ietf-openpgp
[Top] [All Lists]

Re: [openpgp] German BSI, PQC for OpenPGP in Thunderbird,

2021-06-24 10:41:16
Thanks for the heads up about this, Kai!

On Thu 2021-06-24 15:52:06 +0200, Kai Engert wrote:
I've posted some information on it on the Thunderbird planning mailing 
list, see the following thread, which has multiple messages from me:

https://thunderbird.topicbox.com/groups/planning/T5abbf135db2f3c1c/the-german-bsi-intends-to-sponsor-pqc-improvements-for-openpgp-in-thunderbird

In my understanding they intend to pay a contractor for a wide set of 
tasks to bring PQC to Thunderbird, including the work to standardize the 
use of PQC with OpenPGP, including implementations for RNP, Botan, GnuPG 
and libgcrypt.

I appreciate your providing an English summary of the call for
contractors.  I'm glad that the BSI is interested in this topic -- i am
too, though i share Derek's concerns about whether standardization is
premature given the state of PQ cryptanalysis.  I'm a little surprised
to see the BSI simultaneously proposing standardization of PQ schemes in
OpenPGP *and* advocating for implementation of a specific scheme.  I'd
expect the standardization to involve selecting which PQ scheme(s) seem
reasonable for the context, rather than pre-determining the scheme for
use.

If we can get the crypto refresh done relatively soon, it would be a
great way to demonstrate that we are ready as a community to figure out
how to get PQ mechanisms mixed into OpenPGP.  And, as the thread from
earlier this week discussed, one of the ways that we're likely to see
proposals for PQC to work would be to have multi-key combinations -- so
that we don't introduce a relatively new algorithm that makes things
weaker than the established traditional asymmetric crypto; this
requires some nuance and planning that are not part of the simple
"crypto refresh" mandate we have right now.

I'd welcome the BSI to send their own members (and/or delegates) to the
WG to talk about their goals and plans, but i'd hope it wouldn't
interfere with the current chartered work.

          --dkg

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp