Hi Kai,
My only concern at this point in time would be the question of what PQC
methods to include? Right now there are still way too many choices, and
there is an expectation that NIST will reduce those choices over the next
2ish years. So does it pay to do the work now, or perhaps wait a bit for
Round 3 to finish, before we potentially add methods?
-derek
On Thu, June 24, 2021 9:52 am, Kai Engert wrote:
Hello,
I'd like to make you aware of a project call by the German BSI (a
federal agency for IT security), which was brought to my attention.
I've posted some information on it on the Thunderbird planning mailing
list, see the following thread, which has multiple messages from me:
https://thunderbird.topicbox.com/groups/planning/T5abbf135db2f3c1c/the-german-bsi-intends-to-sponsor-pqc-improvements-for-openpgp-in-thunderbird
In my understanding they intend to pay a contractor for a wide set of
tasks to bring PQC to Thunderbird, including the work to standardize the
use of PQC with OpenPGP, including implementations for RNP, Botan, GnuPG
and libgcrypt.
It seems the BSI has already made a suggestion that they want to require
the use of CRYSTALS-Kyber and -Dilithium.
Is that a reasonable choice?
Does it make sense to define a limitation to these methods at this point
of time?
Thanks
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp