: "Why X.509?" You seem to be expecting me to justify why X.509 is > worth keeping. I'm expecting you to propose an alternative and > justify why it's better. We're at a stalemate. No. We're keeping x.509 (sadly:-). Yes, I'm asking for reasons why it is necessary to modify x.509 for a PQ PKI. If you don't have any argument to that effect that's fine, you're then arguing that this design is easier for you. That's a sane argument for what could be considered a not-sane outcome:-) > Since X.509 is the accepted standard, I think the ball's in your > court here to justify why it should be binned. Multiple algs/keys per cert requires everyone who uses x.509 now to change. That is not warranted by wishes for a PQ PKI at this point, and perhaps never. That and it's an ~30 year old not very good technology, so yeah, maybe I'm just fed up with it having first written code for x.509 in about 1992;-) Cheers, S. >=20 >=20 > - - - Mike Ounsworth | Office: +1 (613) 270-2873 >=20 > -----Original Message----- From: Secdispatch > On Behalf Of Stephen Farrell Sent: > Monday, September 16, 2019 3:59 PM To: secdispatch@ietf.org Subject: > [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum > multi-algorithm PKI >=20 >=20 > Hiya, >=20 > Replying to various folks at once... >=20 > On 15/09/2019 15:29, Ira McDonald wrote: >> Hi, >>=20 >> Thanks for the link to Kenny's talk. >>=20 >> Stephen - The hard problem for automotive vehicles is that, even if >> Quantum Computing never comes to pass, algorithms and various=20 >> implementations go on having new weaknesses found over time. But >> decent performance requires hardware assist, in many cases. But >> automotive ECUs are very unlikely to start have large FPGAs added=20 >> soon. Replacing 100s of expensive ECUs in fielded vehicles to >> allow practical algorithm agility is not going to happen. This >> issue that Michael Richardson mentioned is at the top of the list >> for the automotive cybersecurity community. >=20 > I don't understand how devices that are not going to be updated can > support algorithm agility. Perhaps you mean that you want to deploy > those devices soon and not update for a couple of decades or > something? If so, that sound like a bad plan to me, and one that'd be > better to not cater to really. (RFC8240 has lots of discussion of > that.) >=20 >=20 > On 16/09/2019 17:05, Mike Ounsworth wrote: >> My Goal: multi-vendor interop on PQ certificates. >=20 > That seems to beg the question again as to why x.509 is needed at all > as part of a PQ solution. >=20 >> I'm coming from the perspective of a CA; it can take years to >> distribute a root cert to all the places it needs to be before you >> can really start using it. Plus, people want to playing with these >> things ASAP to understand the scope of infrastructure changes >> required. There's the time pressure. >>=20 >> I think you're right that to really deploy any meaningful 20 year >> root using, for example the small lattice schemes, we'll need to >> wait for the NIST PQC algs to stop having so much churn. >>=20 >> That said, laying the groundwork for the "hybrid" property in=20 >> certificates that the NIST PQC community is calling for will >> require much debate and a few RFCs. This work is necessary and >> independent of the choice of algorithm from the NIST PQC >> competition, so why should we wait until 2023 to _start_ thinking >> about it? Why not do it in parallel, be able to offer alpha test >> versions of PKI products before the conclusion of the NIST PQC, and >> be ready to drop-in the NIST winners the day they're ready? >=20 > One reason to not do it in parallel is that we don't know how the > winning algorithm parameters will look. I can easily imagine NIST > modifying how those are encoded and/or introducing new variations, > after basic algorithms have been picked, leading to things having to > be re-done. >=20 > (Sorry if the quoting is messed up below, if so, it was messed up in > my MUA before I started is my excuse:-) On 16/09/2019 19:06, Daniel > Van Geest wrote: >> Can we support multiple signatures inside a certificate? I don't >> think so. >>=20 >> Why not? Mike=E2=80=99s problem statement draft has two potential >> technical solutions doing just that, each with advantages and >> disadvantages. Or is there more of a logistical or other issue? >> Knowing why you think we can=E2=80=99t support multiple signatures ins= ide a >> certificate could help refine the problem statement. >=20 > Again, that assumes that x.509 is a sensible part of a solution. We > should first question that. (Mike's draft [1] doesn't.) >=20 > Secondly, even if x.509 additions were useful somehow for backwards > compatibility (which I find hard to believe TBH) then dealing with >> 1 certificate is likely far easier than messing about inside certs > and thereby breaking all the lovely/horrible x.509 code out there. So > Mike's section 2.1 [1] is way easier than the 2.[2|3] approaches, > despite it being the one with no specific drafts. >=20 > Again, all that said, I do understand why it may be attractive for > those who produce certificates to argue for putting the PQ magic > beans inside x.509. There are costs elsewhere implied in doing that, > so it ought not be a starting-out assumption. >=20 > I don't consider the question as to why a PQ x.509 is needed nor why > now has been satisfactorily answered so far. >=20 > Cheers, S. >=20 > [1] https://tools.ietf.org/html/draft-pq-pkix-problem-statement >=20 --------------4928B16B301224419FC49086 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------4928B16B301224419FC49086-- --XXjE4Jky5UN8SMGbpSwJcIrL0sZW1cVUR-- --OguAnSOXhQ7Q80Fmqwo6wmuFE3g1LJF7q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl2ABR4ACgkQWrL68XsX K+qcPg//QhGBlXlVSkjzvhT5iHE6RK5as7D57sOOI/MWCG+3kqW7uD+1T9XvQtFm XN/sGaBzYul9eRM2RRWx0kRs4O60t+8Lr1Wi+LYUMEFQReywWz2F13U6uCNhYsmP R+IA5IhogghmYslnVow/S2covh33Zn8pWZcq24DKrpLcch0pyz7ZKg44rfqPxpmu SJdEiq1c7dJqBe6XLoZK77bOrujBGalFcDxVN1+iob0qfkaRm1KKlIVlWG4ztVH2 VgBa1VQ4tpT/AqcrXlpDPcmDjz2vOmkDUGJ1EZaLaYS6dNtZChG02/YWYV9KI+HY dF+XL6TGC1zdDz/eNySreFelLFQOwvaXnrZfOZ+eninRbVLyOVX/SHt69YzVOD1E sOP0qamRZ5JRpQdj7mbir/3vTCWadjX4lMqfQadWwjELnaRKvskch2mEPRgOBjlH BGJ5Z9s9xH1cF7hsQLmg1O5VCVQ3F10YE+Ip6umUbJRxuUbQ+PrXhQpn2aWKZjx5 Px8N0XoRiezplGlaP2czVq7979SgknjwFCXoZrSgYp3a+eLnrcieAS+Nx6aUtv58 JWNPXh516Aet0g7FlNE0VKPgr3O3Mo9vJbjLltsHJYoKGfRB4x38EmcjnvVxAmgD S0hJGyvi2I7RgadzvZIvs6hvdSwJKwwIvNTITgGT+XCkLN/3pUc= =HGjW -----END PGP SIGNATURE----- --OguAnSOXhQ7Q80Fmqwo6wmuFE3g1LJF7q-- From nobody Mon Sep 16 14:59:36 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E81F51201A3 for ; Mon, 16 Sep 2019 14:59:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vvOO-Iwdf_T for ; Mon, 16 Sep 2019 14:59:32 -0700 (PDT) Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62CAA120178 for ; Mon, 16 Sep 2019 14:59:32 -0700 (PDT) Received: by mail-vs1-xe2f.google.com with SMTP id w195so679431vsw.11 for ; Mon, 16 Sep 2019 14:59:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TRVfsq84D+2bI/6o+qE64xij4G+cf5L5TaRm8p7fRos=; b=CVmu3jx+k/CTYIt2SSLGFIFL3cDB4+vosJLnzETZv8b+4gcbQH9cni2ZNUfaQ9cWv2 SjVvcxWDmSiaSq7/jWg5GGlJgEjCVzxR1rei+yKwPJt2TlnMKomcT0Pw3bjIgyXKYQCh ttryI0lHyWew7bXPrObL9fj7cVsGhkZQYd1XBkQRVw5bhehOJsSNR2KUogRZ7t5yPurN IXu3LnIRXbG1+JoBW4vxyl2ECa8zpr2f7tFBx57P5iyaq1f+6eCzUl0XwshEWNsNGbHf bMBxC00Xgp6zsMpYvUzn37X4QwaTLrS+Zq9XgllGXy+6vwn7nCVmecWPVBTBODzu5vwx fZ1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TRVfsq84D+2bI/6o+qE64xij4G+cf5L5TaRm8p7fRos=; b=m9KkiZ0p+3OH9k3nwAtU9NSelfCILxE9v5rhGCDKErpDVXVggWxKd9INjsbIgL9dUe BIuKIFmJHQJQpix4es6y5WXj6eP8eBGUmdF6Aqdxfzx2Q+Apf7nYtP4Sgn/689egJzqq AL20/caAjGE6fCF/bCiFg4/AEjnc1qVHi4uGnQjBilfK3ilNNqYU3onFFiiDywkWrD+I DflRLg2VG6njLFB+tMxReK5NYHrjYOYCD03giiT5KsJDUhKyr7AlhlXUR23yJ3E5KISB aBkSYDoFhUoQIGlX3+sBo0ntzHf1KWragSwafhb5CKXp8Khl4CUZspjd4Ms2pSuV9es/ 05Yw== X-Gm-Message-State: APjAAAUr7jrC7xZD0agwnYcUeDl9wgsOc9F5GIi3v8UatT5wqfhoHWxr /nIFyWXtJ2uG2p1vg4eqM0NaMpw/4FSUF0oPOY4= X-Google-Smtp-Source: APXvYqybybyhg+EN2INZmPKFoOMmLMsRCQxQ8vXtvMc6Wh31RgLR9tQEiKYxh4FW3oHJHdF/tXolF2wcXiFAQ42Cz98= X-Received: by 2002:a67:f9cf:: with SMTP id c15mr134806vsq.240.1568671171558; Mon, 16 Sep 2019 14:59:31 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> In-Reply-To: <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> From: Ira McDonald Date: Mon, 16 Sep 2019 17:59:21 -0400 Message-ID: To: "Salz, Rich" , Ira McDonald Cc: Stephen Farrell , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000f342b00592b2b75b" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 21:59:35 -0000 --000000000000f342b00592b2b75b Content-Type: text/plain; charset="UTF-8" Hi Rich, The autos *do* already support numerous algorithms (including nation-specific mandatory ones). They do update their crypto (for bug-fixes and for new algorithms). But when new algorithms are from an entirely different family and need hardware acceleration to achieve hard timing constraints *within* vehicle internal networks, there is no practical solution. Auto OEMs and parts suppliers are not going to dramatically increase the cost of their ECUs in order to add FPGAs or something else to allow field upgrades of their hardware acceleration. I perceive that this list doesn't care about this issue. Beware your lovely "connected cars" in future years. I'll give up doing a poor job of explaining the problem on this list. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com PO Box 221 Grand Marais, MI 49839 906-494-2434 On Mon, Sep 16, 2019 at 5:53 PM Salz, Rich wrote: > So why are multiple algorithms needed if the target platform (cars) cannot > update to handle them? > --000000000000f342b00592b2b75b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Rich,

The autos *do* alre= ady support numerous algorithms (including
nation-specific mandat= ory ones).=C2=A0 They do update their crypto
(for bug-fixes and f= or new algorithms).=C2=A0 But when new algorithms
are from an ent= irely different family and need hardware acceleration
to achieve = hard timing constraints *within* vehicle internal networks,
there= is no practical solution.=C2=A0 Auto OEMs and parts suppliers are
not going to dramatically increase the cost of their ECUs in order
<= div>to add FPGAs or something else to allow field upgrades of theirhardware acceleration.

I perceive that this lis= t doesn't care about this issue.=C2=A0 Beware your
lovely &qu= ot;connected cars" in future years.=C2=A0 I'll give up doing a poo= r
job of explaining the problem on this list.

Cheers,
- Ira


On Mon, Sep 16, 2019 at 5:53 PM= Salz, Rich <rsalz@akamai.com>= ; wrote:

So why are multiple algorithms needed if the target = platform (cars) cannot update to handle them?

--000000000000f342b00592b2b75b-- From nobody Mon Sep 16 15:09:13 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E136F12022A for ; Mon, 16 Sep 2019 15:09:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoyT-z8vPY2Y for ; Mon, 16 Sep 2019 15:09:09 -0700 (PDT) Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07044120219 for ; Mon, 16 Sep 2019 15:09:08 -0700 (PDT) Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8GM75es019949; Mon, 16 Sep 2019 23:09:04 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=ahzvJLIDghewnViq1B0/gopP93EFngUgBOoa4zqd7vw=; b=aHHjscjyesoxgWW2UbgEeJ920ldLmlIuxdaDb9UTdRfObwxCMpa2K2ZJr2/ZGn/d6v1T 9aDu4kwZrfpX6eM0xQ2vIkt6RbfTNRuj2tuh6GVoJ4F8eDcuEqyKeya4asfMjcIk+68V X8bSl2jd3u2hStuUFtMbePsPadTdkTgZnfZYNvJjZp6gMBT3xFYjIc26ivbPi8oGp248 c/qS8F6ptOg6Ns0v3FJ3KBIRsCerQT5keAC5IRywtbG0FuIc9bbkyEd7ifAlWrpA7V2A DIaGvRFpjrrybwZkeYByi0nS7upDiqid+pMWulDj/HaLmU/yNpPAb2pOj0OyDw7iIa7u 4w== Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2v0r8hjyv5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Sep 2019 23:09:03 +0100 Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x8GM3992022795; Mon, 16 Sep 2019 15:09:02 -0700 Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint5.akamai.com with ESMTP id 2v0x67bewn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 16 Sep 2019 15:09:02 -0700 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Sep 2019 18:09:01 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1473.005; Mon, 16 Sep 2019 18:09:01 -0400 From: "Salz, Rich" To: Ira McDonald CC: Stephen Farrell , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaXfVxcavif61SUGWKpDq+p2d8acoqyKAgAIKrYCAAAJdAP//vpSAgAJ/loCAAB3FAIAB/xSAgAANvID//753gIAARLmA//+/pAA= Date: Mon, 16 Sep 2019 22:09:00 +0000 Message-ID: References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.1d.0.190908 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.32.183] Content-Type: multipart/alternative; boundary="_000_E55FFB18ABB5442AB41ACC7678076C26akamaicom_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-16_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=736 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909160210 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-16_08:2019-09-11,2019-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 impostorscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=718 mlxscore=0 phishscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909160210 Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 22:09:11 -0000 --_000_E55FFB18ABB5442AB41ACC7678076C26akamaicom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U28geW91IHdhbnQgc29tZXRoaW5nIGRlZmluZWQgbm93IHNvIHRoYXQgaGFyZHdhcmUgYWNjZWxl cmF0aW9uIGNhbiBiZSBkZXZlbG9wZWQsIHdoZW4gd2UgZG9u4oCZdCBrbm93IHdoYXQgYWxnb3Jp dGhtcyB3ZeKAmWxsIGFjdHVhbGx5IG5lZWQgcG9zdC1xdWFudHVtPyBUaGF04oCZcyBhIGJpdCBz bmFya3ksIGJ1dCBkb2VzIGl0IGNhcHR1cmUgd2hhdCB5b3UgYXJlIHNheWluZz8NCg0KICAgICAg ICAgICAgICAgIC9yJCwgamFjayBvZiBhbGwgdHJhZGVzIG1hc3RlciBvZiBub25lDQoNCg== --_000_E55FFB18ABB5442AB41ACC7678076C26akamaicom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5F bWFpbFN0eWxlMTgNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1p bHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVm YXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30N CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4g MS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9u MTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUi IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPlNvIHlvdSB3YW50IHNvbWV0aGluZyBkZWZpbmVkIG5vdyBzbyB0aGF0IGhhcmR3 YXJlIGFjY2VsZXJhdGlvbiBjYW4gYmUgZGV2ZWxvcGVkLCB3aGVuIHdlIGRvbuKAmXQga25vdyB3 aGF0IGFsZ29yaXRobXMgd2XigJlsbCBhY3R1YWxseSBuZWVkIHBvc3QtcXVhbnR1bT8gVGhhdOKA mXMgYSBiaXQgc25hcmt5LCBidXQgZG9lcyBpdCBjYXB0dXJlIHdoYXQgeW91IGFyZSBzYXlpbmc/ PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyAvciQsIGphY2sgb2YgYWxsIHRyYWRlcyBtYXN0ZXIgb2Ygbm9uZTxvOnA+PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvYm9k eT4NCjwvaHRtbD4NCg== --_000_E55FFB18ABB5442AB41ACC7678076C26akamaicom_-- From nobody Mon Sep 16 16:16:11 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11D3C12006D for ; Mon, 16 Sep 2019 16:16:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.998 X-Spam-Level: X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkuQCVJ3Fu-7 for ; Mon, 16 Sep 2019 16:16:07 -0700 (PDT) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA77E12001E for ; Mon, 16 Sep 2019 16:16:06 -0700 (PDT) Received: by mail-wm1-x336.google.com with SMTP id o184so958385wme.3 for ; Mon, 16 Sep 2019 16:16:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aLF5abKdy27bRLDGqJUGPmMAgLXlZ4logqqetYDOTOY=; b=tLry7fFXD56TN86ArD3M0s2AXEivStOo0hrgpeAQd+JuVpHgsHVqRqH6rn91nsfcwe aCU9BRXi0hYr0cuOGGLcVuLSTjrTBJPZpIyFAiXBBpMOEcqT4o+tu1dSyM9uePY0b25i Qu28LJiTDYCCbb4DCV4AxyQDNvA0Kk/qDhBMOsY6nsgzAoYpNKHKC/1NZTGwwZ1NCSRA vayoQRuroFHdrcqSaraUdKogGC30wP0zBR+4SrG7+tbR/J5Qoq7UP3Dpops/mZnqPQdu GG2hpSzx1635iZirCG42dTbtOmEKqQw6aXjTSeWBbLyhBkH+U16z8F3lnDYod+mGRavy lmgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aLF5abKdy27bRLDGqJUGPmMAgLXlZ4logqqetYDOTOY=; b=C/w7pyhdCAKf/bXXNbHA575xr4h+seKSbhHaqDaNG4W6DWzKXkl9pM8BG1E8ATATsT KhxwScNFsxe7PQMjcMylQrGJi4Lvqz/pCXwjjsSiByXasb0ejd6RFmBOSiS90PtO1lmn S+SwpCc04FT2avm7qeBIxHbB7zX5s+gaOKyP40iP2YeOrCjTzk6STOUG/jruPICXyYyh eawqZt0A1wu+abl7t6H6yrjc8UdtULqnQR8CSRd8UDtTfZpA4rnrBG8OWCElO4H6V52i Gx3ExyDx55qesTeT5fA7hHsuDTh1bWE8PdlFeP6tQMEocWoWmF1YnMc0MgqotGMBCpGt bDkw== X-Gm-Message-State: APjAAAU80QJ1rGntjhtg435jGWcF3vwanYtHAEwMpO4p2VCqgWMwxrX9 87ML16kBzIcMW6ZycNLJnWH19iPpcD9fU3JNYGg= X-Google-Smtp-Source: APXvYqyVxL3liNjt39TIUar2MVeGqK3O0TGoX/g0lKJCHvu64XRtIDZ2PVuoiOmG3D3T5aEJExiY1HRslzH64oMurpY= X-Received: by 2002:a7b:c92b:: with SMTP id h11mr1068405wml.10.1568675765199; Mon, 16 Sep 2019 16:16:05 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> In-Reply-To: From: Ira McDonald Date: Mon, 16 Sep 2019 19:15:54 -0400 Message-ID: To: "Salz, Rich" , Ira McDonald Cc: Stephen Farrell , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000c0ab2a0592b3c989" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2019 23:16:09 -0000 --000000000000c0ab2a0592b3c989 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Rich, We're still talking past each other. I'm aware that we can't pre-load hardware acceleration for new algorithms yet to be defined. But the lack of that hardware acceleration is going to be a practical deterrent to crypto agility in these long-lived automotive ECUs in future years. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com PO Box 221 Grand Marais, MI 49839 906-494-2434 On Mon, Sep 16, 2019 at 6:09 PM Salz, Rich wrote: > So you want something defined now so that hardware acceleration can be > developed, when we don=E2=80=99t know what algorithms we=E2=80=99ll actua= lly need > post-quantum? That=E2=80=99s a bit snarky, but does it capture what you a= re saying? > > > > /r$, jack of all trades master of none > > > --000000000000c0ab2a0592b3c989 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Rich,

We're still tal= king past each other.=C2=A0 I'm aware that we can't
pre-l= oad hardware acceleration for new algorithms yet to
be defined.= =C2=A0 But the lack of that hardware acceleration is
going to be = a practical deterrent to crypto agility in these
long-lived autom= otive ECUs in future years.=C2=A0

Cheers,
- Ira

Ira McDonald (Musicia= n / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer= Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High N= orth Inc
http://sites.google.com/site/bluer= oofmusic
http://sites.google.com/site/hi= ghnorthinc
mailto: blueroofmusic@gmail.com
PO Box 221=C2=A0 Grand Marais, M= I 49839=C2=A0 906-494-2434



On Mon, Sep 16, 2019 at 6:09 PM Salz, Rich <rsalz@akamai.com> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex">

So you want something defined now so that hardware a= cceleration can be developed, when we don=E2=80=99t know what algorithms we= =E2=80=99ll actually need post-quantum? That=E2=80=99s a bit snarky, but do= es it capture what you are saying?

=C2=A0

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 /r$, jack of all trades master of n= one

=C2=A0

--000000000000c0ab2a0592b3c989-- From nobody Tue Sep 17 07:10:06 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43CC012002E for ; Tue, 17 Sep 2019 07:10:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QqgIMimIZc-K for ; Tue, 17 Sep 2019 07:10:01 -0700 (PDT) Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AA9E120878 for ; Tue, 17 Sep 2019 07:10:00 -0700 (PDT) Received: by mail-lf1-x12a.google.com with SMTP id w67so3019334lff.4 for ; Tue, 17 Sep 2019 07:10:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+2+WbSUzmcHJFR1vUrzykmoZkrCFJUQPYBx2PejqSrY=; b=c7dSnQjdvhRH/PXK6FdSeYY/LJb3YcFiXTaqKzXWy4Dt6HTImZJ/j/HdTqlB59iPjt zMUdqjcAnaPlHMIZVgL3GRFCXf6/FScpZo0OVPC/bKZSdwQgYfecRnA6/KdEOk9ti3jd RhNFv99c8nA0cSoCtLt78WBz0wSaaP14qDrxh+dYBbPizdpl1P/mSGPKMUVYPRq6jY5h e7cp46Y6I5bFRgaXQGRfYYS8tXm6vvZL51k7YNF8tZAEPG96o6mG0oypvD5Spwj1Qd6g 6TFrfCxwKuvsaZ6Bm8t9Yl9DG69rxHQaWRl1K2II8nUgjsFxKNprZWubmtsrMgYofGnX kBWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+2+WbSUzmcHJFR1vUrzykmoZkrCFJUQPYBx2PejqSrY=; b=rJgEJGdjAuE9TdL5b6uGwA2KSlhPNHz3fyVL2uRSEguWDf9w5DAI9mgl9casVf1yDq 53hecnWeo6HvqTmk9h6stDWGILg7MPMQtGHIHrk2Yu80DpdkbUqTsLOxQDql7p9kEH3r hdl46vg3YRg9ubgped7onjRjQMH7PTBaYk3Kb5ZEJjFDT+qLA9NQlN1eXRVDE9hIDgg5 YBabJbOc/5PUl1ndXdoVUTeRmIHB7UnO2XQ1hHdEOWGdFonR5c5LC09yEIrQ6xRdgGiA UpXJTl08AP0ogKrXQbcowpOqfaYY0r4pyHd3PyO1udBqP9u418+fMTXnSgNwCeRuw7X4 1bNg== X-Gm-Message-State: APjAAAVMeqDRBGAXnDbNruT2kNNU30H6R9A0Ceo/CvdmkYX18MFlg+44 J+9V2JLhVRftozh0I+kIyklUc/TdSZbZ0mrywKNaMqcJ X-Google-Smtp-Source: APXvYqx1pFL+LeNRjHB8ETKoOPL54Ffl5pKS62avVHrfWlcbHGBy2TI4BQK7ng1nAElW09I59Gn70IRGnF0vWwB/DQg= X-Received: by 2002:ac2:5090:: with SMTP id f16mr2377120lfm.66.1568729398651; Tue, 17 Sep 2019 07:09:58 -0700 (PDT) MIME-Version: 1.0 From: Douglas Stebila Date: Tue, 17 Sep 2019 10:09:47 -0400 Message-ID: To: secdispatch@ietf.org Content-Type: multipart/alternative; boundary="0000000000008e31200592c0463d" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 14:10:04 -0000 --0000000000008e31200592c0463d Content-Type: text/plain; charset="UTF-8" I'm a little late to the discussion, and new to the secdispatch mailing list, but hopefully not too late. I think this is an important problem to address, and sooner rather than later. NIST is still a few years away from having an outcome, but we can start laying the framework for how we'll use the resulting algorithms. Although not everyone is convinced by "hybrid" / "multi-algorithm", there seems to be sufficient interest for it (e.g., the panel discussion at the NIST PQC standardization conference last month), that it's worth investing the time to investigate further. I'm involved in a draft about hybrid key exchange in TLS for which there is no clear path, but lots of opinions and discussion worth having. I'm also involved in an open source project (openquantumsafe.org) where we are already wanting to prototype hybrid authentication in protocols relying on X.509, and we'd be happy to coordinate with others wanting to do so. It would be really unfortunate if deployment of quantum-resistant algorithms was delayed even further because we spend 3-5 years struggling with network protocols and standards *after* NIST picks some algorithms, when we could have started that aspect earlier. Douglas On Wed, 11 September 2019, Mike Ounsworth < Mike.Ounsworth@entrustdatacard.com> wrote: Hi SecDispatch, > This got bounced here from LAMPS because the scope is potentially more > than a "limited" pkix change, and because this needs multi-WG visibility to > decide on a category of solution. > > > Background / history > -------------------- > The Post-Quantum community (for example, surrounding the NIST PQC > competition), is pushing for "hybridized" crypto that combines RSA/ECC with > new primitives in order to hedge our bets against both quantum adversaries, > and also algorithmic / mathematical breaks of the new primitives. > > A year and a half ago, a draft was put to LAMPS for putting PQ public key > and signatures into X.509v3 extensions. This draft has been allowed to > expire, but is being pursued at the ITU. > https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ > > Earlier this year, a new draft was put to LAMPS for defining "composite" > public key and signature algorithms that, essentially, concatenate multiple > crypto algorithms into a single key or signature octet string. This draft > stalled in LAMPS over whether it is the correct overall approach. > https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ > > Now I'm taking a step back and submitting a draft that acts as a > semi-formal problem statement, and an overview of the three main categories > of solutions. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > > > > My Opinion > ---------- > Personally, I'm fairly agnostic to the chosen solution, but feel that we > need some kind of standard(s) around the post-quantum transition for > certificates and PKI. Personally, I feel that Composite is mature enough as > an idea to standardize as a tool in our toolbox for contexts where it makes > sense, even if a different mechanism is preferred for TLS and IPSEC/IKE. > > > > Requested action from SECDISPATCH > --------------------------------- > 1. Feedback on the problem statement draft. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > 2. Discussion of how to progress this. > > > > PS I'm a new IETF'er, please be gentle :P > Thanks, > - - - > Mike Ounsworth | Software Security Architect > Entrust Datacard --0000000000008e31200592c0463d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I'm a little late to the discussion, and new to the se= cdispatch mailing list, but hopefully not too late.=C2=A0 I think this is a= n important problem to address, and sooner rather than later.=C2=A0 NIST is= still a few years away from having an outcome, but we can start laying the= framework for how we'll use the resulting algorithms.=C2=A0 Although n= ot everyone is convinced by "hybrid" / "multi-algorithm"= ;, there seems to be sufficient interest for it (e.g., the panel discussion= at the NIST PQC standardization conference last month), that it's wort= h investing the time to investigate further.=C2=A0 I'm involved in a dr= aft about hybrid key exchange in TLS for which there is no clear path, but = lots of opinions and discussion worth having.=C2=A0 I'm also involved i= n an open source project (openquantu= msafe.org) where we are already wanting to prototype hybrid authenticat= ion in protocols relying on X.509, and we'd be happy to coordinate with= others wanting to do so.=C2=A0 It would be really unfortunate if deploymen= t of quantum-resistant algorithms was delayed even further because we spend= 3-5 years struggling with network protocols and standards *after* NIST pic= ks some algorithms, when we could have started that aspect earlier.

= Douglas


On Wed, 11 September 2019, Mike Ounsworth <Mike.Ounsworth@entrustdatacard.= com> wrote:

Hi SecDispatch,
This got bounced here from LAMPS because the scope is p= otentially more than a "limited" pkix change, and because this ne= eds multi-WG visibility to decide on a category of solution.


Bac= kground / history
--------------------
The Post-Quantum community (fo= r example, surrounding the NIST PQC competition), is pushing for "hybr= idized" crypto that combines RSA/ECC with new primitives in order to h= edge our bets against both quantum adversaries, and also algorithmic / math= ematical breaks of the new primitives.

A year and a half ago, a draf= t was put to LAMPS for putting PQ public key and signatures into X.509v3 ex= tensions. This draft has been allowed to expire, but is being pursued at th= e ITU.
https://datatracker.ietf.org/doc/draft-truskovsky-lamps-= pq-hybrid-x509/

Earlier this year, a new draft was put to LAMPS = for defining "composite" public key and signature algorithms that= , essentially, concatenate multiple crypto algorithms into a single key or = signature octet string. This draft stalled in LAMPS over whether it is the = correct overall approach.
https://datatracker.ietf.org/doc/draft-ou= nsworth-pq-composite-sigs/

Now I'm taking a step back and su= bmitting a draft that acts as a semi-formal problem statement, and an overv= iew of the three main categories of solutions.
https://datatracker.ie= tf.org/doc/draft-pq-pkix-problem-statement/



My Opinion----------
Personally, I'm fairly agnostic to the chosen solution,= but feel that we need some kind of standard(s) around the post-quantum tra= nsition for certificates and PKI. Personally, I feel that Composite is matu= re enough as an idea to standardize as a tool in our toolbox for contexts w= here it makes sense, even if a different mechanism is preferred for TLS and= IPSEC/IKE.



Requested action from SECDISPATCH
-----------= ----------------------
1. Feedback on the problem statement draft. ht= tps://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/
2. D= iscussion of how to progress this.



PS I'm a new IETF'= ;er, please be gentle :P
Thanks,
- - -
Mike Ounsworth | Software S= ecurity Architect
Entrust Datacard
--0000000000008e31200592c0463d-- From nobody Tue Sep 17 07:51:23 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37BBA1200D8 for ; Tue, 17 Sep 2019 07:51:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EzlqHPu63eEE for ; Tue, 17 Sep 2019 07:51:18 -0700 (PDT) Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A3E8120059 for ; Tue, 17 Sep 2019 07:51:18 -0700 (PDT) IronPort-SDR: m1nfUXs/FrnaSxWUC5Yfsf941s+RcNQN+MXpWcb0FsHOwXewTPvFSpqf/7wquoPASHzebeD400 VFJvFGyTubPw== X-IronPort-AV: E=Sophos;i="5.64,516,1559538000"; d="scan'208";a="57174841" Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Sep 2019 09:51:17 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Sep 2019 09:51:17 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 17 Sep 2019 09:51:17 -0500 From: Mike Ounsworth To: Stephen Farrell , "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVaqTmZcXGWCwcF0WYVOY/XovtiqctBL+AgAAdxQCAAf8UgP//rotggABhqQCAAMaPYA== Date: Tue, 17 Sep 2019 14:51:17 +0000 Message-ID: <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> In-Reply-To: Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 14:51:21 -0000 SGkgU3RlcGhlbiwNCg0KSSB3YW50IHRvIHBvaW50IG91dCB0aGF0IHdoaWxlIHRoaXMgZGlzY3Vz c2lvbiBhbmQgZXhpc3RpbmcgY2FtZSBmcm9tIExBTVBTLCBhbmQgdGhlcmVmb3JlIGFyZSBYLjUw OSAvIFBLSVggaW4gbmF0dXJlLCB0aGUgIkNvbXBvc2l0ZSIgcHJvcG9zYWwgaW4gbXkgUHJvYmxl bSBTdGF0ZW1lbnQgZHJhZnQgaXMgbG93ZXIgbGV2ZWwgdGhhbiBYLjUwOSBhbmQgY291bGQgYmUg YXBwbGllZCB0byBhbnkgcHJvdG9jb2wgdGhhdCB1c2VzIG9jdGV0IHN0cmluZ3MgZm9yIHB1Ymxp YyBrZXlzIGFuZCBzaWduYXR1cmVzLg0KDQoNCkkndmUgcG9zdGVkIGEgbmV3IHZlcnNpb24gd2l0 aCBtaW5vciB0d2Vha3MgdG8gbWFrZSB0aGF0IG1vcmUgY2xlYXIuDQoNCmh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LXBxLXBraXgtcHJvYmxlbS1zdGF0ZW1lbnQvDQoNCi0g LSAtDQpNaWtlIE91bnN3b3J0aCB8IE9mZmljZTogKzEgKDYxMykgMjcwLTI4NzMNCg0KLS0tLS1P cmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbi5mYXJy ZWxsQGNzLnRjZC5pZT4gDQpTZW50OiBNb25kYXksIFNlcHRlbWJlciAxNiwgMjAxOSA0OjU3IFBN DQpUbzogTWlrZSBPdW5zd29ydGggPE1pa2UuT3Vuc3dvcnRoQGVudHJ1c3RkYXRhY2FyZC5jb20+ OyBzZWNkaXNwYXRjaEBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtFWFRFUk5BTF1SZTogW1NlY2Rp c3BhdGNoXSBQcm9ibGVtIHN0YXRlbWVudCBmb3IgcG9zdC1xdWFudHVtIG11bHRpLWFsZ29yaXRo bSBQS0kNCg0KDQpIaXlhLA0KDQpPbiAxNi8wOS8yMDE5IDIyOjM3LCBNaWtlIE91bnN3b3J0aCB3 cm90ZToNCj4gSGkgU3RlcGhlbiwNCj4gDQo+IEkgZmVlbCBsaWtlIHdlJ3JlIGFyZ3VpbmcgaW4g Y2lyY2xlcyBoZXJlIGFuZCBub3QgbWFraW5nIGFueSBwcm9ncmVzcy4NCg0KSSBkb24ndCB0aGlu ayB3ZSdyZSBhcmd1aW5nIGluIGNpcmNsZXMuIChXaGVuIG9uZSBvZiB1cyBzYXlzIHRoYXQgYWdh aW4sIHlvdSBtYXkgaGF2ZSBhIGNhc2U6LSkNCg0KPiBSZTogZmlndXJpbmcgb3V0ICJoeWJyaWQg c2lnbmF0dXJlIGF1dGhlbnRpY2F0aW9uIiBpbiBwYXJhbGxlbCB3aXRoIA0KPiBOSVNUOyBZb3Ug c2VlbSB0byBiZSBpbXBseWluZyB0aGF0IHdlIGNhbid0IHdvcmsgb24gZGVmaW5pbmcgbWVzc2Fn ZSANCj4gc3RydWN0dXJlcyB0byBob2xkIG11bHRpcGxlIGtleXMgYW5kIHNpZ25hdHVyZXMgdW50 aWwgd2Uga25vdyB0aGUgDQo+IGV4YWN0IGVuY29kaW5ncyBvZiB0aGUgTklTVCB3aW5uZXJzLiBJ J20gbm90IHN1cmUgSSBmb2xsb3cgdGhlIHJlYXNvbiANCj4gd2h5Lg0KDQoiY2FuJ3Qgd29yayIg aXMgbm90IHdoYXQgSSBzYWlkLiBJIGFyZ3VlZCBpdCdkIGJlIHVud2lzZS4gTXkgZXhwZXJpZW5j ZSBvZiB0aGUgb3V0cHV0IG9mIE5JU1QgY29tcGV0aXRpb25zIGlzIHRoYXQgaXQgc2VlbXMgb2Z0 ZW4gZm9sbG93ZWQgYnkgYSB5ZWFyIG9yIHNvIG9mIGNvbmZ1c2lvbiBhcyB0byBob3cgdG8gcmVw cmVzZW50IGFsZ29yaXRobSBwYXJhbWV0ZXJzIGFuZCBhcyB0byBob3cgbWFueSB2YXJpYW50cyBv ZiBhbGdvcml0aG1zIGFyZSBkZWZpbmVkLiBJIGFsc28gcmVjYWxsIHRoZSBOVUxMIEFsZ29yaXRo bUlkZW50aWZpZXIgcGFyYW1ldGVycyBmdW4gd2l0aCB4LjUwOSBnb2luZyBvbiBmb3IgeWVhcnMu IEkgYmV0IGlmIHlvdSB3ZW50IHRvIHN0YWNrZXhjaGFuZ2UgeW91J2QgZmluZCBxdWl0ZSByZWNl bnQgcXVlc3Rpb25zIHJlc3VsdGluZyBmcm9tIHRoYXQgZGVjYWRlcyBvbGQgbGFjayBvZiBjbGFy aXR5IGluIGRlZmluaW5nIHN1Y2ggdGhpbmdzLg0KDQo+IA0KPiBDdXJyZW50bHksIHNvbWV0aGlu ZyBsaWtlLCBmb3IgZXhhbXBsZSwgQ01TIChSRkMgNTY1MikgIGlzIGFic3RyYWN0ZWQgDQo+IGF3 YXkgZnJvbSB0aGUgZW5jb2RpbmdzIG9mIGEgZ2l2ZW4gYWxnb3JpdGhtOyBhbiBhbGdvcml0aG0g Y2FuIGNob29zZSANCj4gYW55IG1ldGhvZCBpdCB3aXNoZXMgdG8gdHVybiBpdHMgcHVibGljIGtl eSBhbmQgc2lnbmF0dXJlIGludG8gYW4gDQo+IG9jdGV0IHN0cmluZzsgaG93IGl0IGRvZXMgaXQg aXMgYW4gaW50ZXJuYWwgZGV0YWlsIG9mIHRoZSBhbGdvcml0aG0gDQo+IGFuZCBoYXMgbm8gYmVh cmluZyBvbiB0aGUgQ01TIHNwZWMuIFRoaXMgaXMgYWJzdHJhY3Rpb24gYmV0d2VlbiANCj4gcHJv dG9jb2wgYW5kIGNyeXB0byBpcyBhIGNvcmUgcGFydCBvZiBjcnlwdG8gYWdpbGl0eS4gU3VyZWx5 IHdlIGNhbiANCj4gc3RhcnQgdGhpbmtpbmcgYWJvdXQgaG93IHRvIHByb3Blcmx5IGNvbWJpbmUg bXVsdGlwbGUgc2lnbmF0dXJlcyANCj4gYmVmb3JlIHdlIGtub3cgZXhhY3RseSB3aGF0IHRob3Nl IHNpZ25hdHVyZXMgd2lsbCBiZS4NCg0KU3VyZSwgY2hhdHRpbmcgYWJvdXQgdGhhdCBsYXN0IGlz IGZpbmUgYW5kIEknbSBoYXBweSB0byBlbmdhZ2UuDQpTdGFydGluZyBmcm9tIGFuIGFzc3VtcHRp b24gdGhhdCB0aGF0IG1peGluZyBpcyBkb25lIGluc2lkZSB4LjUwOSBpcyBiZWdnaW5nIHRoZSBx dWVzdGlvbiB0aG91Z2guDQoNCj4gUmU6ICJXaHkgWC41MDk/IiBZb3Ugc2VlbSB0byBiZSBleHBl Y3RpbmcgbWUgdG8ganVzdGlmeSB3aHkgWC41MDkgaXMgDQo+IHdvcnRoIGtlZXBpbmcuIEknbSBl eHBlY3RpbmcgeW91IHRvIHByb3Bvc2UgYW4gYWx0ZXJuYXRpdmUgYW5kIGp1c3RpZnkgDQo+IHdo eSBpdCdzIGJldHRlci4gV2UncmUgYXQgYSBzdGFsZW1hdGUuDQoNCk5vLiBXZSdyZSBrZWVwaW5n IHguNTA5IChzYWRseTotKS4gWWVzLCBJJ20gYXNraW5nIGZvciByZWFzb25zIHdoeSBpdCBpcyBu ZWNlc3NhcnkgdG8gbW9kaWZ5IHguNTA5IGZvciBhIFBRIFBLSS4gSWYgeW91IGRvbid0IGhhdmUg YW55IGFyZ3VtZW50IHRvIHRoYXQgZWZmZWN0IHRoYXQncyBmaW5lLCB5b3UncmUgdGhlbiBhcmd1 aW5nIHRoYXQgdGhpcyBkZXNpZ24gaXMgZWFzaWVyIGZvciB5b3UuIFRoYXQncyBhIHNhbmUgYXJn dW1lbnQgZm9yIHdoYXQgY291bGQgYmUgY29uc2lkZXJlZCBhIG5vdC1zYW5lIG91dGNvbWU6LSkN Cg0KPiBTaW5jZSBYLjUwOSBpcyB0aGUgYWNjZXB0ZWQgc3RhbmRhcmQsIEkgdGhpbmsgdGhlIGJh bGwncyBpbiB5b3VyIGNvdXJ0IA0KPiBoZXJlIHRvIGp1c3RpZnkgd2h5IGl0IHNob3VsZCBiZSBi aW5uZWQuDQoNCk11bHRpcGxlIGFsZ3Mva2V5cyBwZXIgY2VydCByZXF1aXJlcyBldmVyeW9uZSB3 aG8gdXNlcw0KeC41MDkgbm93IHRvIGNoYW5nZS4gVGhhdCBpcyBub3Qgd2FycmFudGVkIGJ5IHdp c2hlcyBmb3IgYSBQUSBQS0kgYXQgdGhpcyBwb2ludCwgYW5kIHBlcmhhcHMgbmV2ZXIuDQoNClRo YXQgYW5kIGl0J3MgYW4gfjMwIHllYXIgb2xkIG5vdCB2ZXJ5IGdvb2QgdGVjaG5vbG9neSwgc28g eWVhaCwgbWF5YmUgSSdtIGp1c3QgZmVkIHVwIHdpdGggaXQgaGF2aW5nIGZpcnN0IHdyaXR0ZW4g Y29kZSBmb3IgeC41MDkgaW4gYWJvdXQgMTk5MjstKQ0KDQpDaGVlcnMsDQpTLg0KDQo+IA0KPiAN Cj4gLSAtIC0gTWlrZSBPdW5zd29ydGggfCBPZmZpY2U6ICsxICg2MTMpIDI3MC0yODczDQo+IA0K PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLSBGcm9tOiBTZWNkaXNwYXRjaCANCj4gPHNlY2Rp c3BhdGNoLWJvdW5jZXNAaWV0Zi5vcmc+IE9uIEJlaGFsZiBPZiBTdGVwaGVuIEZhcnJlbGwgU2Vu dDoNCj4gTW9uZGF5LCBTZXB0ZW1iZXIgMTYsIDIwMTkgMzo1OSBQTSBUbzogc2VjZGlzcGF0Y2hA aWV0Zi5vcmcgU3ViamVjdDoNCj4gW0VYVEVSTkFMXVJlOiBbU2VjZGlzcGF0Y2hdIFByb2JsZW0g c3RhdGVtZW50IGZvciBwb3N0LXF1YW50dW0gDQo+IG11bHRpLWFsZ29yaXRobSBQS0kNCj4gDQo+ IA0KPiBIaXlhLA0KPiANCj4gUmVwbHlpbmcgdG8gdmFyaW91cyBmb2xrcyBhdCBvbmNlLi4uDQo+ IA0KPiBPbiAxNS8wOS8yMDE5IDE1OjI5LCBJcmEgTWNEb25hbGQgd3JvdGU6DQo+PiBIaSwNCj4+ IA0KPj4gVGhhbmtzIGZvciB0aGUgbGluayB0byBLZW5ueSdzIHRhbGsuDQo+PiANCj4+IFN0ZXBo ZW4gLSBUaGUgaGFyZCBwcm9ibGVtIGZvciBhdXRvbW90aXZlIHZlaGljbGVzIGlzIHRoYXQsIGV2 ZW4gaWYgIA0KPj4gUXVhbnR1bSBDb21wdXRpbmcgbmV2ZXIgY29tZXMgdG8gcGFzcywgYWxnb3Jp dGhtcyBhbmQgdmFyaW91cyANCj4+IGltcGxlbWVudGF0aW9ucyBnbyBvbiBoYXZpbmcgbmV3IHdl YWtuZXNzZXMgZm91bmQgb3ZlciB0aW1lLiBCdXQgDQo+PiBkZWNlbnQgcGVyZm9ybWFuY2UgcmVx dWlyZXMgaGFyZHdhcmUgYXNzaXN0LCBpbiBtYW55IGNhc2VzLiBCdXQgDQo+PiBhdXRvbW90aXZl IEVDVXMgYXJlIHZlcnkgdW5saWtlbHkgdG8gc3RhcnQgaGF2ZSBsYXJnZSBGUEdBcyBhZGRlZCAN Cj4+IHNvb24uICBSZXBsYWNpbmcgMTAwcyBvZiBleHBlbnNpdmUgRUNVcyBpbiBmaWVsZGVkIHZl aGljbGVzIHRvIGFsbG93IA0KPj4gcHJhY3RpY2FsIGFsZ29yaXRobSBhZ2lsaXR5IGlzIG5vdCBn b2luZyB0byBoYXBwZW4uICBUaGlzIGlzc3VlIHRoYXQgDQo+PiBNaWNoYWVsIFJpY2hhcmRzb24g bWVudGlvbmVkIGlzIGF0IHRoZSB0b3Agb2YgdGhlIGxpc3QgZm9yIHRoZSANCj4+IGF1dG9tb3Rp dmUgY3liZXJzZWN1cml0eSBjb21tdW5pdHkuDQo+IA0KPiBJIGRvbid0IHVuZGVyc3RhbmQgaG93 IGRldmljZXMgdGhhdCBhcmUgbm90IGdvaW5nIHRvIGJlIHVwZGF0ZWQgY2FuIA0KPiBzdXBwb3J0 IGFsZ29yaXRobSBhZ2lsaXR5LiBQZXJoYXBzIHlvdSBtZWFuIHRoYXQgeW91IHdhbnQgdG8gZGVw bG95IA0KPiB0aG9zZSBkZXZpY2VzIHNvb24gYW5kIG5vdCB1cGRhdGUgZm9yIGEgY291cGxlIG9m IGRlY2FkZXMgb3IgDQo+IHNvbWV0aGluZz8gSWYgc28sIHRoYXQgc291bmQgbGlrZSBhIGJhZCBw bGFuIHRvIG1lLCBhbmQgb25lIHRoYXQnZCBiZSANCj4gYmV0dGVyIHRvIG5vdCBjYXRlciB0byBy ZWFsbHkuIChSRkM4MjQwIGhhcyBsb3RzIG9mIGRpc2N1c3Npb24gb2YNCj4gdGhhdC4pDQo+IA0K PiANCj4gT24gMTYvMDkvMjAxOSAxNzowNSwgTWlrZSBPdW5zd29ydGggd3JvdGU6DQo+PiBNeSBH b2FsOiBtdWx0aS12ZW5kb3IgaW50ZXJvcCBvbiBQUSBjZXJ0aWZpY2F0ZXMuDQo+IA0KPiBUaGF0 IHNlZW1zIHRvIGJlZyB0aGUgcXVlc3Rpb24gYWdhaW4gYXMgdG8gd2h5IHguNTA5IGlzIG5lZWRl ZCBhdCBhbGwgDQo+IGFzIHBhcnQgb2YgYSBQUSBzb2x1dGlvbi4NCj4gDQo+PiBJJ20gY29taW5n IGZyb20gdGhlIHBlcnNwZWN0aXZlIG9mIGEgQ0E7IGl0IGNhbiB0YWtlIHllYXJzIHRvIA0KPj4g ZGlzdHJpYnV0ZSBhIHJvb3QgY2VydCB0byBhbGwgdGhlIHBsYWNlcyBpdCBuZWVkcyB0byBiZSBi ZWZvcmUgeW91IA0KPj4gY2FuIHJlYWxseSBzdGFydCB1c2luZyBpdC4gUGx1cywgcGVvcGxlIHdh bnQgdG8gcGxheWluZyB3aXRoIHRoZXNlIA0KPj4gdGhpbmdzIEFTQVAgdG8gdW5kZXJzdGFuZCB0 aGUgc2NvcGUgb2YgaW5mcmFzdHJ1Y3R1cmUgY2hhbmdlcyANCj4+IHJlcXVpcmVkLiBUaGVyZSdz IHRoZSB0aW1lIHByZXNzdXJlLg0KPj4gDQo+PiBJIHRoaW5rIHlvdSdyZSByaWdodCB0aGF0IHRv IHJlYWxseSBkZXBsb3kgYW55IG1lYW5pbmdmdWwgMjAgeWVhciANCj4+IHJvb3QgdXNpbmcsIGZv ciBleGFtcGxlIHRoZSBzbWFsbCBsYXR0aWNlIHNjaGVtZXMsIHdlJ2xsIG5lZWQgdG8gd2FpdCAN Cj4+IGZvciB0aGUgTklTVCBQUUMgYWxncyB0byBzdG9wIGhhdmluZyBzbyBtdWNoIGNodXJuLg0K Pj4gDQo+PiBUaGF0IHNhaWQsIGxheWluZyB0aGUgZ3JvdW5kd29yayBmb3IgdGhlICJoeWJyaWQi IHByb3BlcnR5IGluIA0KPj4gY2VydGlmaWNhdGVzIHRoYXQgdGhlIE5JU1QgUFFDIGNvbW11bml0 eSBpcyBjYWxsaW5nIGZvciB3aWxsIHJlcXVpcmUgDQo+PiBtdWNoIGRlYmF0ZSBhbmQgYSBmZXcg UkZDcy4gVGhpcyB3b3JrIGlzIG5lY2Vzc2FyeSBhbmQgaW5kZXBlbmRlbnQgb2YgDQo+PiB0aGUg Y2hvaWNlIG9mIGFsZ29yaXRobSBmcm9tIHRoZSBOSVNUIFBRQyBjb21wZXRpdGlvbiwgc28gd2h5 IHNob3VsZCANCj4+IHdlIHdhaXQgdW50aWwgMjAyMyB0byBfc3RhcnRfIHRoaW5raW5nIGFib3V0 IGl0PyBXaHkgbm90IGRvIGl0IGluIA0KPj4gcGFyYWxsZWwsIGJlIGFibGUgdG8gb2ZmZXIgYWxw aGEgdGVzdCB2ZXJzaW9ucyBvZiBQS0kgcHJvZHVjdHMgYmVmb3JlIA0KPj4gdGhlIGNvbmNsdXNp b24gb2YgdGhlIE5JU1QgUFFDLCBhbmQgYmUgcmVhZHkgdG8gZHJvcC1pbiB0aGUgTklTVCANCj4+ IHdpbm5lcnMgdGhlIGRheSB0aGV5J3JlIHJlYWR5Pw0KPiANCj4gT25lIHJlYXNvbiB0byBub3Qg ZG8gaXQgaW4gcGFyYWxsZWwgaXMgdGhhdCB3ZSBkb24ndCBrbm93IGhvdyB0aGUgDQo+IHdpbm5p bmcgYWxnb3JpdGhtIHBhcmFtZXRlcnMgd2lsbCBsb29rLiBJIGNhbiBlYXNpbHkgaW1hZ2luZSBO SVNUIA0KPiBtb2RpZnlpbmcgaG93IHRob3NlIGFyZSBlbmNvZGVkIGFuZC9vciBpbnRyb2R1Y2lu ZyBuZXcgdmFyaWF0aW9ucywgDQo+IGFmdGVyIGJhc2ljIGFsZ29yaXRobXMgaGF2ZSBiZWVuIHBp Y2tlZCwgbGVhZGluZyB0byB0aGluZ3MgaGF2aW5nIHRvIA0KPiBiZSByZS1kb25lLg0KPiANCj4g KFNvcnJ5IGlmIHRoZSBxdW90aW5nIGlzIG1lc3NlZCB1cCBiZWxvdywgaWYgc28sIGl0IHdhcyBt ZXNzZWQgdXAgaW4gDQo+IG15IE1VQSBiZWZvcmUgSSBzdGFydGVkIGlzIG15IGV4Y3VzZTotKSBP biAxNi8wOS8yMDE5IDE5OjA2LCBEYW5pZWwgDQo+IFZhbiBHZWVzdCB3cm90ZToNCj4+IENhbiB3 ZSBzdXBwb3J0IG11bHRpcGxlIHNpZ25hdHVyZXMgaW5zaWRlIGEgY2VydGlmaWNhdGU/IEkgZG9u J3QgDQo+PiB0aGluayBzby4NCj4+IA0KPj4gV2h5IG5vdD8gIE1pa2XigJlzIHByb2JsZW0gc3Rh dGVtZW50IGRyYWZ0IGhhcyB0d28gcG90ZW50aWFsIHRlY2huaWNhbCANCj4+IHNvbHV0aW9ucyBk b2luZyBqdXN0IHRoYXQsIGVhY2ggd2l0aCBhZHZhbnRhZ2VzIGFuZCBkaXNhZHZhbnRhZ2VzLiBP ciANCj4+IGlzIHRoZXJlIG1vcmUgb2YgYSBsb2dpc3RpY2FsIG9yIG90aGVyIGlzc3VlPw0KPj4g S25vd2luZyB3aHkgeW91IHRoaW5rIHdlIGNhbuKAmXQgc3VwcG9ydCBtdWx0aXBsZSBzaWduYXR1 cmVzIGluc2lkZSBhIA0KPj4gY2VydGlmaWNhdGUgY291bGQgaGVscCByZWZpbmUgdGhlIHByb2Js ZW0gc3RhdGVtZW50Lg0KPiANCj4gQWdhaW4sIHRoYXQgYXNzdW1lcyB0aGF0IHguNTA5IGlzIGEg c2Vuc2libGUgcGFydCBvZiBhIHNvbHV0aW9uLiBXZSANCj4gc2hvdWxkIGZpcnN0IHF1ZXN0aW9u IHRoYXQuIChNaWtlJ3MgZHJhZnQgWzFdIGRvZXNuJ3QuKQ0KPiANCj4gU2Vjb25kbHksIGV2ZW4g aWYgeC41MDkgYWRkaXRpb25zIHdlcmUgdXNlZnVsIHNvbWVob3cgZm9yIGJhY2t3YXJkcyANCj4g Y29tcGF0aWJpbGl0eSAod2hpY2ggSSBmaW5kIGhhcmQgdG8gYmVsaWV2ZSBUQkgpIHRoZW4gZGVh bGluZyB3aXRoDQo+PiAxIGNlcnRpZmljYXRlIGlzIGxpa2VseSBmYXIgZWFzaWVyIHRoYW4gbWVz c2luZyBhYm91dCBpbnNpZGUgY2VydHMNCj4gYW5kIHRoZXJlYnkgYnJlYWtpbmcgYWxsIHRoZSBs b3ZlbHkvaG9ycmlibGUgeC41MDkgY29kZSBvdXQgdGhlcmUuIFNvIA0KPiBNaWtlJ3Mgc2VjdGlv biAyLjEgWzFdIGlzIHdheSBlYXNpZXIgdGhhbiB0aGUgMi5bMnwzXSBhcHByb2FjaGVzLCANCj4g ZGVzcGl0ZSBpdCBiZWluZyB0aGUgb25lIHdpdGggbm8gc3BlY2lmaWMgZHJhZnRzLg0KPiANCj4g QWdhaW4sIGFsbCB0aGF0IHNhaWQsIEkgZG8gdW5kZXJzdGFuZCB3aHkgaXQgbWF5IGJlIGF0dHJh Y3RpdmUgZm9yIA0KPiB0aG9zZSB3aG8gcHJvZHVjZSBjZXJ0aWZpY2F0ZXMgdG8gYXJndWUgZm9y IHB1dHRpbmcgdGhlIFBRIG1hZ2ljIGJlYW5zIA0KPiBpbnNpZGUgeC41MDkuIFRoZXJlIGFyZSBj b3N0cyBlbHNld2hlcmUgaW1wbGllZCBpbiBkb2luZyB0aGF0LCBzbyBpdCANCj4gb3VnaHQgbm90 IGJlIGEgc3RhcnRpbmctb3V0IGFzc3VtcHRpb24uDQo+IA0KPiBJIGRvbid0IGNvbnNpZGVyIHRo ZSBxdWVzdGlvbiBhcyB0byB3aHkgYSBQUSB4LjUwOSBpcyBuZWVkZWQgbm9yIHdoeSANCj4gbm93 IGhhcyBiZWVuIHNhdGlzZmFjdG9yaWx5IGFuc3dlcmVkIHNvIGZhci4NCj4gDQo+IENoZWVycywg Uy4NCj4gDQo+IFsxXSBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtcHEtcGtpeC1w cm9ibGVtLXN0YXRlbWVudA0KPiANCg== From nobody Tue Sep 17 08:07:26 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1491120059 for ; Tue, 17 Sep 2019 08:07:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.299 X-Spam-Level: X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbjhzvx6-HZh for ; Tue, 17 Sep 2019 08:07:21 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06D6120045 for ; Tue, 17 Sep 2019 08:07:20 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E40D1BE2F; Tue, 17 Sep 2019 16:07:18 +0100 (IST) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSctMO-KRyKk; Tue, 17 Sep 2019 16:07:18 +0100 (IST) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A1517BE2E; Tue, 17 Sep 2019 16:07:18 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568732838; bh=QkjdNZzkK4rGQGaDlQ0doy1GaQUvvXiGnDmxNZ5luPU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=WF2EsU4tGKKGFrq88QqZn9zi8+/Gmb6lJ0zMYTclo7vOERX8YvUQO2zE17Uum9i4v 3JsfvjyoNqb40yOpGR1T6yqqmphAQZwDdy8QNj27sCKRIxs+wpUFxPKiYzm71qF0Hx S2hVXHtZnpT4BpvStpyuoat42Cv3f+4zTBEhxxKM= To: Mike Ounsworth , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Tue, 17 Sep 2019 16:07:17 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Q5DsLfmSf3RdMRVIvQPIm3PvFtxynuFlP" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 15:07:25 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Q5DsLfmSf3RdMRVIvQPIm3PvFtxynuFlP Content-Type: multipart/mixed; boundary="Qe84j1WgyZEy4r82gbHvUo5kn6ntdtHiA"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , "secdispatch@ietf.org" Message-ID: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> In-Reply-To: <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> --Qe84j1WgyZEy4r82gbHvUo5kn6ntdtHiA Content-Type: multipart/mixed; boundary="------------EBC4AFCFCB3F64FBA9E754A2" Content-Language: en-GB This is a multi-part message in MIME format. --------------EBC4AFCFCB3F64FBA9E754A2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 17/09/2019 15:51, Mike Ounsworth wrote: > Hi Stephen, >=20 > I want to point out that while this discussion and existing came from > LAMPS, and therefore are X.509 / PKIX in nature, the "Composite" > proposal in my Problem Statement draft is lower level than X.509 and > could be applied to any protocol that uses octet strings for public > keys and signatures. >=20 >=20 > I've posted a new version with minor tweaks to make that more clear. >=20 > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ Fair enough. We can chat about it all at IETF106 :-) Cheers, S. PS: Just while I think of it - ISTM hard to v. hard to cater for stateful signatures in any of this, e.g. using RFC8391 or RFC8554. Not asking for an answer from you now, but it's another factor to consider. That may argue against embedding any of this in x.509 - notAfter could be meaningless to dangerous for such algs. It may also be another argument to wait and see what the NIST competition produces but again we can talk about it at IETF106. >=20 > - - - Mike Ounsworth | Office: +1 (613) 270-2873 >=20 > -----Original Message----- From: Stephen Farrell > Sent: Monday, September 16, 2019 4:57 PM=20 > To: Mike Ounsworth ; > secdispatch@ietf.org Subject: Re: [EXTERNAL]Re: [Secdispatch] Problem > statement for post-quantum multi-algorithm PKI >=20 >=20 > Hiya, >=20 > On 16/09/2019 22:37, Mike Ounsworth wrote: >> Hi Stephen, >>=20 >> I feel like we're arguing in circles here and not making any >> progress. >=20 > I don't think we're arguing in circles. (When one of us says that > again, you may have a case:-) >=20 >> Re: figuring out "hybrid signature authentication" in parallel with >> NIST; You seem to be implying that we can't work on defining >> message structures to hold multiple keys and signatures until we >> know the exact encodings of the NIST winners. I'm not sure I follow >> the reason why. >=20 > "can't work" is not what I said. I argued it'd be unwise. My > experience of the output of NIST competitions is that it seems often > followed by a year or so of confusion as to how to represent > algorithm parameters and as to how many variants of algorithms are > defined. I also recall the NULL AlgorithmIdentifier parameters fun > with x.509 going on for years. I bet if you went to stackexchange > you'd find quite recent questions resulting from that decades old > lack of clarity in defining such things. >=20 >>=20 >> Currently, something like, for example, CMS (RFC 5652) is >> abstracted away from the encodings of a given algorithm; an >> algorithm can choose any method it wishes to turn its public key >> and signature into an octet string; how it does it is an internal >> detail of the algorithm and has no bearing on the CMS spec. This is >> abstraction between protocol and crypto is a core part of crypto >> agility. Surely we can start thinking about how to properly combine >> multiple signatures before we know exactly what those signatures >> will be. >=20 > Sure, chatting about that last is fine and I'm happy to engage.=20 > Starting from an assumption that that mixing is done inside x.509 is > begging the question though. >=20 >> Re: "Why X.509?" You seem to be expecting me to justify why X.509 >> is worth keeping. I'm expecting you to propose an alternative and >> justify why it's better. We're at a stalemate. >=20 > No. We're keeping x.509 (sadly:-). Yes, I'm asking for reasons why it > is necessary to modify x.509 for a PQ PKI. If you don't have any > argument to that effect that's fine, you're then arguing that this > design is easier for you. That's a sane argument for what could be > considered a not-sane outcome:-) >=20 >> Since X.509 is the accepted standard, I think the ball's in your >> court here to justify why it should be binned. >=20 > Multiple algs/keys per cert requires everyone who uses x.509 now to > change. That is not warranted by wishes for a PQ PKI at this point, > and perhaps never. >=20 > That and it's an ~30 year old not very good technology, so yeah, > maybe I'm just fed up with it having first written code for x.509 in > about 1992;-) >=20 > Cheers, S. >=20 >>=20 >>=20 >> - - - Mike Ounsworth | Office: +1 (613) 270-2873 >>=20 >> -----Original Message----- From: Secdispatch=20 >> On Behalf Of Stephen Farrell Sent:=20 >> Monday, September 16, 2019 3:59 PM To: secdispatch@ietf.org >> Subject: [EXTERNAL]Re: [Secdispatch] Problem statement for >> post-quantum multi-algorithm PKI >>=20 >>=20 >> Hiya, >>=20 >> Replying to various folks at once... >>=20 >> On 15/09/2019 15:29, Ira McDonald wrote: >>> Hi, >>>=20 >>> Thanks for the link to Kenny's talk. >>>=20 >>> Stephen - The hard problem for automotive vehicles is that, even >>> if Quantum Computing never comes to pass, algorithms and various >>> implementations go on having new weaknesses found over time. But >>> decent performance requires hardware assist, in many cases. But >>> automotive ECUs are very unlikely to start have large FPGAs >>> added soon. Replacing 100s of expensive ECUs in fielded vehicles >>> to allow practical algorithm agility is not going to happen. >>> This issue that Michael Richardson mentioned is at the top of the >>> list for the automotive cybersecurity community. >>=20 >> I don't understand how devices that are not going to be updated can >> support algorithm agility. Perhaps you mean that you want to >> deploy those devices soon and not update for a couple of decades or >> something? If so, that sound like a bad plan to me, and one that'd >> be better to not cater to really. (RFC8240 has lots of discussion >> of that.) >>=20 >>=20 >> On 16/09/2019 17:05, Mike Ounsworth wrote: >>> My Goal: multi-vendor interop on PQ certificates. >>=20 >> That seems to beg the question again as to why x.509 is needed at >> all as part of a PQ solution. >>=20 >>> I'm coming from the perspective of a CA; it can take years to=20 >>> distribute a root cert to all the places it needs to be before >>> you can really start using it. Plus, people want to playing with >>> these things ASAP to understand the scope of infrastructure >>> changes required. There's the time pressure. >>>=20 >>> I think you're right that to really deploy any meaningful 20 year >>> root using, for example the small lattice schemes, we'll need to >>> wait for the NIST PQC algs to stop having so much churn. >>>=20 >>> That said, laying the groundwork for the "hybrid" property in=20 >>> certificates that the NIST PQC community is calling for will >>> require much debate and a few RFCs. This work is necessary and >>> independent of the choice of algorithm from the NIST PQC >>> competition, so why should we wait until 2023 to _start_ thinking >>> about it? Why not do it in parallel, be able to offer alpha test >>> versions of PKI products before the conclusion of the NIST PQC, >>> and be ready to drop-in the NIST winners the day they're ready? >>=20 >> One reason to not do it in parallel is that we don't know how the=20 >> winning algorithm parameters will look. I can easily imagine NIST=20 >> modifying how those are encoded and/or introducing new variations, >> after basic algorithms have been picked, leading to things having >> to be re-done. >>=20 >> (Sorry if the quoting is messed up below, if so, it was messed up >> in my MUA before I started is my excuse:-) On 16/09/2019 19:06, >> Daniel Van Geest wrote: >>> Can we support multiple signatures inside a certificate? I don't >>> think so. >>>=20 >>> Why not? Mike=E2=80=99s problem statement draft has two potential >>> technical solutions doing just that, each with advantages and >>> disadvantages. Or is there more of a logistical or other issue?=20 >>> Knowing why you think we can=E2=80=99t support multiple signatures in= side >>> a certificate could help refine the problem statement. >>=20 >> Again, that assumes that x.509 is a sensible part of a solution. We >> should first question that. (Mike's draft [1] doesn't.) >>=20 >> Secondly, even if x.509 additions were useful somehow for backwards >> compatibility (which I find hard to believe TBH) then dealing >> with >>> 1 certificate is likely far easier than messing about inside >>> certs >> and thereby breaking all the lovely/horrible x.509 code out there. >> So Mike's section 2.1 [1] is way easier than the 2.[2|3] >> approaches, despite it being the one with no specific drafts. >>=20 >> Again, all that said, I do understand why it may be attractive for >> those who produce certificates to argue for putting the PQ magic >> beans inside x.509. There are costs elsewhere implied in doing >> that, so it ought not be a starting-out assumption. >>=20 >> I don't consider the question as to why a PQ x.509 is needed nor >> why now has been satisfactorily answered so far. >>=20 >> Cheers, S. >>=20 >> [1] https://tools.ietf.org/html/draft-pq-pkix-problem-statement >>=20 > _______________________________________________ Secdispatch mailing > list Secdispatch@ietf.org=20 > https://www.ietf.org/mailman/listinfo/secdispatch >=20 --------------EBC4AFCFCB3F64FBA9E754A2 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------EBC4AFCFCB3F64FBA9E754A2-- --Qe84j1WgyZEy4r82gbHvUo5kn6ntdtHiA-- --Q5DsLfmSf3RdMRVIvQPIm3PvFtxynuFlP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl2A9qUACgkQWrL68XsX K+oMag//Q0wKmKMVwjPpm1Q9PnHKosOW477hbPE7vc65KULNhGx2UP5lKulPMo8o H/YCo0WsGSnQ47HNNzVu70fXKwjaptj/ZMUYY0U50jYC9GroQqD3wXfcsqK5jHZ+ C/sCaO43mBkXtqidyzgAhvoCHWn//pSyxYnh7e0H7bH27KRTlkuFKAUWzngF7VHU eXNghB8kP9q3mFxdLv8rad/u/7pzX354HcNv/adPjfJ04jwuMiuojfSOeNXo4wQV Y/IyL88zd2njE1lwtLYsHNAYA/92P5b9cxzCCRbB6H/PVqoRasBwjUY9yd8SQi28 v5oM9VfjguvvHYzfLkRbDXdE6/PS6uBGjX/SnVEpp5brvBB9BmzBEu5dlaF+sRiQ HHQjyA2k/taxnm/ctz8g68gr5hLzsdq+UreSYbhnyGJcC7JI9qFBfV8lPLR9lVOV aOQSFZVpMR7Epoxo5bVLKvaPbx5XaHcizTZSwY8/RvERxEasnoRxAgW8Dyypxl+i HnkkEVkqz/HxkCLgvWOzKtT9ijCh7NV8SzKsb93D9FptrDK8t9TPsFbv28/+VsHm IS2rDf46cT1kymlNGJzoA1iejWT01zt4+hBAmgu2ocZ/QbV+AHobcFwh0yBAVrbC a7RWw+VBxJ5LhnR/hf9YHsJ9a1LLC/1EShmcpnYWUVWQ7OeEziw= =wunP -----END PGP SIGNATURE----- --Q5DsLfmSf3RdMRVIvQPIm3PvFtxynuFlP-- From nobody Tue Sep 17 09:14:42 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15B1A120916 for ; Tue, 17 Sep 2019 09:14:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.896 X-Spam-Level: X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nB7BHTJiVmhX for ; Tue, 17 Sep 2019 09:14:36 -0700 (PDT) Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCFE3120915 for ; Tue, 17 Sep 2019 09:14:34 -0700 (PDT) Received: by mail-ot1-x331.google.com with SMTP id 21so3529595otj.11 for ; Tue, 17 Sep 2019 09:14:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=y4oGvFQ9ImiOEoGDSKj3WNBUfFNUARHmGbeCo9DZj5A=; b=bYqLQ7tHi0qtbahPHOGrQv2CbWIN9T48zY6vkO8WG3asxmXkcE77AU62mdOQMUwv0d 5ZRidp0eJemaxxAxn2MJCVSzj3UMQBGcunwx4ZTozaennh2GsjUwjSr+/hiWz0N9vEkm T1coYjv+B30KREunsJjVf8oBRneX1wGtaTsBRFFFCxPFZwtOpE/QjELCepr3cXTpKhK+ lcTAMqmLl92qrPsuIVpk9eoVfDsUvBPu2ZgN0a1Lu8t3Bpgabib9bC8tXadsYCdmvy+0 7YcgOHgVnRVYizZ1xdQc6mTaZYfwxnsQwMJiuEwPAYU/Clgqvu9BpZzC54zyXbFQ1szA SuOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=y4oGvFQ9ImiOEoGDSKj3WNBUfFNUARHmGbeCo9DZj5A=; b=onQIkCuFnDyOPKSshFKkLMXDO5IWlI4AcDFDbZBa95kn5BneHshNQJItHx7BxgQ/Um KYNrGHjo6FSMbGU/HQKl5jOmUJ8oOqZJ6AWQVmY3XMwYEZGzX3L9Utw3vdMvp4PZgObe VkNbe9ydPh11t1O6VIZJhJliq0u2JgXaoX4UChqszUQvGMFZJzMTEtM8kSU0GcPU0BQc b53Q0b3W39iJarj6apO319fmF0dkx/1bylkwTgYXo2yw7GEoFUhGzvqioE+cvjRagfL6 SirFOqXWMtC04pyXSihiR9biD6L08vu5vGuz+vhCAGHfLCuBf7nej6SWcLBtlOlAam1M HHLA== X-Gm-Message-State: APjAAAXKYsAKZ4DXcmxXbbmCbJRvjQ+oCxfF7ntFQAdBTM1GMgEzsgPb B/AsgZDpmqx7BQJfODYNLPO53xLZpLBbdeo+aB5AiQ== X-Google-Smtp-Source: APXvYqz9VLLiu0VT+aOzI2m5gvlSk8JLBef5E78pYaUjCud1VhoXVEiNI6L2e1dqHjRYoybpHU3ykPdueKkRT3NDO6s= X-Received: by 2002:a05:6830:1e18:: with SMTP id s24mr3437480otr.93.1568736873983; Tue, 17 Sep 2019 09:14:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Barnes Date: Tue, 17 Sep 2019 12:14:22 -0400 Message-ID: To: Douglas Stebila Cc: secdispatch@ietf.org Content-Type: multipart/alternative; boundary="0000000000001ef21a0592c20410" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 16:14:39 -0000 --0000000000001ef21a0592c20410 Content-Type: text/plain; charset="UTF-8" +1 on the last point here -- we should get started on PQ stuff now (including transition strategies), and should not waste time on unrelated things, like replacing X.509. --Richard On Tue, Sep 17, 2019 at 10:10 AM Douglas Stebila wrote: > I'm a little late to the discussion, and new to the secdispatch mailing > list, but hopefully not too late. I think this is an important problem to > address, and sooner rather than later. NIST is still a few years away from > having an outcome, but we can start laying the framework for how we'll use > the resulting algorithms. Although not everyone is convinced by "hybrid" / > "multi-algorithm", there seems to be sufficient interest for it (e.g., the > panel discussion at the NIST PQC standardization conference last month), > that it's worth investing the time to investigate further. I'm involved in > a draft about hybrid key exchange in TLS for which there is no clear path, > but lots of opinions and discussion worth having. I'm also involved in an > open source project (openquantumsafe.org) where we are already wanting to > prototype hybrid authentication in protocols relying on X.509, and we'd be > happy to coordinate with others wanting to do so. It would be really > unfortunate if deployment of quantum-resistant algorithms was delayed even > further because we spend 3-5 years struggling with network protocols and > standards *after* NIST picks some algorithms, when we could have started > that aspect earlier. > > Douglas > > > On Wed, 11 September 2019, Mike Ounsworth < > Mike.Ounsworth@entrustdatacard.com> wrote: > > Hi SecDispatch, >> This got bounced here from LAMPS because the scope is potentially more >> than a "limited" pkix change, and because this needs multi-WG visibility to >> decide on a category of solution. >> >> >> Background / history >> -------------------- >> The Post-Quantum community (for example, surrounding the NIST PQC >> competition), is pushing for "hybridized" crypto that combines RSA/ECC with >> new primitives in order to hedge our bets against both quantum adversaries, >> and also algorithmic / mathematical breaks of the new primitives. >> >> A year and a half ago, a draft was put to LAMPS for putting PQ public key >> and signatures into X.509v3 extensions. This draft has been allowed to >> expire, but is being pursued at the ITU. >> https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x509/ >> >> Earlier this year, a new draft was put to LAMPS for defining "composite" >> public key and signature algorithms that, essentially, concatenate multiple >> crypto algorithms into a single key or signature octet string. This draft >> stalled in LAMPS over whether it is the correct overall approach. >> https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ >> >> Now I'm taking a step back and submitting a draft that acts as a >> semi-formal problem statement, and an overview of the three main categories >> of solutions. >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >> >> >> >> My Opinion >> ---------- >> Personally, I'm fairly agnostic to the chosen solution, but feel that we >> need some kind of standard(s) around the post-quantum transition for >> certificates and PKI. Personally, I feel that Composite is mature enough as >> an idea to standardize as a tool in our toolbox for contexts where it makes >> sense, even if a different mechanism is preferred for TLS and IPSEC/IKE. >> >> >> >> Requested action from SECDISPATCH >> --------------------------------- >> 1. Feedback on the problem statement draft. >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ >> 2. Discussion of how to progress this. >> >> >> >> PS I'm a new IETF'er, please be gentle :P >> Thanks, >> - - - >> Mike Ounsworth | Software Security Architect >> Entrust Datacard > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --0000000000001ef21a0592c20410 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
+1 on the last point here -- we should get started on= PQ stuff now (including transition strategies), and should not waste time = on unrelated things, like replacing X.509.

--Richa= rd

On Tue, Sep 17, 2019 at 10:10 AM Douglas Stebila <dstebila@gmail.com> wrote:
I'm a li= ttle late to the discussion, and new to the secdispatch mailing list, but h= opefully not too late.=C2=A0 I think this is an important problem to addres= s, and sooner rather than later.=C2=A0 NIST is still a few years away from = having an outcome, but we can start laying the framework for how we'll = use the resulting algorithms.=C2=A0 Although not everyone is convinced by &= quot;hybrid" / "multi-algorithm", there seems to be sufficie= nt interest for it (e.g., the panel discussion at the NIST PQC standardizat= ion conference last month), that it's worth investing the time to inves= tigate further.=C2=A0 I'm involved in a draft about hybrid key exchange= in TLS for which there is no clear path, but lots of opinions and discussi= on worth having.=C2=A0 I'm also involved in an open source project (openquantumsafe.org) where we are already wanting to prototype hybrid authentication in prot= ocols relying on X.509, and we'd be happy to coordinate with others wan= ting to do so.=C2=A0 It would be really unfortunate if deployment of quantu= m-resistant algorithms was delayed even further because we spend 3-5 years = struggling with network protocols and standards *after* NIST picks some alg= orithms, when we could have started that aspect earlier.

Douglas
=

On Wed, 11 September 2019, Mike Ounsworth <Mike.Ounsworth@entrustda= tacard.com> wrote:

Hi SecDispatch,
This got bounced here from LAMPS because the sco= pe is potentially more than a "limited" pkix change, and because = this needs multi-WG visibility to decide on a category of solution.

=
Background / history
--------------------
The Post-Quantum commun= ity (for example, surrounding the NIST PQC competition), is pushing for &qu= ot;hybridized" crypto that combines RSA/ECC with new primitives in ord= er to hedge our bets against both quantum adversaries, and also algorithmic= / mathematical breaks of the new primitives.

A year and a half ago,= a draft was put to LAMPS for putting PQ public key and signatures into X.5= 09v3 extensions. This draft has been allowed to expire, but is being pursue= d at the ITU.
https://datatracker.ietf.org/do= c/draft-truskovsky-lamps-pq-hybrid-x509/

Earlier this year, a ne= w draft was put to LAMPS for defining "composite" public key and = signature algorithms that, essentially, concatenate multiple crypto algorit= hms into a single key or signature octet string. This draft stalled in LAMP= S over whether it is the correct overall approach.
https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/
Now I'm taking a step back and submitting a draft that acts as a = semi-formal problem statement, and an overview of the three main categories= of solutions.
https://datatracker.ietf.org/doc/dra= ft-pq-pkix-problem-statement/



My Opinion
----------Personally, I'm fairly agnostic to the chosen solution, but feel that= we need some kind of standard(s) around the post-quantum transition for ce= rtificates and PKI. Personally, I feel that Composite is mature enough as a= n idea to standardize as a tool in our toolbox for contexts where it makes = sense, even if a different mechanism is preferred for TLS and IPSEC/IKE.


Requested action from SECDISPATCH
-------------------------= --------
1. Feedback on the problem statement draft. https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/
= 2. Discussion of how to progress this.



PS I'm a new IETF= 'er, please be gentle :P
Thanks,
- - -
Mike Ounsworth | Softwa= re Security Architect
Entrust Datacard
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--0000000000001ef21a0592c20410-- From nobody Tue Sep 17 10:21:23 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 414121209BA for ; Tue, 17 Sep 2019 10:21:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oX15at52Us4X for ; Tue, 17 Sep 2019 10:21:20 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FAF21209B2 for ; Tue, 17 Sep 2019 10:21:20 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 93E423897C for ; Tue, 17 Sep 2019 13:19:38 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0D678560 for ; Tue, 17 Sep 2019 13:21:18 -0400 (EDT) From: Michael Richardson To: "secdispatch\@ietf.org" In-Reply-To: References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 17:21:22 -0000 --=-=-= Content-Type: text/plain The argument is about the timing. Whether we need to panic now or not. Some suggest "we have time" My comment was that automobiles are being designed around ECUs today that will be built in 2025, which will be on the road until 2040. So, no, we don't have the luxury of a lot of time. I'm personally unaware of a profile of X.509 certificates that permits a CA to sign multiple public keys with multiple algorithms. RFC5280 says: Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } I don't see a SET here, just a sequence. We (the IETF) can't solve the problem of ECUs having multiple hardware assists ourselves. If I were working in that area, I'd already be looking through all the NIST submissions from last fall and figuring out what I need to accelerate them, and what operations are in common, and figuring out if I can accelerate the common operations, can I win regardless of which one is picked? Or at least, be closer to market to pick one or three variations. Rotiling RFC5280 so that we can support multiple signature algorithms on certificates means that we can get new CAs and related things deployed. I'm with Stephen in asking if the DER encoding is worth keeping at this point. Encode ASN.1 in CBOR (CBOR encoding rules for ASN.1) if we think the ASN.1 is worth keeping, switch to CDDL if not. We probably need to keep the semantics. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl2BFg0ACgkQgItw+93Q 3WXj0wgAiu27J/F0jwx5bEZ0lzdajKGGmfgUAmf1rxp231JoZx6OlDz1nXeohYIO 19uS+AWKPV+VmYsYI6V4S9jUPvRAVy5+aOh3xfMQm9MCEn/G4n1vDHEKEZEt51nh YtimMIOTiMwX9I4emFWXwNeQfyxOdlcW7qonQbEltUgd9jlILW2UTE29ew5z+dCZ ajlCHWsn1i6J+oAXPqpdUvpK+EEsCcZNIu26o6aX+wbQpT6cuQbhPMQSNmrCcv3w 9bjPruvfq01KjtzSh/2QAX01MecADBs99aRndPlIj2MaOdoitoY76ujvPjeA4C7/ 5IE8KjKMsXmgyBEbeQvB+gP02GrCDQ== =zM0C -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 17 10:56:03 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A5E312013F for ; Tue, 17 Sep 2019 10:56:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.997 X-Spam-Level: X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aUpcMYE6jcrS for ; Tue, 17 Sep 2019 10:55:59 -0700 (PDT) Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDC1D120127 for ; Tue, 17 Sep 2019 10:55:58 -0700 (PDT) Received: by mail-vs1-xe29.google.com with SMTP id d204so2633852vsc.12 for ; Tue, 17 Sep 2019 10:55:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jHJHyZoohImOqpdU4EYol6R0Qn1XCxmccumUrEGv+Bw=; b=ZdP2yo17/BQ6MwC6KcJjCM1PpvHsO/f4ugWBerjxqeXuh5nzyUo2hQddEr7/0teKq+ 4ejJrW+7PDAH2bbQ5LsVr1cEvDAZZcTpHzwvXfSHW1KmcP4LvNyaq6pAJ70EkThJEhYU xWtELlM7cS6Z4LrC176xlhJ5oIgTJeSYMDlyrHHeGuDkmytU2dMWSQkMxwMbukorYkpS 3HMHZvnf3li3rWsnE7laHWBWGhAz14o2j7LZEWzXOEBcTUJq6HM2KXLR6ADyZTEFQUoC 1YzcPdpJsQ82QS4bp9ECsp1rpCnpWZae0YWwDrMS9YtmHnD/h/8aKqa2l8OCCYGvJaHd LV4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jHJHyZoohImOqpdU4EYol6R0Qn1XCxmccumUrEGv+Bw=; b=Q8JFpARRPcIDLR8zNuCWDYVQz4kmJ4vGCfSg+6dVr7xjJEL8QGbSntqTFo/XZWkNjd SWlsbX7MS21dEmNl+W8XNbhmaYd0IqpWK1QLea1MVlVnUy5LFEDwJt+vAiB1KkOIZQfa jP5nT2ozBp61/agH+hbOCfketLyNGSjqnjblRO+wK2MJail56xarcLu43uWpLijK9Op7 9eagf9qRyUbwgzQx6wdzYa7uhoJSg8ydOz0hAH81gkPfDiZDR4c3PlOTYXOFlvacCHF0 TedsoDvziv1tieohCT6Xbue0MAHREpFKkopR5oZ4cyqZQ+r9wvQ10jSWDZpTchHMRsUk wqXQ== X-Gm-Message-State: APjAAAUTMVWayKob3vYIM83q/pCZ0ePBAJWg15X9I6iv3p0V/iULaltI PdU+sBPfCjw/jp6XbYpM53auJeLeRP0nvnyDpI8= X-Google-Smtp-Source: APXvYqzI63bh2kYdl0n0IzG2mNd0dXCIrc/jca0c8OK7b/Qo3Zv9snlJKnC3f68uv7+HSPdf1DoMja2lBr+Sn4QrhjE= X-Received: by 2002:a67:e8ca:: with SMTP id y10mr1799220vsn.136.1568742958097; Tue, 17 Sep 2019 10:55:58 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> In-Reply-To: <6013.1568740878@localhost> From: Ira McDonald Date: Tue, 17 Sep 2019 13:55:45 -0400 Message-ID: To: Michael Richardson , Ira McDonald Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000c2eb0c0592c36e23" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 17:56:02 -0000 --000000000000c2eb0c0592c36e23 Content-Type: text/plain; charset="UTF-8" Hi Michael, There's already work-in-progress in IETF WGs on CBOR wrapping and/or encoding of X.509 certificates, including: https://datatracker.ietf.org/doc/draft-ietf-cose-x509/ https://datatracker.ietf.org/doc/draft-raza-ace-cbor-certificates/ Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com PO Box 221 Grand Marais, MI 49839 906-494-2434 On Tue, Sep 17, 2019 at 1:21 PM Michael Richardson wrote: > > The argument is about the timing. > Whether we need to panic now or not. Some suggest "we have time" > > My comment was that automobiles are being designed around ECUs today that > will > be built in 2025, which will be on the road until 2040. So, no, we don't > have the luxury of a lot of time. > > I'm personally unaware of a profile of X.509 certificates that permits a > CA to sign multiple public keys with multiple algorithms. RFC5280 says: > > Certificate ::= SEQUENCE { > tbsCertificate TBSCertificate, > signatureAlgorithm AlgorithmIdentifier, > signatureValue BIT STRING } > > I don't see a SET here, just a sequence. > > We (the IETF) can't solve the problem of ECUs having multiple hardware > assists ourselves. If I were working in that area, I'd already be looking > through all the NIST submissions from last fall and figuring out what I > need > to accelerate them, and what operations are in common, and figuring out if > I > can accelerate the common operations, can I win regardless of which one is > picked? > Or at least, be closer to market to pick one or three variations. > > Rotiling RFC5280 so that we can support multiple signature algorithms on > certificates means that we can get new CAs and related things deployed. > I'm with Stephen in asking if the DER encoding is worth keeping at this > point. > > Encode ASN.1 in CBOR (CBOR encoding rules for ASN.1) if we think the ASN.1 > is > worth keeping, switch to CDDL if not. We probably need to keep the > semantics. > > -- > Michael Richardson , Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --000000000000c2eb0c0592c36e23 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Michael,

There's alre= ady work-in-progress in IETF WGs on CBOR wrapping
and/or encoding= of X.509 certificates, including:



=
Cheers,
- Ira


=
<= div dir=3D"ltr">Ira McDonald (Musician / Software Architect)
Co-Chair - = TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access = Protocol SG
Chair - Linux Foundation Open Printin= g WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO= PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Pr= inter MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com
PO Box 221=C2=A0 Grand Marais, MI 49839=C2=A0 906-494-2434



On Tue, Sep 1= 7, 2019 at 1:21 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote:

The argument is about the timing.
Whether we need to panic now or not.=C2=A0 Some suggest "we have time&= quot;

My comment was that automobiles are being designed around ECUs today that w= ill
be built in 2025, which will be on the road until 2040.=C2=A0 So, no, we do= n't
have the luxury of a lot of time.

I'm personally unaware of a profile of X.509 certificates that permits = a
CA to sign multiple public keys with multiple algorithms.=C2=A0 RFC5280 say= s:

=C2=A0 =C2=A0Certificate=C2=A0 ::=3D=C2=A0 SEQUENCE=C2=A0 {
=C2=A0 =C2=A0 =C2=A0 =C2=A0 tbsCertificate=C2=A0 =C2=A0 =C2=A0 =C2=A0TBSCer= tificate,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 signatureAlgorithm=C2=A0 =C2=A0AlgorithmIdentif= ier,
=C2=A0 =C2=A0 =C2=A0 =C2=A0 signatureValue=C2=A0 =C2=A0 =C2=A0 =C2=A0BIT ST= RING=C2=A0 }

I don't see a SET here, just a sequence.

We (the IETF) can't solve the problem of ECUs having multiple hardware<= br> assists ourselves.=C2=A0 If I were working in that area, I'd already be= looking
through all the NIST submissions from last fall and figuring out what I nee= d
to accelerate them, and what operations are in common, and figuring out if = I
can accelerate the common operations, can I win regardless of which one is = picked?
Or at least, be closer to market to pick one or three variations.

Rotiling RFC5280 so that we can support multiple signature algorithms on certificates means that we can get new CAs and related things deployed.
I'm with Stephen in asking if the DER encoding is worth keeping at this=
point.

Encode ASN.1 in CBOR (CBOR encoding rules for ASN.1) if we think the ASN.1 = is
worth keeping, switch to CDDL if not.=C2=A0 We probably need to keep the se= mantics.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
=C2=A0-=3D IPv6 IoT consulting =3D-



_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--000000000000c2eb0c0592c36e23-- From nobody Tue Sep 17 11:19:31 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B121C1208BA for ; Tue, 17 Sep 2019 11:19:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5CF15X0_t2uL for ; Tue, 17 Sep 2019 11:19:27 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C7ED12084D for ; Tue, 17 Sep 2019 11:19:27 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2BF503897C; Tue, 17 Sep 2019 14:17:46 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E1DC2560; Tue, 17 Sep 2019 14:19:25 -0400 (EDT) From: Michael Richardson To: Mike Ounsworth , "secdispatch\@ietf.org" In-Reply-To: <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 18:19:30 -0000 --=-=-= Content-Type: text/plain Mike Ounsworth wrote: > I've posted a new version with minor tweaks to make that more clear. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ Thank you. I understand much better the three possibilities now. As I understand it: 1) new algorithm numbers, "RSA+PQ1", "ECDSA+PQ2", etc. works with old code because old-algorithms are negotiated. Requires negotiation. 2) multiple certificate chains: seems to work well with web servers, but in my experience fails with everything else. The "weak" chain fails and then what? 3) new certificates; the v3-extension hack is just that, a hack to do multiple certificate chains in a single object. I assume that the PQx signature would cover the legacy public key value as well? I prefer (3), btw. (1) hadn't occured to me, as I don't think it works well with objects at rest, such as firmware updates. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl2BI60ACgkQgItw+93Q 3WV+6Qf+NnCOMkiE0lVoXlNx1MtClDr6cRqmXEhL3r/dDRMXn5eyQPL+mt949pz1 yDBtDmoHQvYW0jOKXlM3MCdzSpmw+x4ADPlzbV8FQ/8vZqoMTP/8GArOHGMFqfUs ziUu82twrJZBGjWhn5Lx+a/uftGJ8ogBKpA5jFJOdvYpodzxsfmj8NE6DoVnhR65 mljy4s20Wn3Y44fXbXWblFLPzMK1Hb+hQk1h5U5hpbhkUkT6x1mbVPV9BYrPHrTZ sqWch/EFN/iEywuDLKrcJEBlzOv20AtqS/qkXwMfPvUM7bjT8qDYS48bWrGN/yXD T79hnj8fU8vOgL6KJmTz9PZ3ILTWIg== =eoCd -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 17 11:45:00 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA4B1209B6 for ; Tue, 17 Sep 2019 11:44:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvpXnK4dvA8l for ; Tue, 17 Sep 2019 11:44:56 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99DC61209BD for ; Tue, 17 Sep 2019 11:44:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 4D734BE2F; Tue, 17 Sep 2019 19:44:51 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsKN4z9jfEjl; Tue, 17 Sep 2019 19:44:49 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C5CD2BE2C; Tue, 17 Sep 2019 19:44:49 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568745889; bh=rBD677bja2vNshWgDgoILw/Dcbx1Dab5ASBk2QZfqAE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=RaueI+cxz72Xik/QjoJK2aaaxlPiUjyE3jwFXole73q3eD09Pm8tXY09A3gcq2aw9 uwqZ1zhma0o+7C6ieEHvR0XlyZGNLcDupWMoMhbhEYgIlTC4CPB2uxfzWimRWbGo7M v8SO+4tohcSpCNkMa8nfoIuxElcaB65EgkM/5nMU= To: Michael Richardson , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> Date: Tue, 17 Sep 2019 19:44:48 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <6013.1568740878@localhost> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3qwwfVsNB69RphcfZPQsxjjMSmFI1YxbC" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 18:44:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3qwwfVsNB69RphcfZPQsxjjMSmFI1YxbC Content-Type: multipart/mixed; boundary="wEatt4icc2ePt0kJqEQfS6IodmaDmZKT3"; protected-headers="v1" From: Stephen Farrell To: Michael Richardson , "secdispatch@ietf.org" Message-ID: <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> In-Reply-To: <6013.1568740878@localhost> --wEatt4icc2ePt0kJqEQfS6IodmaDmZKT3 Content-Type: multipart/mixed; boundary="------------8CE2C3F8E010BA9DE79555F8" Content-Language: en-GB This is a multi-part message in MIME format. --------------8CE2C3F8E010BA9DE79555F8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, Just to be clear that is not my position. On 17/09/2019 18:21, Michael Richardson wrote: >=20 > Encode ASN.1 in CBOR (CBOR encoding rules for ASN.1) if we think the AS= N.1 is > worth keeping, switch to CDDL if not. We probably need to keep the sem= antics. Seems like the semantics has to change with stateful signature schemes with wall-clock time expiry is no longer appropriate for public keys. Seems like the semantics has to change if N of M signatures must verify compared to 1 of 1, esp if some alg may become "dubious" for say a number of years before we find out that a break exists for that alg. (The dubious alg may be due to a QC attack on a classic alg, or, and maybe more likely, a classical attack on a new nad supposedly QC resistant alg.) Seems like existing x.509 libraries do not need to change, and nor should they. We'd be breaking them horribly if we tried to retrofit multiple algs/keys/sigs into x.509. Instead handle new things outside x.509, so as to avoid introducing significant vulnerabilities into what's now a more or less working system. And I dispute the urgency for authentication. Long-lived devices that cannot be updated in 20 years will be hugely vulnerable to things that are nothing to do with quantum computers. It isn't worthwhile trying to "fix" that now when it's too early to know what might or might not be a good plan for dealing with authentication in a world that has a working quantum computer - better to ensure those devices can be updated and then do the best one can as needs arise. The probability of a recall due to a vuln in a non-updatable device seems far higher than anything else here. Instead of all those bad plans - we should start to discuss what may be needed for authentication in 20+ years time, part of which would be quantum resistant algs. Another part may be an equivalent to CT which turned out to be needed due to certificate mis-issuance, so the discussion I'd be interested in wouldn't only be about quantum computers. (But would overlap with that.) Cheers, S. --------------8CE2C3F8E010BA9DE79555F8 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------8CE2C3F8E010BA9DE79555F8-- --wEatt4icc2ePt0kJqEQfS6IodmaDmZKT3-- --3qwwfVsNB69RphcfZPQsxjjMSmFI1YxbC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl2BKaAACgkQWrL68XsX K+reaw/+P/PI+Ep1byukYQSabnj9BHrSgvMRePxXs4Exny/ZGgd4hF/4wjIV71x5 H0zieTOwl2CqC7CeAppWvr/147L8vKF57B81dzky3yd0Ms/adAzXZig8kpzd+PbA jUeWhQELgMw97GicJsDjM/zUe9NP72yUjpW+HFU8z2D6kM+fcfiETixVHEje1H2N gqADhiFXGCa0BtaE7e1XDDxpzc14uR/wgIg+dL2N8gdsQLlOJ9Pm1CpVZsRKSGg5 yVSMvozqUHn5PmVeGXpE9nTraQvOju4lQO/U5VJO8VTo/TywKkQrQub2cVmkxBPr UpI063iK/AR8A4d05vz9GUGdH4gEwtfq+MLU2lJX9fUe5t1ChbYxATiXAth4maWV 68zVUovWyNan/ZkmkLWU/R+FU/5g2HjDPGh6xvPYeXtFst9L9XfdnaNYg+FkImE2 Aj9qg0KZxtDGJxJqazhC2ygK6iSZY5thQsJ9KdefI+nCIxMtjx1ByaiNy7+mtVHY kycaTscT/YaEl1jcG3H6oe/rUuqKUpcNoZDBqtR6+CWk1t7vVVd1uv127dutgUqN pX0qFLYfDyaoluGj5z+Ty9P8B4RWMFjz2ncefug2SF3q8FInHB/zfKnitl5jVbJD SGWVDFXMAgUcXI2+5ypwMjOxsNiYtqdoljZ3yCeIfU/7+zZDIpo= =so7s -----END PGP SIGNATURE----- --3qwwfVsNB69RphcfZPQsxjjMSmFI1YxbC-- From nobody Tue Sep 17 12:04:22 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 645FF120A2B for ; Tue, 17 Sep 2019 12:04:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSOBuDjCjDne for ; Tue, 17 Sep 2019 12:04:10 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E3F61209C2 for ; Tue, 17 Sep 2019 12:04:08 -0700 (PDT) IronPort-SDR: jPO8eXxks0wNbERxP7hbM2uzrqcOJjusVXmSwklaZfwpjpAIJgkzTGd1R63XlKnSFoV8l8wbvD WuXxfbTc2+XA== X-IronPort-AV: E=Sophos;i="5.64,517,1559538000"; d="scan'208";a="1524870" Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Sep 2019 14:04:07 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Sep 2019 14:04:07 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 17 Sep 2019 14:04:06 -0500 From: Mike Ounsworth To: Michael Richardson , "secdispatch@ietf.org" Thread-Topic: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVbYRxJG27EQIGIUe3TF2r2sIifKcwN6Wg Date: Tue, 17 Sep 2019 19:04:06 +0000 Message-ID: <6db29f92978141439b9922fb63459fb9@PMSPEX05.corporate.datacard.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> <19799.1568744365@localhost> In-Reply-To: <19799.1568744365@localhost> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 19:04:20 -0000 Hi Michael, Yup, Those are the general ideas, with one small correction; for 1) what we= 've proposed in draft-ounsworth-pq-composite-sigs is a SubjectPublicKeyInfo= that has the algorithmID "Composite", and then the octet string for its pu= blic key data is an encoded SEQUENCE of SubjectPublicKeyInfos for RSA, PQ1,= etc, -- basically the SPKI contains a list of SPKIs. Same trick for signat= ureAlgorithm and signatureValue. This subtle difference avoids the explosion of pairwise OIDs "RSA+PQ1", "EC= DSA+PQ2", etc. Also, this allows a legacy client to continue processing if = it doesn't understand the OID for PQ2, but its local policy says that ECDSA= alone is still ok for now, so there's a crypto agility win. - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Michael Richardson =20 Sent: Tuesday, September 17, 2019 1:19 PM To: Mike Ounsworth ; secdispatch@ietf.o= rg Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum= multi-algorithm PKI Mike Ounsworth wrote: > I've posted a new version with minor tweaks to make that more clear. > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ Thank you. I understand much better the three possibilities now. As I understand it: 1) new algorithm numbers, "RSA+PQ1", "ECDSA+PQ2", etc. works with old code because old-algorithms are negotiated. Requires negotiation. 2) multiple certificate chains: seems to work well with web servers, but in my experience fails with everything else. The "weak" chain fails and then what? 3) new certificates; the v3-extension hack is just that, a hack to do multiple certificate chains in a single object. I assume that the PQx signature would cover the legacy public key value as well? I prefer (3), btw. (1) hadn't occured to me, as I don't think it works wel= l with objects at rest, such as firmware updates. -- Michael Richardson , Sandelman Software Works -=3D = IPv6 IoT consulting =3D- From nobody Tue Sep 17 13:30:57 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B368120873 for ; Tue, 17 Sep 2019 13:30:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWFoCph40lLv for ; Tue, 17 Sep 2019 13:30:54 -0700 (PDT) Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E82D12010D for ; Tue, 17 Sep 2019 13:30:54 -0700 (PDT) IronPort-SDR: kGd8kvZHA9ihRsV8bTcirLptMM8a5ammqqNGUpUFfMeQfN2FOvMHJ0RwlAd87KTY0GFqgblmNY cPdgY0uLaNTw== X-IronPort-AV: E=Sophos;i="5.64,518,1559538000"; d="scan'208";a="1529444" Received: from pmspex04.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.51]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Sep 2019 15:30:52 -0500 Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by PMSPEX04.corporate.datacard.com (192.168.211.51) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Sep 2019 15:30:51 -0500 Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 17 Sep 2019 15:30:51 -0500 From: Mike Ounsworth To: Stephen Farrell , Michael Richardson , "secdispatch@ietf.org" Thread-Topic: [EXTERNAL]Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI Thread-Index: AQHVbNthOdoofKwsjk2c8e3+BFoTgKcvQ3sAgAEvQQCAABdVAP//x0DA Date: Tue, 17 Sep 2019 20:30:51 +0000 Message-ID: <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> In-Reply-To: <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.1.43.131] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 20:30:56 -0000 SGkgU3RlcGhlbiwNCg0KSSB0aGluayB3ZSdyZSBtYWtpbmcgcHJvZ3Jlc3MgdG93YXJkcyBjb21t b24gdW5kZXJzdGFuZGluZyEgSHVycmF5IQ0KDQo+IFNlZW1zIGxpa2UgZXhpc3RpbmcgeC41MDkg bGlicmFyaWVzIGRvIG5vdCBuZWVkIHRvIGNoYW5nZSwgYW5kIG5vciANCj4gc2hvdWxkIHRoZXku IFdlJ2QgYmUgYnJlYWtpbmcgdGhlbSBob3JyaWJseSBpZiB3ZSB0cmllZCB0byANCj4gcmV0cm9m aXQgbXVsdGlwbGUgYWxncy9rZXlzL3NpZ3MgaW50byB4LjUwOS4gSW5zdGVhZCBoYW5kbGUgbmV3 IA0KPiB0aGluZ3Mgb3V0c2lkZSB4LjUwOSwgc28gYXMgdG8gYXZvaWQgaW50cm9kdWNpbmcgc2ln bmlmaWNhbnQgDQo+IHZ1bG5lcmFiaWxpdGllcyBpbnRvIHdoYXQncyBub3cgYSBtb3JlIG9yIGxl c3Mgd29ya2luZyBzeXN0ZW0uDQoNCg0KSXQgc291bmRzIGxpa2Ugd2hhdCB5b3UncmUgcHJvcG9z aW5nIHdpbGwgZW5kIHVwIGxpbmluZyB1cCB3aXRoIHRoZSBzdGlsbC15ZXQtdG8tYmUtZGVmaW5l ZCBzb2x1dGlvbiBvZiAianVzdCB1c2UgbXVsdGlwbGUgY2VydCBjaGFpbnMiLCB3aGljaCByZXF1 aXJlcyBubyBjaGFuZ2UgdG8gWC41MDkgaXRzZWxmLCBhbmQgd2hpY2ggSSBkZXNjcmliZWQgaW4g bXkgUHJvYmxlbSBTdGF0ZW1lbnQgZHJhZnQgYXMNCg0KMi4yLjEuICBNdWx0aXBsZSBDZXJ0aWZp Y2F0ZSBDaGFpbnMNCg0KICAgSWYgeW91IHdhbnQgbXVsdGlwbGUgcHVibGljIGtleXMgb24gbXVs dGlwbGUgY3J5cHRvZ3JhcGhpYw0KICAgYWxnb3JpdGhtcywgdGhlbiBnZXQgbXVsdGlwbGUgY2Vy dGlmaWNhdGVzIGZyb20gbXVsdGlwbGUgUEtJcy4gIFRoZQ0KICAgcHJvdG9jb2wgaGFzIGNvbnRy b2wgb2YgbmVnb3RpYXRpbmcgd2hpY2ggYWxnb3JpdGhtcyBnZXQgdXNlZCwgaG93IHRvDQogICBl bmNhcHN1bGF0ZSB0aGUgbGFyZ2UgUFEgZGF0YSwgZXRjLiAgSW4gbWFueSB3YXlzLCB0aGlzIGlz IHRoZSBtb3N0DQogICBvYnZpb3VzIHNvbHV0aW9uLg0KDQoNCg0KQWxzbywgd2hhdCBJIHByZXNl bnQgYXMgIjIuMS4gICJDb21wb3NpdGUiIGNvbmNhdGVuYXRlZCBrZXlzIGFuZCBzaWduYXR1cmVz IiBkb2VzIG5vdCByZXRyb2ZpdCBYLjUwOSBhdCBhbGwsIGV4Y2VwdCBmb3IgZGVmaW5pbmcgbmV3 IGFsZ29yaXRobUlEcywgd2hpY2ggaXMgdW5hdm9pZGFibGUuDQoNCkFuZCB3aGF0IEkgcHJlc2Vu dCBhcyAiMi4yLjIuICAiSHlicmlkIiB2MyBleHRlbnNpb25zIiAoYW5kIGhhcyBhbiBhbG1vc3Qg YWNjZXB0ZWQgSVRVLVQgc3BlYykgb25seSByZXRyb2ZpdHMgWC41MDkgaW5zb2ZhciBhcyBpdCBh ZGRzIGEgbmV3IHYzIGV4dGVuc2lvbiwgd2hpY2ggc2luY2UgWC41MDl2MyB3YXMgbWFkZSB0byBi ZSBleHRlbmRlZCwgaGFyZGx5IHNlZW1zIGxpa2UgYSByZXRyb2ZpdC4gQWxzbywgYnkgZGVzaWdu LCBjZXJ0cyB3aXRoIHRoZXNlIGV4dGVuc2lvbnMgY2FuIGhhcHBpbHkgYmUgcGFyc2VkIGJ5IG5v bi11cGdyYWRlZCBYLjUwOSBsaWJyYXJpZXMuDQoNCg0KVEw7RFI6ICJXZSdkIGJlIGJyZWFraW5n IHRoZW0gaG9ycmlibHkiIHNlZW1zIGxpa2UgYW4gdW5mYWlyIGNoYXJhY3Rlcml6YXRpb24gb2Yg dGhlIHByb3Bvc2FscyBiZWZvcmUgdXMuDQoNCi0gLSAtDQpNaWtlIE91bnN3b3J0aCB8IE9mZmlj ZTogKzEgKDYxMykgMjcwLTI4NzMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206 IFNlY2Rpc3BhdGNoIDxzZWNkaXNwYXRjaC1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2Yg U3RlcGhlbiBGYXJyZWxsDQpTZW50OiBUdWVzZGF5LCBTZXB0ZW1iZXIgMTcsIDIwMTkgMTo0NSBQ TQ0KVG86IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZAc2FuZGVsbWFuLmNhPjsgc2VjZGlz cGF0Y2hAaWV0Zi5vcmcNClN1YmplY3Q6IFtFWFRFUk5BTF1SZTogW1NlY2Rpc3BhdGNoXSBQcm9i bGVtIHN0YXRlbWVudCBmb3IgcG9zdC1xdWFudHVtIG11bHRpLWFsZ29yaXRobSBQS0kNCg0KDQpI aXlhLA0KDQpKdXN0IHRvIGJlIGNsZWFyIHRoYXQgaXMgbm90IG15IHBvc2l0aW9uLg0KDQpPbiAx Ny8wOS8yMDE5IDE4OjIxLCBNaWNoYWVsIFJpY2hhcmRzb24gd3JvdGU6DQo+IA0KPiBFbmNvZGUg QVNOLjEgaW4gQ0JPUiAoQ0JPUiBlbmNvZGluZyBydWxlcyBmb3IgQVNOLjEpIGlmIHdlIHRoaW5r IHRoZSANCj4gQVNOLjEgaXMgd29ydGgga2VlcGluZywgc3dpdGNoIHRvIENEREwgaWYgbm90LiAg V2UgcHJvYmFibHkgbmVlZCB0byBrZWVwIHRoZSBzZW1hbnRpY3MuDQoNClNlZW1zIGxpa2UgdGhl IHNlbWFudGljcyBoYXMgdG8gY2hhbmdlIHdpdGggc3RhdGVmdWwgc2lnbmF0dXJlIHNjaGVtZXMg d2l0aCB3YWxsLWNsb2NrIHRpbWUgZXhwaXJ5IGlzIG5vIGxvbmdlciBhcHByb3ByaWF0ZSBmb3Ig cHVibGljIGtleXMuDQoNClNlZW1zIGxpa2UgdGhlIHNlbWFudGljcyBoYXMgdG8gY2hhbmdlIGlm IE4gb2YgTSBzaWduYXR1cmVzIG11c3QgdmVyaWZ5IGNvbXBhcmVkIHRvIDEgb2YgMSwgZXNwIGlm IHNvbWUgYWxnIG1heSBiZWNvbWUgImR1YmlvdXMiIGZvciBzYXkgYSBudW1iZXIgb2YgeWVhcnMg YmVmb3JlIHdlIGZpbmQgb3V0IHRoYXQgYSBicmVhayBleGlzdHMgZm9yIHRoYXQgYWxnLg0KKFRo ZSBkdWJpb3VzIGFsZyBtYXkgYmUgZHVlIHRvIGEgUUMgYXR0YWNrIG9uIGEgY2xhc3NpYyBhbGcs IG9yLCBhbmQgbWF5YmUgbW9yZSBsaWtlbHksIGEgY2xhc3NpY2FsIGF0dGFjayBvbiBhIG5ldyBu YWQgc3VwcG9zZWRseSBRQyByZXNpc3RhbnQgYWxnLikNCg0KU2VlbXMgbGlrZSBleGlzdGluZyB4 LjUwOSBsaWJyYXJpZXMgZG8gbm90IG5lZWQgdG8gY2hhbmdlLCBhbmQgbm9yIHNob3VsZCB0aGV5 LiBXZSdkIGJlIGJyZWFraW5nIHRoZW0gaG9ycmlibHkgaWYgd2UgdHJpZWQgdG8gcmV0cm9maXQg bXVsdGlwbGUgYWxncy9rZXlzL3NpZ3MgaW50byB4LjUwOS4gSW5zdGVhZCBoYW5kbGUgbmV3IHRo aW5ncyBvdXRzaWRlIHguNTA5LCBzbyBhcyB0byBhdm9pZCBpbnRyb2R1Y2luZyBzaWduaWZpY2Fu dCB2dWxuZXJhYmlsaXRpZXMgaW50byB3aGF0J3Mgbm93IGEgbW9yZSBvciBsZXNzIHdvcmtpbmcg c3lzdGVtLg0KDQpBbmQgSSBkaXNwdXRlIHRoZSB1cmdlbmN5IGZvciBhdXRoZW50aWNhdGlvbi4g TG9uZy1saXZlZCBkZXZpY2VzIHRoYXQgY2Fubm90IGJlIHVwZGF0ZWQgaW4gMjAgeWVhcnMgd2ls bCBiZSBodWdlbHkgdnVsbmVyYWJsZSB0byB0aGluZ3MgdGhhdCBhcmUgbm90aGluZyB0byBkbyB3 aXRoIHF1YW50dW0gY29tcHV0ZXJzLiBJdCBpc24ndCB3b3J0aHdoaWxlIHRyeWluZyB0byAiZml4 IiB0aGF0IG5vdyB3aGVuIGl0J3MgdG9vIGVhcmx5IHRvIGtub3cgd2hhdCBtaWdodCBvciBtaWdo dCBub3QgYmUgYSBnb29kIHBsYW4gZm9yIGRlYWxpbmcgd2l0aCBhdXRoZW50aWNhdGlvbiBpbiBh IHdvcmxkIHRoYXQgaGFzIGEgd29ya2luZyBxdWFudHVtIGNvbXB1dGVyIC0gYmV0dGVyIHRvIGVu c3VyZSB0aG9zZSBkZXZpY2VzIGNhbiBiZSB1cGRhdGVkIGFuZCB0aGVuIGRvIHRoZSBiZXN0IG9u ZSBjYW4gYXMgbmVlZHMgYXJpc2UuIFRoZSBwcm9iYWJpbGl0eSBvZiBhIHJlY2FsbCBkdWUgdG8g YSB2dWxuIGluIGEgbm9uLXVwZGF0YWJsZSBkZXZpY2Ugc2VlbXMgZmFyIGhpZ2hlciB0aGFuIGFu eXRoaW5nIGVsc2UgaGVyZS4NCg0KSW5zdGVhZCBvZiBhbGwgdGhvc2UgYmFkIHBsYW5zIC0gd2Ug c2hvdWxkIHN0YXJ0IHRvIGRpc2N1c3Mgd2hhdCBtYXkgYmUgbmVlZGVkIGZvciBhdXRoZW50aWNh dGlvbiBpbiAyMCsgeWVhcnMgdGltZSwgcGFydCBvZiB3aGljaCB3b3VsZCBiZSBxdWFudHVtIHJl c2lzdGFudCBhbGdzLiBBbm90aGVyIHBhcnQgbWF5IGJlIGFuIGVxdWl2YWxlbnQgdG8gQ1Qgd2hp Y2ggdHVybmVkIG91dCB0byBiZSBuZWVkZWQgZHVlIHRvIGNlcnRpZmljYXRlIG1pcy1pc3N1YW5j ZSwgc28gdGhlIGRpc2N1c3Npb24gSSdkIGJlIGludGVyZXN0ZWQgaW4gd291bGRuJ3Qgb25seSBi ZSBhYm91dCBxdWFudHVtIGNvbXB1dGVycy4gKEJ1dCB3b3VsZCBvdmVybGFwIHdpdGggdGhhdC4p DQoNCkNoZWVycywNClMuDQo= From nobody Tue Sep 17 14:17:07 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75BC512007A for ; Tue, 17 Sep 2019 14:17:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5aZSE7yMcO2t for ; Tue, 17 Sep 2019 14:17:03 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D4BE120043 for ; Tue, 17 Sep 2019 14:17:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 145E6BE24; Tue, 17 Sep 2019 22:16:58 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W84HoFe3_RxH; Tue, 17 Sep 2019 22:16:56 +0100 (IST) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 99B49BDCF; Tue, 17 Sep 2019 22:16:56 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1568755016; bh=xRIzfHRR7rf92/88mMNqAy+ywSJ5HFn8DS/wDekML6s=; h=Subject:To:References:From:Date:In-Reply-To:From; b=viw30yCpAYFP24TDE56DUtED8VDE/ycBEkA7heQZ9W0FZYjzuPA3zc2uSVLY+iQjG IsETs6qH9lJvXRO4vHdGNuTzSRIP9E0+RX+KYB8KrObJma0MrOHUUKqb3GkP5NjkC2 KpRJ9Yqufmrh1vwPJJYWxNNsrcGMfK54lf5wGeVE= To: Mike Ounsworth , Michael Richardson , "secdispatch@ietf.org" References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <698c840c-221a-a110-55e9-4c4bd94e7bd8@cs.tcd.ie> Date: Tue, 17 Sep 2019 22:16:55 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2dr4pNlN5GxHfgnN3aYS3AUoLDmQkCc2L" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2019 21:17:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2dr4pNlN5GxHfgnN3aYS3AUoLDmQkCc2L Content-Type: multipart/mixed; boundary="aWSbqY4FRgNOt6icpdnAkmC6gWhqI2d0Z"; protected-headers="v1" From: Stephen Farrell To: Mike Ounsworth , Michael Richardson , "secdispatch@ietf.org" Message-ID: <698c840c-221a-a110-55e9-4c4bd94e7bd8@cs.tcd.ie> Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> In-Reply-To: <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> --aWSbqY4FRgNOt6icpdnAkmC6gWhqI2d0Z Content-Type: multipart/mixed; boundary="------------23222414360CC4C6F1606E6B" Content-Language: en-GB This is a multi-part message in MIME format. --------------23222414360CC4C6F1606E6B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 17/09/2019 21:30, Mike Ounsworth wrote: >=20 > It sounds like what you're proposing will end up lining up with the > still-yet-to-be-defined solution of "just use multiple cert chains", Nope, sorry for being unclear. I'm coming around to arguing to not bother with using x.509 at all any weird new PQ stuff, (like stateful sigs or where values are big enough to cause protocol problems in places x.509 is currently used), and to definitely not embed multiple key/alg stuff inside x.509. Existing x.509 libraries could then continue to be used really unmodified (so no change to what's often pretty flakey cert validation logic, only crypto APIs) with current algs or where some PQ alg reall fits the current model well enough. In addition, I'd argue to wait 'till NIST are done to start in any detailed way. Hope that's clearer. Cheers, S. --------------23222414360CC4C6F1606E6B Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------23222414360CC4C6F1606E6B-- --aWSbqY4FRgNOt6icpdnAkmC6gWhqI2d0Z-- --2dr4pNlN5GxHfgnN3aYS3AUoLDmQkCc2L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAl2BTUcACgkQWrL68XsX K+rBUg//asEGwyfOKj/LMFi4hA3rdpEzguX9FsVsPr3hVeczHngG7MCzED8hFIkF lddWhFNzZcA5gMhMy2whGM+5KrThm0p3GGRX9G6JqubkzjJWm1dIPjiw9+p/QwLI eNRrzjld6D0rrehDCr1s+JJTdaVtRyOIp5yHQbM76f2SHGRIaelwdfc0Wz/Vhu6p SrOzxKfNKSwZjPdV8ebsHGSzoFAuypbn/V2sL050Yat6wPe6YwhZOaSMiE5WDjcO WEGZsD2P+qpPm4nP949wSLzfKEje18F9mhKPsRqJktK/9MfYGY8JDwRp1zhd/48z cPyObAp3WXikT/nTiW4Ko7a8jFzceg6CMcBNvUKQ4DHiEgz653oToFm+d77Xroee rC5a9lFEMwccKdt5hQ/ZHaaJJf+FqQYvZ3w5KnjPgj1Z+nwBaRCB87Ltw1WCqkT5 9HboStbdgxo0JakN22ahRrHg1HpDBN4X2P3iEu/bOH/Q//tjib5coSS8gP3ODYXQ wZmP121M5Or+vz9b5vJzAjRbTco8St39YJEo2bpceJab/2JJh+YDxUb7ZBc4Z13q c93h6H7bcIMSzes/ADloz9h4g1QNKOuxclLHz4L3BWJXT+9HJtT354l9ZTJTyMHO vtAo7isGnnAfB/TxPHpXusFg2dkuuxbHQ9Y9Twq3OrDGuIkqzTA= =QMQA -----END PGP SIGNATURE----- --2dr4pNlN5GxHfgnN3aYS3AUoLDmQkCc2L-- From nobody Tue Sep 17 20:19:19 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6BF1120096 for ; Tue, 17 Sep 2019 20:19:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=jOTLLCpc; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JS8Ha6Bw Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y_UWnt-Ai6wC for ; Tue, 17 Sep 2019 20:19:14 -0700 (PDT) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 721D7120073 for ; Tue, 17 Sep 2019 20:19:14 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id A1D8F56F for ; Tue, 17 Sep 2019 23:19:13 -0400 (EDT) Received: from imap7 ([10.202.2.57]) by compute1.internal (MEProxy); Tue, 17 Sep 2019 23:19:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=Bs+H2 p7EB+/zk2ur5mx/Le1UOEEuWDHYBIOo0If+WWw=; b=jOTLLCpc7VGlxVj1MeeV1 Jf2cZ8D1YbwLeQdxroJopS1oA9ErM38ixxcN6I2qg8pv8YrEgut7XMtREcVL/ZDo /fgRK6vMff9alVbiBT/bEoGIXkVt8r2CDgCikyZ9M9pHrnH2CeUHx1H0/VLYOSQQ 2/2vhgsZoQ+13gbVpRHHQKWEUZvIa8CoaDCYNc4ssf+cIbOqwwdRR7zqw/oR/EjV pNnzbj+pZ8WLoEEeOFcJfUQgsLgIu2iT8Ugo7VXyRk6h4Id8kpO3jusHe7CNUde/ Jby06H41yJLsjMys17VU7jrVmQmz8I12NMqKytc9JOvsBfhiMOGgPYKAFckU8xL7 Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=Bs+H2p7EB+/zk2ur5mx/Le1UOEEuWDHYBIOo0If+W Ww=; b=JS8Ha6Bw8U0wXKbEJzcuVI4h++VNKImyG6w+anE1Fb3qe8XCkz95sOU9t muY/7u4yqM4ssey3z0QABNV+UPeTpnt0K7UDMrlr1vlPaPwN60/1g7KMcN/bMwUz 9z17jIYAZzrs1THk1U4K9OuGA6bf/4hjXeyQguuPBnQZNp6oEHllLg5MiszhNieZ d9AUpp8YR9SlopMDBSdUEs91gWQLyolLgYlQ+Huk/hqMS/EZo/Uwbe9ZPkG3+pRD +KDO2guia8ecvWrsfKroxN+gPIa2seeVNrvo2f9l9vfYk6Q5oRhWuTctAHFOscOP vUdchQZbN94Z8mMyWh1df4jsEdsmg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudejgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpdhophgvnh hquhgrnhhtuhhmshgrfhgvrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmthes lhhofigvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id B4C651C0001; Tue, 17 Sep 2019 23:19:12 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-238-g170a812-fmstable-20190913v1 Mime-Version: 1.0 Message-Id: <61f35d44-63bf-4b17-8c65-6dcc2bdeeff6@www.fastmail.com> In-Reply-To: References: Date: Wed, 18 Sep 2019 13:18:53 +1000 From: "Martin Thomson" To: secdispatch@ietf.org Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Secdispatch] =?utf-8?q?Problem_statement_for_post-quantum_multi?= =?utf-8?q?-algorithm_PKI?= X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 03:19:17 -0000 I'll add that while it is clear that there are some hard research-y piec= es to this (like finding decent primitives), much of the work we might d= ecide to do is straight-up engineering. The work that Douglass has done= for TLS is a great example of that. We might not have reached conclusi= ons on some of the finer points, but thanks to the work already done, we= 're down to making what are fundamentally just engineering decisions. H= ere I say "just" advisedly, because have well-established processes for = resolving any disagreements of that nature. On Wed, Sep 18, 2019, at 02:14, Richard Barnes wrote: > +1 on the last point here -- we should get started on PQ stuff now=20 > (including transition strategies), and should not waste time on=20 > unrelated things, like replacing X.509. >=20 > --Richard >=20 > On Tue, Sep 17, 2019 at 10:10 AM Douglas Stebila = wrote: > > I'm a little late to the discussion, and new to the secdispatch mail= ing list, but hopefully not too late. I think this is an important probl= em to address, and sooner rather than later. NIST is still a few years a= way from having an outcome, but we can start laying the framework for ho= w we'll use the resulting algorithms. Although not everyone is convinced= by "hybrid" / "multi-algorithm", there seems to be sufficient interest = for it (e.g., the panel discussion at the NIST PQC standardization confe= rence last month), that it's worth investing the time to investigate fur= ther. I'm involved in a draft about hybrid key exchange in TLS for which= there is no clear path, but lots of opinions and discussion worth havin= g. I'm also involved in an open source project (openquantumsafe.org) whe= re we are already wanting to prototype hybrid authentication in protocol= s relying on X.509, and we'd be happy to coordinate with others wanting = to do so. It would be really unfortunate if deployment of quantum-resist= ant algorithms was delayed even further because we spend 3-5 years strug= gling with network protocols and standards *after* NIST picks some algor= ithms, when we could have started that aspect earlier. > >=20 > > Douglas > >=20 > >=20 > > On Wed, 11 September 2019, Mike Ounsworth wrote: > >=20 > >> Hi SecDispatch, > >> This got bounced here from LAMPS because the scope is potentially m= ore than a "limited" pkix change, and because this needs multi-WG visibi= lity to decide on a category of solution. > >>=20 > >>=20 > >> Background / history > >> -------------------- > >> The Post-Quantum community (for example, surrounding the NIST PQC c= ompetition), is pushing for "hybridized" crypto that combines RSA/ECC wi= th new primitives in order to hedge our bets against both quantum advers= aries, and also algorithmic / mathematical breaks of the new primitives.= > >>=20 > >> A year and a half ago, a draft was put to LAMPS for putting PQ publ= ic key and signatures into X.509v3 extensions. This draft has been allow= ed to expire, but is being pursued at the ITU. > >> https://datatracker.ietf.org/doc/draft-truskovsky-lamps-pq-hybrid-x= 509/ > >>=20 > >> Earlier this year, a new draft was put to LAMPS for defining "compo= site" public key and signature algorithms that, essentially, concatenate= multiple crypto algorithms into a single key or signature octet string.= This draft stalled in LAMPS over whether it is the correct overall appr= oach. > >> https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/= > >>=20 > >> Now I'm taking a step back and submitting a draft that acts as a se= mi-formal problem statement, and an overview of the three main categorie= s of solutions. > >> https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ > >>=20 > >>=20 > >>=20 > >> My Opinion > >> ---------- > >> Personally, I'm fairly agnostic to the chosen solution, but feel th= at we need some kind of standard(s) around the post-quantum transition f= or certificates and PKI. Personally, I feel that Composite is mature eno= ugh as an idea to standardize as a tool in our toolbox for contexts wher= e it makes sense, even if a different mechanism is preferred for TLS and= IPSEC/IKE. > >>=20 > >>=20 > >>=20 > >> Requested action from SECDISPATCH > >> --------------------------------- > >> 1. Feedback on the problem statement draft. https://datatracker.iet= f.org/doc/draft-pq-pkix-problem-statement/ > >> 2. Discussion of how to progress this. > >>=20 > >>=20 > >>=20 > >> PS I'm a new IETF'er, please be gentle :P > >> Thanks, > >> - - - > >> Mike Ounsworth | Software Security Architect > >> Entrust Datacard > > _______________________________________________ > > Secdispatch mailing list > > Secdispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/secdispatch > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > From nobody Wed Sep 18 05:09:12 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0774A1201E5 for ; Wed, 18 Sep 2019 05:09:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.915 X-Spam-Level: X-Spam-Status: No, score=-1.915 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2D4B2BEm82F for ; Wed, 18 Sep 2019 05:09:08 -0700 (PDT) Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE15C12004D for ; Wed, 18 Sep 2019 05:09:07 -0700 (PDT) Received: by mail-ot1-f52.google.com with SMTP id 67so6104465oto.3 for ; Wed, 18 Sep 2019 05:09:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e4BjRSdBY0hKe55a0YmC8uJeWDiAh0hyLmZBzVzFLEY=; b=kpGlBX2niCkvfprn9mHwbD4rt1sTHiqNMC2XNHCUCkN7RZkQRPHTBpcKykXytWSgMI ZPmJZC9/PrrTWRdN8lZtROB3FFxOWaYgTts/orauIHXbOlwMyMqkqGJ8wU/G+gHfEbDZ LY6mns5YE9kCLb3yygijVIwf/5lzOnFUWc30yS+efPBzvBm5dyMEwW1V9W0yod/cUI7Z 6/fiO4YfKdoBp0lu8oKVbr2wYCoJYBdJmVIttRNiJCJWrIit8bAgVyQKuOBZ819psE5D wRfzra6MJUV0PANWMTiHhfqD0uJ8lEA8cOCSld6RiowC7GB2MKYV41W59lvu0scYelGU 1mJQ== X-Gm-Message-State: APjAAAUqW90AaSQLt6YTWsb0N/wnmkPz+DZzYycFP0xcfaUjsBn/MacU 3+tIkw3oe6+SW4TbszzqcIhgHdeyaEIb3h/d3gs= X-Google-Smtp-Source: APXvYqw9vAf08SMmhzQvBS5DJr0BiHgaxGUOVh2HIOR/NJbjdlL6X/ugYzuBwjUokfc5ea17SaXc/cghgFptnj++UDQ= X-Received: by 2002:a9d:7d08:: with SMTP id v8mr2680368otn.231.1568808547204; Wed, 18 Sep 2019 05:09:07 -0700 (PDT) MIME-Version: 1.0 References: <28224.1568427573@dooku.sandelman.ca> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <45237418-7C96-4823-A7C6-39E92586756E@akamai.com> <6013.1568740878@localhost> <33fd71b9-cb6f-28c0-8182-7f2b71d5db24@cs.tcd.ie> <3a26dc442a3b4dce801cb9dfe909386f@PMSPEX05.corporate.datacard.com> <698c840c-221a-a110-55e9-4c4bd94e7bd8@cs.tcd.ie> In-Reply-To: <698c840c-221a-a110-55e9-4c4bd94e7bd8@cs.tcd.ie> From: Phillip Hallam-Baker Date: Wed, 18 Sep 2019 08:08:55 -0400 Message-ID: To: Stephen Farrell Cc: Mike Ounsworth , Michael Richardson , "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="0000000000002d44b50592d2b489" Archived-At: Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 12:09:10 -0000 --0000000000002d44b50592d2b489 Content-Type: text/plain; charset="UTF-8" +1 It looks fairly certain that PQ algorithms will either be a drop in replacement requiring no changes or require so much change that PKIX is pretty much irrelevant. We are not going to be using a Kohnfelder architecture to support a PKI based on stateful signatures. The two technologies we are going to need to revisit are Needham-Schroeder (e.g. Kerberos) and Haber-Stornetta (e.g. Blockchain) We do have some experience with BlockChain type technologies. Certificate Transparency for one. But I don't feel like trying to build on top of that so I wrote a separate BlockChain type technology for the Mathematical Mesh which is basically Merkle Tree in JSON using JOSE as the crypto base. It also builds in some of the same ideas from SAML. The latest draft is here: http://mathmesh.com/Documents/draft-hallambaker-mesh-dare.html This is not designed as a PQ infrastructure but it does have some (much?) of the infrastructure that you would want for building blocks for PQ. On Tue, Sep 17, 2019 at 5:17 PM Stephen Farrell wrote: > > Hiya, > > On 17/09/2019 21:30, Mike Ounsworth wrote: > > > > It sounds like what you're proposing will end up lining up with the > > still-yet-to-be-defined solution of "just use multiple cert chains", > > Nope, sorry for being unclear. I'm coming around to arguing to > not bother with using x.509 at all any weird new PQ stuff, (like > stateful sigs or where values are big enough to cause protocol > problems in places x.509 is currently used), and to definitely > not embed multiple key/alg stuff inside x.509. Existing x.509 > libraries could then continue to be used really unmodified (so > no change to what's often pretty flakey cert validation logic, > only crypto APIs) with current algs or where some PQ alg reall > fits the current model well enough. In addition, I'd argue to > wait 'till NIST are done to start in any detailed way. Hope > that's clearer. > > Cheers, > S. > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > --0000000000002d44b50592d2b489 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
+1<= br>

<= div class=3D"gmail_default" style=3D"font-size:small">It looks fairly certa= in that PQ algorithms will either be a drop in replacement requiring no cha= nges or require so much change that PKIX is pretty much irrelevant. We are = not going to be using a Kohnfelder architecture to support a PKI based on s= tateful signatures.

The t= wo technologies we are going to need to revisit are Needham-Schroeder (e.g.= Kerberos) and Haber-Stornetta (e.g. Blockchain)

We do have some experience with BlockChain type tec= hnologies. Certificate Transparency for one. But I don't feel like tryi= ng to build on top of that so I wrote a separate BlockChain type technology= for the Mathematical Mesh which is basically Merkle Tree in JSON using JOS= E as the crypto base. It also builds in some of the same ideas from SAML.

The latest draft is here:<= /div>

http://mathmesh.com/Docum= ents/draft-hallambaker-mesh-dare.html

This is not designed as a PQ infrastructure but it doe= s have some (much?) of the infrastructure that you would want for building = blocks for PQ.
=

=

= On Tue, Sep 17, 2019 at 5:17 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

Hiya,

On 17/09/2019 21:30, Mike Ounsworth wrote:
>
> It sounds like what you're proposing will end up lining up with th= e
> still-yet-to-be-defined solution of "just use multiple cert chain= s",

Nope, sorry for being unclear. I'm coming around to arguing to
not bother with using x.509 at all any weird new PQ stuff, (like
stateful sigs or where values are big enough to cause protocol
problems in places x.509 is currently used), and to definitely
not embed multiple key/alg stuff inside x.509. Existing x.509
libraries could then continue to be used really unmodified (so
no change to what's often pretty flakey cert validation logic,
only crypto APIs) with current algs or where some PQ alg reall
fits the current model well enough. In addition, I'd argue to
wait 'till NIST are done to start in any detailed way. Hope
that's clearer.

Cheers,
S.
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.= org
https://www.ietf.org/mailman/listinfo/secdispatch
--0000000000002d44b50592d2b489-- From nobody Wed Sep 18 16:34:03 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CE251200B5 for ; Wed, 18 Sep 2019 16:34:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.203 X-Spam-Level: X-Spam-Status: No, score=0.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, MALFORMED_FREEMAIL=1.103, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id foQyRfu8v7Z0 for ; Wed, 18 Sep 2019 16:34:00 -0700 (PDT) Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 528061200B3 for ; Wed, 18 Sep 2019 16:34:00 -0700 (PDT) Received: by mail-oi1-f182.google.com with SMTP id i16so1161326oie.4 for ; Wed, 18 Sep 2019 16:34:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=/NYrCULYcdORqOIzwpqsBCMJFc5ccU1PjPm8OxDiCfA=; b=dq7h0hgPpo7lKl+PsWK+RWIB181r6h5ylCWNav9J+C3fH5ZGfdID85mp1U2u5H3Mmu xS7A/8IKhUH1Es1OCz54mDaiV8zAPqA8t5ofyquvyKtb4gmSKVm2x5xhkMMB/bTD/SB6 jXpLgkVc5z2jX+KKmo5BzihnVSBwKygks6k79bK1+4d4cqaYIb3fA5R/ul5VQfhkm3TT CX861VNeA78fNVr3CuU6oejb5dOwfDri+FQgV/r/DVLOz25DljQKJa4cQ/rJpe8rWpxq M0Kr84BN4NAHuyaRAYPgxFYOmD3SZYBKmBX/D49qPaYqmOGwX7U84fqMEP9vLRh3ocJe LgwA== X-Gm-Message-State: APjAAAW0si744FxavwwWncQigBp3cD5dxBsIaf3XGcvIKEAEw0vtSTXK vkDWmq/sc5kHX5ewCLzz5/ZlUm0LXXDYj/9sbEA0nA== X-Google-Smtp-Source: APXvYqy6zqZD+2D25leV2M4qDaJfuo5ihGhdbFNE71kBT6p9mCop1WbbrJuY0oUtonvMn2n8TbS6oOHwCZP8D9tguvI= X-Received: by 2002:aca:c458:: with SMTP id u85mr345943oif.100.1568849639249; Wed, 18 Sep 2019 16:33:59 -0700 (PDT) MIME-Version: 1.0 References: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> In-Reply-To: <2e753a7983bf40b490b4fcbb75550da3@PMSPEX05.corporate.datacard.com> From: Phillip Hallam-Baker Date: Wed, 18 Sep 2019 19:33:46 -0400 Message-ID: Cc: "secdispatch@ietf.org" Content-Type: multipart/alternative; boundary="000000000000741ceb0592dc4537" Archived-At: Subject: Re: [Secdispatch] Problem statement for post-quantum multi-algorithm PKI X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2019 23:34:02 -0000 --000000000000741ceb0592dc4537 Content-Type: text/plain; charset="UTF-8" OK, so yes, I have to finish the Mesh before I start on anything new. But I do think I can solve a few of the use cases raised with the technology I developed for the Mesh and in particular the question of how to manage an embedded device. Recall that a few years ago, I proposed a scheme 'omnibroker' that was a delegated trust service. If device X wants to connect to party Y via protocol Z, it asks the omnibroker and back come all the crypto parameters required. In the TLS case it would get back an IP address, port, cert path and OCSP token. The omnibroker could in principle perform the actual key exchange and pass back a Kerberos ticket to the client in response to the request. So what we have here is a point of leverage. Alice deploys her $20,000 worth of IoT devices into the walls of her new mansion. They each connect to her personal Mesh Service which provides them with the necessary credential to communicate with her personal Omnibroker. That credential could be a Kerberos like ticket meaning that the device to Omnibroker connection is QCR. If it becomes known that a Quantum Computer of appreciable size has been built, all Alice needs to do is to drop in a new Omnibroker service that can support the new modes of interaction, new Quantum Resistant algorithms and so on. So she has to make a $100 (or less) upgrade instead of a $20,000 one. This is not going to solve every problem of course. It is not going to allow a constrained device to be put onto the Internet. But I still consider that a silly idea. In the age of the $5 PiZero, constrained devices should have connections that are mediated by decently performant devices. Again, this is not a line of research that is currently my top priority. If someone wants to make it my top priority, there is a protocol for that. My current priority is to solve the three problems I see as critical for deploying the last generation of end-to-end crypto: Provisioning every device with a private key pair, publishing the corresponding public keys in a useful fashion and protecting data at rest. --000000000000741ceb0592dc4537 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
OK,= so yes, I have to finish the Mesh before I start on anything new. But I do= think I can solve a few of the use cases raised with the technology I deve= loped for the Mesh and in particular the question of how to manage an embed= ded device.
Recall that a= few years ago, I proposed a scheme 'omnibroker' that was a delegat= ed trust service. If device X wants to connect to party Y via protocol Z, i= t asks the omnibroker and back come all the crypto parameters required. In = the TLS case it would get back an IP address, port, cert path and OCSP toke= n.

The omnibroker could i= n principle perform the actual key exchange and pass back a Kerberos ticket= to the client in response to the request. So what we have here is a point = of leverage. Alice deploys her $20,000 worth of IoT devices into the walls = of her new mansion. They each connect to her personal Mesh Service which pr= ovides them with the necessary credential to communicate with her personal = Omnibroker. That credential could be a Kerberos like ticket meaning that th= e device to Omnibroker connection is QCR.

If it becomes known that a Quantum Computer of appreciable= size has been built, all Alice needs to do is to drop in a new Omnibroker = service that can support the new modes of interaction, new Quantum Resistan= t algorithms and so on. So she has to make a $100 (or less) upgrade instead= of a $20,000 one.

This i= s not going to solve every problem of course. It is not going to allow a co= nstrained device to be put onto the Internet. But I still consider that a s= illy idea. In the age of the $5 PiZero, constrained devices should have con= nections that are mediated by decently performant devices.

Again, this is not a line of research th= at is currently my top priority. If someone wants to make it my top priorit= y, there is a protocol for that.

My current priority is to solve the three problems I see as critica= l for deploying the last generation of end-to-end crypto: Provisioning ever= y device with a private key pair, publishing the corresponding public keys = in a useful fashion and protecting data at rest.
--000000000000741ceb0592dc4537-- From nobody Mon Sep 23 09:03:08 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02F10120137 for ; Mon, 23 Sep 2019 09:03:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.916 X-Spam-Level: X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHxvNHPkbLob for ; Mon, 23 Sep 2019 09:03:03 -0700 (PDT) Received: from mail-ot1-f50.google.com (mail-ot1-f50.google.com [209.85.210.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A453212013A for ; Mon, 23 Sep 2019 09:03:03 -0700 (PDT) Received: by mail-ot1-f50.google.com with SMTP id c10so12563536otd.9 for ; Mon, 23 Sep 2019 09:03:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=KcGH+wF/439oLXsiON31LVVZVfx3Ebaskg9aVCeo+GU=; b=QQ++CJzN2aYt8hf/s4YKEJKvozFjWOqXK+NiA8FEWMijeA6jCpIe/RNMEpsLqjFYKo jbJYEaayRBv3+iS9SBzXQD+zp9hQKf7nliOEjaZHGWo0GiuvHA2BnTb8Ht9HE30YAUX7 4B3Fhl6IMuCTqLEcqyIREAkHVxHQF96EKXCJ3NSk6Lf24+t6CNNQiHIEiNnXLGldYrKj scEE1u0qE8cHj6ZhwjWsVBsgpKIl11Ja37oGex54alpNyUVNyAInOpdYaij7V6TEp7dd Q7/6utriNMMUV2+wh87Gqo2Pi6iJNUGa1I/uQGxL31H4K+ooXs04ogsAtUH28gsQrU1c QeHQ== X-Gm-Message-State: APjAAAWFMc/ZmFVaeyjklngoZVORPKJpwnEKAS5NKN/hSygwMFNkwKeE D41PlQxHSLrdFwjeFOZ4C/Dgk104HUQhJSQ7Jo/13k2/ X-Google-Smtp-Source: APXvYqzX5jK7CeGWILJ/K9pofV5j9GP6Xxi4bAogjtS8317DIpN+5kFo4sf3WpwltqVBFnfh1YAy1ImcEtCySxd4M6g= X-Received: by 2002:a05:6830:14c5:: with SMTP id t5mr501938otq.112.1569254582229; Mon, 23 Sep 2019 09:03:02 -0700 (PDT) MIME-Version: 1.0 From: Phillip Hallam-Baker Date: Mon, 23 Sep 2019 12:02:51 -0400 Message-ID: To: IETF SecDispatch Content-Type: multipart/alternative; boundary="000000000000ef9f8e05933a8d4d" Archived-At: Subject: [Secdispatch] Quantum Resiliant X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Sep 2019 16:03:06 -0000 --000000000000ef9f8e05933a8d4d Content-Type: text/plain; charset="UTF-8" We have a lot of interest in building PKI architectures that are secure against quantum cryptanalysis. I see three different levels at which this can be achieved. Class 1: The system uses a quantum cryptanalysis secure public key algorithm that provides all the same capabilities as traditional public key algorithms. Class 2: The system uses symmetric key based security with a significant impact on capabilities as it is only possible to establish trust after first establishing a shared secret. (e.g. Kerberos, Lamport signatures). Class 3: The system is a traditional PKI modified to mitigate the consequences of quantum cryptanalysis without modifications that significantly affect traditional use. (e.g. use of hash chain notary to protect signatures, use of shared secret KDF mixins). As a field, we have to explore all three. And it might well be that the short term interest is in the last. For protocol designers like myself, the class 1 is not an interesting problem and won't be until we know how quantum resistant public key algorithms differ from traditional PKI. We are assuming that the problem is solved without the need for any protocol re-engineering or with minor tweaks. Class 2 presents some very interesting challenges as Lamport signatures are statefull so we need a way to manage the state. Another approach that could be interesting is to attempt a federated version of Kerberos. CAs become Kerberos ticket granters. So lets say I am trying to contact Amazon.com, I do this using a ticket I have acquired from TicketCo which has a shared ticket with both of us. Easy! OK, but how do I establish that shared ticket? Well I am going to have to meet each CA in person or rely on some sort of federated introduction infrastructure and we end up with multiple inputs to KDFs or Shamir secret sharing and the like. Class 3 looks like it is the least interesting but it is the new 'constrained device' case for PKI and that makes it a fascinating challenge as you have to provide as much quantum security in the context of traditional PKI approaches. --000000000000ef9f8e05933a8d4d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
We = have a lot of interest in building PKI architectures that are secure agains= t quantum cryptanalysis. I see three different levels at which this can be = achieved.

<= /div>
Class 1: The sy= stem uses a quantum cryptanalysis secure public key algorithm that provides= all the same capabilities as traditional public key algorithms.

Class=20 2: The system uses symmetric key based security with a significant impact o= n capabilities as it is only possible to establish trust after first establ= ishing a shared secret. (e.g. Kerberos, Lamport signatures).

Class=20 3: The system is a traditional PKI modified to mitigate the consequences of= quantum cryptanalysis without modifications that significantly affect trad= itional use. (e.g. use of hash chain notary to protect signatures, use of s= hared secret KDF mixins).

As a field, we have to explore all three. And it might well be that the sh= ort term interest is in the last. For protocol designers like myself, the c= lass 1 is not an interesting problem and won't be until we know how qua= ntum resistant public key algorithms differ from traditional PKI. We are as= suming that the problem is solved without the need for any protocol re-engi= neering or with minor tweaks.

Class 2 presents some very interesting challenges as Lamport signature= s are statefull so we need a way to manage the state. Another approach that= could be interesting is to attempt a federated version of Kerberos. CAs be= come Kerberos ticket granters.=C2=A0

So lets say I am trying to contact Amazon.com, I do this using = a ticket I have acquired from TicketCo which has a shared ticket with both = of us. Easy! OK, but how do I establish that shared ticket? Well I am going= to have to meet each CA in person or rely on some sort of federated introd= uction infrastructure and we end up with multiple inputs to KDFs or Shamir = secret sharing and the like.=C2=A0

Class 3 looks like it is the least interesting but it is the new= 'constrained device' case for PKI and that makes it a fascinating = challenge as you have to provide as much quantum security in the context of= traditional PKI approaches.
--000000000000ef9f8e05933a8d4d-- From nobody Sun Sep 29 16:07:40 2019 Return-Path: X-Original-To: secdispatch@ietfa.amsl.com Delivered-To: secdispatch@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A0251200FB for ; Sun, 29 Sep 2019 16:07:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0JR3dLzS2Wf for ; Sun, 29 Sep 2019 16:07:37 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A8F120073 for ; Sun, 29 Sep 2019 16:07:36 -0700 (PDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 223B83897D for ; Sun, 29 Sep 2019 19:05:37 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 91176373 for ; Sun, 29 Sep 2019 19:07:35 -0400 (EDT) From: Michael Richardson To: IETF SecDispatch In-Reply-To: References: X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Secdispatch] Quantum Resiliant X-BeenThere: secdispatch@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Security Dispatch List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Sep 2019 23:07:39 -0000 --=-=-= Content-Type: text/plain Phillip Hallam-Baker wrote: > Class 2 presents some very interesting challenges as Lamport signatures > are statefull so we need a way to manage the state. Another approach > that could be interesting is to attempt a federated version of > Kerberos. CAs become Kerberos ticket granters. > So lets say I am trying to contact Amazon.com, I do this using a ticket I > have acquired from TicketCo which has a shared ticket with both of us. > Easy! OK, but how do I establish that shared ticket? Well I am going to > have to meet each CA in person or rely on some sort of federated > introduction infrastructure and we end up with multiple inputs to KDFs or > Shamir secret sharing and the like. What's the business model for TicketCo? While it might be declassez to ask such a question at the IETF, we do need to understand where TicketCo's incentives are, in order to know if they are aligned with the user. We need to know in order to answer privacy and security questions. And also to know how it is that such an entity could come to exist at all. It seems like it might have to wind up as a sunk cost for Enterprises, ISPs and other Institutions. DNS registrars? The existing Certificate Authority "cabal^H^HFORUM"? Otherwise, it's gonna be facebook, google, amazon, apple, etc. (We clearly need a TLA for this "group". See below) Google could do this unilaterally today, leveraging Chrome and their WebMaster interface. Unilaterally sounds dark; someone could repaint this as permissionless innovation if they prefer :-) (A few rounds of AES256 has got to be faster than ECDSA operations) A bitter-sweet point about this is that clearly governments/spy-agencies would like to operate TicketCo, because it potentially gives them the power they have always wanted, but math has denied them. Bitter-sweet: looking to the RCMP to rescue me from hegemony of Apple/Facebook/Amazon/Google/Others) (AFAGO? AGAFO? OFAGA? OGAFA?) -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl2ROTcACgkQgItw+93Q 3WXLbgf9E4/UTUPIL+7L+/3hz7XE04PVrqM7LwXHnb9VzSL44870T18JXG43Tc85 Jj1iKjtmdpfolM0pd39vXR25Pd49JgsO0lxy/5Vo4JivK0luY2uqZzl5UwtUPYLZ SujtaLyyaVntX06ov3IXf2v5zPBzrkGDHf2cjefG8Oc6xoE5aBrLkMLh0ZdXhMHn TTpH4A5R0FFCMsACElKcMGZQOjw4ijiHA089rFmgP9i3QvYxv/14ylp/dsy2JAjR 4IaWonNQ7OQrfsaZhdR3KFT8XYkrUnzUosvUHjG6En7T+fZr4BsNTHbsRucHMjMU +QL2pCt2cex5STCMtYhYWblIaLVbBQ== =E3gb -----END PGP SIGNATURE----- --=-=-=--