From nobody Thu Feb 10 09:13:32 2022
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFBFE3A0E37; Thu, 10 Feb 2022 09:13:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.677
X-Spam-Level: 
X-Spam-Status: No, score=-7.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NoKZCtvPskFD; Thu, 10 Feb 2022 09:13:25 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40063.outbound.protection.outlook.com [40.107.4.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 603C33A0F42; Thu, 10 Feb 2022 09:13:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g89yVsMF1T8pgG6eahHsO0bevGFyQcsiMWSyrDRBwJtsTNBaFzT1ku75eJUdY0UNSySLkIxQokw82rEQZN1mRhGquA+uIvdqAKBPvvwWhmro482BiNIqPZNqO99+O4FhfM+8lxtrdrNrMHM8f9iZg3Sdh/enJBUhW58OtuLVisRYUYdybs2lgMS5GSJBNoPQMtj3erWsgIyC5pz2if0j1Z5Zc4GFh4y7ADrYbO8CCLIlaQtrb5+FhyH7BiomOnv72GF+GqGwJBZ/YRCZ+BYE+ov9XlQb+gb9O1cYGlgk4qFyBfk4M5MqBrdvHRo+i7jXobu7JvLVHMelmqCarMX6yg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ow8RHGbSChg0A7qhwQeRfYlsYMugvoOcQ9DvYJf4vLY=; b=XqyJaaUxnjLTeQzGoBQAQpu1dFQCk/FgQ0AB2kiLNV+/LWxHrSd0NDCgSVBrqKeoeIb0ffZdvrIIFAd0ZFXL+zwtMKKaK7s+xwMDxC2olcBGjch7T3lrfl9QCU9yAlxjH4DfGkerTu9K935BXGxZ8Oa/KLUgJh6c6nucMqdLIAmPpq0W0sxmlfZyNqPYcs6lDzsrKYZe6joIn+iNLq6mnln/wKCiilGPiRdtb6yrQz3FXtMQhC9RjiPYtZFRkvJQid+yjdo0ckizazw4xr8XxokZ/1kKQKt/mCLOszkXBeRypUH4OzdZ1bBaL5X9zP39B3kLxkE+NjFoKhlCxLqPCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ow8RHGbSChg0A7qhwQeRfYlsYMugvoOcQ9DvYJf4vLY=; b=E8cArHBWHBMAnDnSi1nsTOVy53OL8Uvhk8qkYZKZHfyPsGR5WdA/N1JbY5Qw1mXRFkl88vOS1JzkQ+mq1Kd+54v36uzYE74+ngcgoqteCQCar/hjZl3wzvS9fQEa7jwEUl4Uj/X0oniBm9qNA6WEYfwN92603o2LSxbP9ezFNDs=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by DB7PR07MB6012.eurprd07.prod.outlook.com (2603:10a6:10:37::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.10; Thu, 10 Feb 2022 17:12:52 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::b1e2:6c17:3ba8:9fdc]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::b1e2:6c17:3ba8:9fdc%5]) with mapi id 15.20.4995.006; Thu, 10 Feb 2022 17:12:52 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "dispatch@ietf.org" <dispatch@ietf.org>, "saag@ietf.org" <saag@ietf.org>,  "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secret] Secure Credential Transfer (secret) BOF Virtual Meeting: 2022-02-10
Thread-Index: AQHYEttrGDmcw5z0QkCuZIEBWQK9xayNHCMw
Date: Thu, 10 Feb 2022 17:12:52 +0000
Message-ID: <HE1PR07MB421725F4BC460ED0873AF5FA982F9@HE1PR07MB4217.eurprd07.prod.outlook.com>
References: <164321863329.27385.6340387845625300575@ietfa.amsl.com>
In-Reply-To: <164321863329.27385.6340387845625300575@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0b0aadd1-bb1d-46c0-1e05-08d9ecb89289
x-ms-traffictypediagnostic: DB7PR07MB6012:EE_
x-microsoft-antispam-prvs: <DB7PR07MB601202073CC8E266476A533D982F9@DB7PR07MB6012.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AddXQz/Y2DgU7Rwem8bQN10kACajmyqBxfDGcpErUb0yu7vR28lKYpb+mg3Ms16VZWHCjjb4cFutxOdqYyjR19lV82cJ9y1fCw1FbsGMk3/tLA17hK+Ser2AELZwWDxF636DO38XhDdlJL1P/uUGXs4b3mZTJ6Yx2y8EhpWihxKnxCkrYZipT9aFD1M6BtGlfkIRyRLY+Jji1jQ4ma6amt0/yiDMTck+YVYhBvoCAdFoi38bLjDGFjGtYxhspVj7vi80ksbySiknvj0TQVs7M7Go4yr1UKdHVxcLQD6aQ57I8cMP1Z5dSN09LfdITxNDPJoulBFCoQOj6BmEPRoMhhzHUrK19WMRDlM1Bs/eYDn51nz2e883L24VxAfDijKFy/CRejap1kf+5I+sr4S9Y97YkSSOoXNC08eyAZDX/P14yWQkl8mRX7U9aO35eHuug8nQKEOHlDz++Tw88aSrrmy5JCQilhsMwm3E/i2HEhptSX0L+ZQszRAhmDUDaLEVizvqBMqzM/S/1/f0QLh/Z/FXWvX/YOTIb2wkI7KOAsoDeSoKcv2yit/adRMUbAEqt9GvqjqnWSQHn8mwC/G50GJcDVOz12nOj8j6ILrHO7N/KGGM54QkLRVPu5/0HIgt+doG1L/Vkj8wMe7U8juorZSaosFQjLFX2hHmG3dL9J+dTXaZ6BYouWiZhFfMnVUf9LNpjb8/t66Oh/dhoEJY6YoJDbYpKdjWrmcjGu/XRarZ8CBQqUON3QNXBCDBQYIwm2yyZPFYwcEgQZEI9fQah1u19YlnotiikDeYTRnbm+MSHt4mUr2O+gNdrmfuaS/5LDq9QNDbKxU3TIXqz6FL/bzjl2/hPT04z8RGMqPUyj8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE;  SFS:(13230001)(4636009)(366004)(55016003)(38070700005)(966005)(186003)(5660300002)(122000001)(82960400001)(110136005)(316002)(53546011)(450100002)(71200400001)(33656002)(83380400001)(2906002)(166002)(38100700002)(64756008)(76116006)(8676002)(8936002)(86362001)(508600001)(66946007)(6506007)(52536014)(7696005)(44832011)(9686003)(66556008)(66446008)(66476007)(91956017)(219293001); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?zcOBpsUOrgbDYxX0YmOu7kvVn1Il8ys/qtVHpAb8SFELiSU4lGHjlPYL?= =?Windows-1252?Q?WAREgndYKV6iG5A4GJPbVciIBFZ7Th6fhS29rdf9hDTGmCAS3jm2ck2a?= =?Windows-1252?Q?TQwsfR/J++poCmKXdnsAyAvX6NK+eO5SC+q3aGHjw7xSVFbZRQJN6kJp?= =?Windows-1252?Q?9aTOtrucsfp6r9ohwZ5xFH9SoY24DRB54r/zUicbiPA+V9LqBisl5CVr?= =?Windows-1252?Q?xhbbDy4xgKzK5oJbWCUiyAGultsMQ86MFNj8tph4EzLHTtmIiO8U/JnE?= =?Windows-1252?Q?61hq3B7A5QVhX9l2Q7GLfEgUYM4cdw3lrqy72PoVyVh1s+ZQ1Fd+5OZM?= =?Windows-1252?Q?vMGqEGbnYBMdSGVdfD/71+LaM99BOUudxI9kGf6oeyM0CCLAEhnAtoKf?= =?Windows-1252?Q?wWFpDjqhSUPxmBHiPW0hXP4oixyhZM8znJYaVqEUO9PTIRl+iuF08skk?= =?Windows-1252?Q?uveay9H43kbgw4hwitMnlec6Y4Qny9Qj6MyJgysZa2i3tuX9/RHtl4Hw?= =?Windows-1252?Q?0hsOlfPClby2wxaW9OnmxuAWX8CIzJ52Q8vBWBh9KQS69ahr25MMFJLc?= =?Windows-1252?Q?FIwHaLLg0GI87QzSxvTRh8mgD/dGOa4TqtNSudoHLqJd28Hgb/Bk7cTK?= =?Windows-1252?Q?AKN8aS1wPkGZ96FRc9O19Yve4rpx4s4tw41DoQdhTLFH+9rMl2YKOy8o?= =?Windows-1252?Q?OPFaLRc1TWfTixlv0IYP6rZ/nVze6KDSbYN5PA0HRt7muHGFmLa2Y39D?= =?Windows-1252?Q?Gf4tSBMylw3B5tpXGHuEFARc+DUL0j6Uijee/GJLXTogtTFbITrynSZh?= =?Windows-1252?Q?HD5EB08Wcr4jzkSMewmzpBWbWOJvGEcHMtLOqFlpT+OvlQHi5h6JlHii?= =?Windows-1252?Q?68qSxPnaMgjYeXD78FaEx7NI3cTzruD9Q9AFBspHV9ZLAkq2QgkLBMyl?= =?Windows-1252?Q?HUCtEck1Six0uq8yn78YNgvnMylvzGJBiWbxc/MHFN4dDUdKAB87GBpf?= =?Windows-1252?Q?40lYQScgPc5bScvX3oE5JTtFz9kp6VLzTdejpmyuFwKQjLR3lQ/Oyxt2?= =?Windows-1252?Q?YqP2ORdgfC6l47i0ZXP30o0LSXNDg6wbiKJnNtYWSh/O9u8zT3uxxKPZ?= =?Windows-1252?Q?TV23Wa7tJN/v4U1qNlrpjSVwTNMkyR2Sjc99MFDnFmPysFhz7PpaMgsv?= =?Windows-1252?Q?ewSIbnGdMUQCE9QK55Zec5EzuoqZFWdxCAjk9gpuB/uKCEKvlMY2U5q/?= =?Windows-1252?Q?mEll/v9pmGG1Vr8pG6r+jaOYiiseaIr656hn78wIcYNIjUwnfbbN6UiD?= =?Windows-1252?Q?zF+DwNzA2L9YXhMMy1iWToloyEL6xcu7+CD0vpoYOQSa68Rp9+u1pvZg?= =?Windows-1252?Q?ACgmGtODBwKhsRAq1yk1ZeKaeNFy/oXk5cfE/usCi8A753we59Ly9F04?= =?Windows-1252?Q?lurBs3y4pn8WehKnFdccj2cekzjSLUjbEL6RU+rMJU/B03uBGw0WCks6?= =?Windows-1252?Q?uQCBpUWD10X7f2QRUb0ztXXpMjCMLOvC9OO3Hnr6BuYX0wkXtpyw7lKc?= =?Windows-1252?Q?h7o2GJ6WfpBO+xNHbQMWTFcMrOx5jKAIamSmOqS2JnMl7eb+SmMVF2pm?= =?Windows-1252?Q?bDuMoh5Vyc7eCye9J20Wndzpy0OvIak/+U312Ny6BZpqLU2Av+skipgX?= =?Windows-1252?Q?m0NwY+scYlWyEBHL+64A/QW/0IdUxiuLwCGcMcrMprbf0Wz1AZkbjjRo?= =?Windows-1252?Q?Q3yxzKOi0dRsLFiVqQd/agwQIfZt1z2vh/v+1vPBkMru5WUyQ6mImgFJ?= =?Windows-1252?Q?UJqB8hWhgDOkwu24PMXH/O0622c0Gp89mkispXTkoIgGn3pgRNaDB4LF?= =?Windows-1252?Q?itwNU/Pn+PYmcpKS1F0zdP8bYiNrzDqov8UsWykNTNUJPuzAbyNmoxH5?= =?Windows-1252?Q?FencpW+A?=
x-ms-exchange-antispam-messagedata-1: Uumxkk9gMlZv2xSmsQD0CveSZS3tAmrSLmw=
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB421725F4BC460ED0873AF5FA982F9HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b0aadd1-bb1d-46c0-1e05-08d9ecb89289
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2022 17:12:52.5139 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Da0xs91QgzV622T0GpTbrmKgLQLqh4PFvzmTA2MdPNVoMk0rP0gkObhpsyDzoQ8mUFGOj9GOF9Kb19lWd55pBfEoB0BdkTYInbNcB4KPo/CNvRt2NQSuo22chjOR7cF9
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB6012
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/MTg1MQl1Qi2ftPh0X7nDCQ2S3Cw>
Subject: Re: [saag] [Secret] Secure Credential Transfer (secret) BOF Virtual Meeting: 2022-02-10
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2022 17:13:30 -0000

