lamps-wg / draft-composite-sigs

IETF Internet-Draft about X.509 certificates with composite keys and signatures.
Other
3 stars 1 forks source link

We should be clear about which non-separability level we acheive #27

Closed ounsworth closed 1 month ago

ounsworth commented 4 months ago

Add a reference to draft-ietf-pquip-hybrid-signature-spectrums, and be clear (possibly with a full security consideration section) about which level this is achieving.

ounsworth commented 4 months ago

Potential text:

Inclusion of a composite signature algorithm OID inside a signed message achieved “Weak Non-Separability”, but that when you consider that within PKI, the verifier has the verification public key within a certificate, and that re-use of public keys between composite and non-composite certificates is forbidden, then all together this achieves “Strong Non-Separability”. We are in discussions with Dr. Hale about whether “Simultaneous Verification” can be achieved in this draft; the complexity is that most SV techniques require merging the two algorithms in such a way that you can’t use, for example ECDSA from your existing codebase and ML-DSA from OpenQuantumSafe, but instead you have to write new code for the merged composite algorithm. This would also invalidate any existing FIPS / CC certifications of the existing traditional algorithm code, and being able to leverage existing certified code in the transition is a primary goal of composite.

johngray-dev commented 1 month ago

Extensive text in the Security considerations section was added regarding non separability. This issue is resolved.