On 24.06.21 17:40, Daniel Kahn Gillmor wrote:
... I'm a little surprised
to see the BSI simultaneously proposing standardization of PQ schemes in
OpenPGP *and* advocating for implementation of a specific scheme. I'd
expect the standardization to involve selecting which PQ scheme(s) seem
reasonable for the context, rather than pre-determining the scheme for
use. ...
The call mentions that the NIST standardization isn't done, so
apparently they intend to follow the NIST recommendations.
They also say, the project's cryptographic design should consider
crypto-agility and hybrid solutions. They describe a hybrid solution as
a conbination of a PQ method with a classic asymmetric method.
Maybe this means they're asking for a solution that implements the
specific CRYSTALS-* method, but in addition be prepared for alternative
algorithms as well?
I found that in section 1.3 of document 02
(Vergabeunterlagen/02 - P480 - Leistungsbeschreibung - Offenes Verfahren
v1.0.pdf)
from https://www.evergabe-online.de/tenderdocuments.html?1&id=397181
Maybe it would be necessary for applications to ask for clarification.
(As noted in the other posts to the Thunderbird planning list, all
questions need to be asked in German via the BSI project site. And in
order to ask questions, it seems necessary to register as an interested
party for the project.
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp