Alicja Kario (@mention me if you need reply) created an issue:
https://gitlab.com/gnutls/gnutls/-/issues/1625
It looks like the current configuration format isn't able to support all of the
following user stories:
- US1: I want to use CC-compatible policy, don't want to depend on P-256 for
anything, I need hybrids with P-384 or certificates with P-384
- US2: it's far future and ECC is broken by CRQC, but the hybrid key exchanges
are widely deployed, so I don't want to trust ECC for signatures but I'm OK
with it hybrid key exchanges and signatures
(no ECC for certificates, only as part of hybrid)
- US3: I want to test deployment of PQC, I want to enable hybrid algorithms now
- US4: It's far future, and only pure algorithms are relevant/allowed by
regulations, I don't want any hybrid or ECC enabled
- US5: only hybrids and pure are allowed and the other peer only speaks hybrid
Problematic case: PQ world, we don't want to accept a ECC-only cert, but we're
fine with ECC as part of hybrid
Solution 1: don't disable hybrid schemes if hybrid scheme is allowed even if
one of the underlying primitives is disabled
- confusing, counterintuitive for a setting supposed to disable the primitive
Solution 2: separate control for curves used in certs, similar to what we have
for signatures
Solution 3: have the values in a new option (curve-for-pkix?) actually affect
what signatures/curves are allowed for _every_ signature in the certificate
chain with the ECDSA — issue: the algorithm IDs in TLS don't create a hard link
between hash algorithm and curve for certificate signatures. Only for ECDSA,
not EdDSA or post-quantum (curve primitive is enabled, pkix - disabled, groups
- disabled => pkix disabled, hybrid enabled, direct usage of primitive is
enabled)
- Alex Sosedkin: if secure-sig-for-cert *relaxes* secure-sig (does it?), but
curve-for-pkix relaxes secure-curve, that'd be inconsistent
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnutls/gnutls/-/issues/1625
You're receiving this email because of your account on gitlab.com.
_______________________________________________
Gnutls-devel mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