--_000_HE1PR07MB421725F4BC460ED0873AF5FA982F9HE1PR07MB4217eurp_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

FYI, happening now.

Francesca

From: Secret <secret-bounces@ietf.org> on behalf of IESG Secretary <iesg-se=
cretary@ietf.org>
Date: Wednesday, 26 January 2022 at 18:37
To: IETF-Announce <ietf-announce@ietf.org>
Cc: secret@ietf.org <secret@ietf.org>
Subject: [Secret] Secure Credential Transfer (secret) BOF Virtual Meeting: =
2022-02-10
The Secure Credential Transfer (secret) BOF will hold a virtual interim mee=
ting on 2022-02-10 from 09:00 to 11:00 America/Los_Angeles (17:00 to 19:00 =
UTC).

Agenda:

    Intro
    Use cases
    Requirements
    WG charter discussion: https://github.com/dimmyvi/secure-credential-tra=
nsfer/blob/main/charter.md
    Conclusion

Draft: https://datatracker.ietf.org/doc/html/draft-secure-credential-transf=
er-03

Information about remote participation:
https://ws.conf.meetecho.com/conference/?short=3Dd1a67502-8fe8-4fc2-bb9b-f2=
e2f4594bb4

The meeting will happen over Meetecho. To join the session, you will need t=
o use your IETF Datatracker (https://datatracker.ietf.org/) login, which yo=
u should create ahead of time if you don't already have one. If you have fo=
rgotten your IETF Datatracker password, you can request a reset (https://da=
tatracker.ietf.org/accounts/reset/). For more information, see the Meetecho=
 guide for participants (https://www.ietf.org/how/meetings/technology/meete=
cho-guide-participant/).

BOF Request: https://datatracker.ietf.org/doc/bofreq-secure-credential-tran=
sfer-bof-request/

Description:

We presented the secure credential draft to Dispatch on Monday of IETF week=
 (2021). There was a lot of interest, but folks asked for additional detail=
 on the problem statement, requirements, and use cases. It was decided that=
 we weren=92t ready to form a WG right away and instead endeavored to sched=
ule a BoF to review the above items prior to forming a WG. The goal is to a=
llow users with secure credentials on their mobile devices to be able to sh=
ares entitlements that these credentials grant to other users. This would b=
e achieved by defining and standardizing a protocol that will facilitate su=
ch credential transfers from individual to individual. The protocol will le=
verage a =93relay server=94 to transfer data from sender to recipient. The =
scope of the transfer is limited to a single origin device and a single des=
tination device. This system does not exist today in a standards-based, cro=
ss-platform and cross-channel capacity. The goal of this BoF is to answer s=
ome of the questions that came up during the Dispatch meeting (such as, why=
 can=92t these credentials simply be lifted and cloned and then sent to the=
 recipient?). We also want to provide additional detail into the applicable=
 use cases, and some of the security and privacy requirements for the solut=
ion. The ultimate goal is to form a WG to discuss the initiative in an ongo=
ing capacity.

--
Secret mailing list
Secret@ietf.org
https://www.ietf.org/mailman/listinfo/secret

--_000_HE1PR07MB421725F4BC460ED0873AF5FA982F9HE1PR07MB4217eurp_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"EN-GB" link=3D"blue" vlink=3D"purple" style=3D"word-wrap:brea=
k-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"mso-fareast-language:EN-US">FYI, happ=
ening now.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-fareast-language:EN-US"><o:p>&nbs=
p;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-fareast-language:EN-US">Francesca=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"mso-fareast-language:EN-US"><o:p>&nbs=
p;</o:p></span></p>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:0cm;margin-right:0cm;mar=
gin-bottom:12.0pt;margin-left:36.0pt">
<b><span style=3D"font-size:12.0pt;color:black">From: </span></b><span styl=
e=3D"font-size:12.0pt;color:black">Secret &lt;secret-bounces@ietf.org&gt; o=
n behalf of IESG Secretary &lt;iesg-secretary@ietf.org&gt;<br>
<b>Date: </b>Wednesday, 26 January 2022 at 18:37<br>
<b>To: </b>IETF-Announce &lt;ietf-announce@ietf.org&gt;<br>
<b>Cc: </b>secret@ietf.org &lt;secret@ietf.org&gt;<br>
<b>Subject: </b>[Secret] Secure Credential Transfer (secret) BOF Virtual Me=
eting: 2022-02-10<o:p></o:p></span></p>
</div>
<div>
<p class=3D"MsoNormal" style=3D"margin-left:36.0pt">The Secure Credential T=
ransfer (secret) BOF will hold a virtual interim meeting on 2022-02-10 from=
 09:00 to 11:00 America/Los_Angeles (17:00 to 19:00 UTC).<br>
<br>
Agenda:<br>
<br>
&nbsp;&nbsp;&nbsp; Intro<br>
&nbsp;&nbsp;&nbsp; Use cases<br>
&nbsp;&nbsp;&nbsp; Requirements<br>
&nbsp;&nbsp;&nbsp; WG charter discussion: <a href=3D"https://github.com/dim=
myvi/secure-credential-transfer/blob/main/charter.md">
https://github.com/dimmyvi/secure-credential-transfer/blob/main/charter.md<=
/a> <br>
&nbsp;&nbsp;&nbsp; Conclusion<br>
<br>
Draft: <a href=3D"https://datatracker.ietf.org/doc/html/draft-secure-creden=
tial-transfer-03">
https://datatracker.ietf.org/doc/html/draft-secure-credential-transfer-03</=
a><br>
<br>
Information about remote participation:<br>
<a href=3D"https://ws.conf.meetecho.com/conference/?short=3Dd1a67502-8fe8-4=
fc2-bb9b-f2e2f4594bb4">https://ws.conf.meetecho.com/conference/?short=3Dd1a=
67502-8fe8-4fc2-bb9b-f2e2f4594bb4</a>
<br>
<br>
The meeting will happen over Meetecho. To join the session, you will need t=
o use your IETF Datatracker (<a href=3D"https://datatracker.ietf.org/">http=
s://datatracker.ietf.org/</a>) login, which you should create ahead of time=
 if you don't already have one. If
 you have forgotten your IETF Datatracker password, you can request a reset=
 (<a href=3D"https://datatracker.ietf.org/accounts/reset/">https://datatrac=
ker.ietf.org/accounts/reset/</a>). For more information, see the Meetecho g=
uide for participants (<a href=3D"https://www.ietf.org/how/meetings/technol=
ogy/meetecho-guide-participant/">https://www.ietf.org/how/meetings/technolo=
gy/meetecho-guide-participant/</a>).<br>
<br>
BOF Request: <a href=3D"https://datatracker.ietf.org/doc/bofreq-secure-cred=
ential-transfer-bof-request/">
https://datatracker.ietf.org/doc/bofreq-secure-credential-transfer-bof-requ=
est/</a><br>
<br>
Description:<br>
<br>
We presented the secure credential draft to Dispatch on Monday of IETF week=
 (2021). There was a lot of interest, but folks asked for additional detail=
 on the problem statement, requirements, and use cases. It was decided that=
 we weren=92t ready to form a WG right
 away and instead endeavored to schedule a BoF to review the above items pr=
ior to forming a WG. The goal is to allow users with secure credentials on =
their mobile devices to be able to shares entitlements that these credentia=
ls grant to other users. This would
 be achieved by defining and standardizing a protocol that will facilitate =
such credential transfers from individual to individual. The protocol will =
leverage a =93relay server=94 to transfer data from sender to recipient. Th=
e scope of the transfer is limited to
 a single origin device and a single destination device. This system does n=
ot exist today in a standards-based, cross-platform and cross-channel capac=
ity. The goal of this BoF is to answer some of the questions that came up d=
uring the Dispatch meeting (such
 as, why can=92t these credentials simply be lifted and cloned and then sen=
t to the recipient?). We also want to provide additional detail into the ap=
plicable use cases, and some of the security and privacy requirements for t=
he solution. The ultimate goal is
 to form a WG to discuss the initiative in an ongoing capacity.<br>
<br>
-- <br>
Secret mailing list<br>
Secret@ietf.org<br>
<a href=3D"https://www.ietf.org/mailman/listinfo/secret">https://www.ietf.o=
rg/mailman/listinfo/secret</a><o:p></o:p></p>
</div>
</div>
</body>
</html>

--_000_HE1PR07MB421725F4BC460ED0873AF5FA982F9HE1PR07MB4217eurp_--


From nobody Sat Feb 12 04:36:36 2022
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC3113A12F9; Sat, 12 Feb 2022 04:36:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.674
X-Spam-Level: 
X-Spam-Status: No, score=-2.674 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gl6szFXPan4U; Sat, 12 Feb 2022 04:36:01 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on061b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::61b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC5713A12FA; Sat, 12 Feb 2022 04:36:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aVSGLILUYnMVjnCVHYz60Mcx1q+nKu+hFAIG2JlbHz0E0ghS+oWG2bMfzLFBoY7fjblZuTaAQh1LRT9hgz7f8GTEld4ZsDyrrpkvo0zxUTdTt2gPIwj2HXBUiGUgd79lpiH19yhBcqUPyg1GExSNEpRqUvY6mzosRALzRv8AxL+RQwsnUVAV9cEmYJ9aqKv9iMLcQjipkpdBDU4ZOOJJ+c36xGYdkIEp5q+e/AICJcTfaQju2m5B5JmULV6oa9yRe9HKzCVU/fuQ6VCPeI/G2gV7jI8th1jea3xBfXc5WVoyFUSzwiyRxZqKNavucK1e1SxP/xVZLPW5Guwp26sg2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ymdk2HG0+5EM3XcIVCGo3ei9QGaZeHS/C5BzJqJLX7w=; b=ItMxlncAbsVkmfGtzlgnu1tIR5Uk72S1J/dBWllQXmnhztAqCZtI9+w8P9cs9+TPEg4XGvbOLQZ8D+MRANE/XzWU9qtOw0GYLmPe/qEaPiZo/4Eml6V4CJGvW+U8I4ReXz8j9O8u8LZUun9InQpUA7DD+nZAnctlxohdNEdUrs/uvaXH6F/0dFU+116yCbbuaK7h5E4CA4vEC28HDOjMlLFDoQ66FIgVVqyL7IzhjpN+ogIrMV4j4kYkgDSVSaQu8p6CaW/4KOV2pXoHQDItxbBxgJ7jJNB79U6yckAmgN1UdJG3/723GWJN3NJ2dUqzBJftt9U/ztH0mjJl6Jfo4Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ymdk2HG0+5EM3XcIVCGo3ei9QGaZeHS/C5BzJqJLX7w=; b=JgepXDiA/z2n+0Ae8bdXkW2oZO9oltwFaL3niQVYvl4Fs/fyA29cCztmNsd+D3ytFScFp0iej+4YWYbPIwPoSFAWR4Cv+MI8iIXTxqUcj3w7PlaYApm+/KCTEPKlGqv5Faw5jamiwHiZnOras2J75twQLC9CiAwVAx6RVU3skSA=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by AM0PR07MB4644.eurprd07.prod.outlook.com (2603:10a6:208:6c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.6; Sat, 12 Feb 2022 12:35:54 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b462:480e:b937:c62c%7]) with mapi id 15.20.4975.011; Sat, 12 Feb 2022 12:35:53 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "qirg@irtf.org" <qirg@irtf.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>, saag <saag@ietf.org>
Thread-Topic: Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
Thread-Index: AQHYIAwH8zEQdGvQAkOzECXdhs8fpw==
Date: Sat, 12 Feb 2022 12:35:53 +0000
Message-ID: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8a4ee1c-4b21-436d-9991-08d9ee2435c0
x-ms-traffictypediagnostic: AM0PR07MB4644:EE_
x-microsoft-antispam-prvs: <AM0PR07MB464446ED313EA5C444999EE089319@AM0PR07MB4644.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jsZuYI8ENIp2P0u5KIxzoSoi3WLDoiDGgtFlh6IXT7RoNY3OuPF+XV6Na6NAj6r2Ohx4FLf+i8uZXPwoeCebguZrdfETcGF3DnfA2XWgoJoDUdFq3YKjWXJp7aYRMD+kalIMX106W1b6bKDsWsYcnkvdYdfYTI8O94DrY5xiXX9Uaf5/lSLwm4f4ND2jCkoWAxxa/5CFN4gUdm9d1p1gOA7W85KSjlAH704O8GcGNZSEjtp8teAGSLnhbznJ77GlBjqLascTQijrVfTPYlwqIZXETonJYSrLfgbShq4dOBXxmXPtMx3hpnL02Te443jTQwlcclhkz+zQK3EltyNOeLklvUsQGZAx1gTR8yzsT9xEn3KxoTyJisZdRV39msVuzkosG3lV68ZmI0FUTIuFc5C+Ae7JdrafzfimwGoy9fUUogf97mETZLDZycFxsnwYcppTbALj2IJw/BgDD2+yatw07kLlFPQX1ErN1FoNIG5luBTgmCq67+DOqWpCX1FaFGJfUdTaxS+oikiX8tu7gzTbGcFxRK3JXPF2EgyQAjwL+QfkoRriBWFdHYxTQAfRbIsSEvOTenWjD5bSppjleFj1L8h8JRgTaZNPlCAnMIXAk7Gzs7naKw10hTEaMos7ICM1BlG7beiYV//8mPIEYz8Ym8BAr83Et+hKJLTBdz9K/DC9Ckxww+NTZrPAxFXvCn4XciQVryMaJKMb1JRMFNvETLBwgoUqrMamUv21aDLhsDMODO6zrWggFX5G/wPQ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE;  SFS:(13230001)(4636009)(366004)(2906002)(44832011)(38100700002)(71200400001)(9686003)(122000001)(55016003)(64756008)(8676002)(76116006)(4326008)(82960400001)(91956017)(66556008)(66446008)(66476007)(86362001)(33656002)(66946007)(6916009)(316002)(54906003)(186003)(52536014)(26005)(83380400001)(5660300002)(6506007)(15650500001)(7696005)(508600001)(8936002)(38070700005); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?TLT+plSvfIo7IvWjXEuTYzmWyzuys2/WCcMMzQ32tAT2yAJBnWfkBXZS?= =?Windows-1252?Q?l0gPvC/mozBqSBmvOeoBXij8xC4uEjysdghs02eq88mYWGxes5ZK9RSg?= =?Windows-1252?Q?KuT8A0D7a1N7gsXTybauhlEjgiEc0PvS+hDygSlA5dtMsm20TLOp8iSo?= =?Windows-1252?Q?i8LMEEshwDBPaCGmX1Ou+s2IwnW7ZsacjQI/ZjsYUg+y4fFvIMuZzOSn?= =?Windows-1252?Q?PiTMa8NI9si5SoQbKi2pwd8GnzbJAgjMd371pLep/DeujW0vacBSN93J?= =?Windows-1252?Q?W1ila0gSynVB75cnEMOWRpDiNX5226k8twSXzy/mZbow6fwNB0r0XKv0?= =?Windows-1252?Q?jqVN86mu62A9b7c4RQhXu+MvtWqsFpmBjQAC2bMxpV+MVfwEx335H/pR?= =?Windows-1252?Q?J3Z6cm4Ph3XEx1Jroa15glKq1dKYrNinMMpIAh5fvq2qFvdryfZbJtsX?= =?Windows-1252?Q?WCOa7zbtYSC3YDVr6oNmU2SC5O+Ze8IGurGejtOs2aJnNfRQE1ac4Gqs?= =?Windows-1252?Q?ulAG7yGzt0wijoEhpeZ5bAQzJaUoVUCOAz39ySZ4fs1GPe8GMDV17Ujm?= =?Windows-1252?Q?K5tbQ1xSYawqQbkDU/ug2JNcnL6EBJgSaqIkp0zKnkp+MxCCtDmmCv6H?= =?Windows-1252?Q?UW1v5J3PT30IqjtE6QmceAjXBGegJrlStBgM9OucscoL/u2OhjIAF49h?= =?Windows-1252?Q?ywS1lagGBgCsCmro/xrBOVCf5RWl69SFYv3LgNovL3qYoWogknTshQj4?= =?Windows-1252?Q?Rtfy5wAw1PIDswTNlJ/oNNOln9ljvBLTPMG9hEY1ifdEtgUtq4pZ/Dy3?= =?Windows-1252?Q?ViMod6+4KfOHc1i9n9rzniQcNrBt/Ce2sFUrdJ0WbDBRMkosMKlYQ+Np?= =?Windows-1252?Q?fG7/FLfgtdwcPZIcWj7pYOyUrv/RYvA26wrRaGnz8kfCfpWLBy64SSEw?= =?Windows-1252?Q?/kIwrRGmLM1qK9NaqUWNSyAcUbWPH6l7OkvnJwUKAdOcZTV7gdw2aUje?= =?Windows-1252?Q?ye9R5ZTFUxjwuBm0vpRIVewJ1dhqst1NYp2QI7o7T7MyVT1MdMmBlhhV?= =?Windows-1252?Q?N3M/+PW2syUQdjkeCP4uN5qGSS73agfdSeQoRqPbMpIk7gzb8y8sViE+?= =?Windows-1252?Q?QXo1hAbDrTryyR6BgyG0ooThmW6L1xi5hP6CfA1rhCdjCJBUGiIPcyuJ?= =?Windows-1252?Q?Mq0N8jhMfVRGrLkrhpnQWuf6rEK16iQnRSQQDsSrt2DVAS0QdQFTrqdT?= =?Windows-1252?Q?MRRalT+54zypEiICYJA+F2UPearkD+UAAlbndyYQT3dFA4U0F+7yeBhf?= =?Windows-1252?Q?wY/dqtFDvskfvsPZ24fImxDxVFbRMpb8boNjvt+YwVPo6AemxoAMr+q5?= =?Windows-1252?Q?ikbnzBLz4HImFrOYcWGAD+uzM3f4IIbWS9hBWMNzn/jCfzzBzXpx+df1?= =?Windows-1252?Q?LKGUjA23uHPjtE+4Xg2KrY2zHrz01ABjLyeqELE1Byhf8NFLYrlby37H?= =?Windows-1252?Q?4EuQLREehscYkKXouz6ll1WMbyxsSMfDGPNDfAWlbwpnOjPhru3tgVhQ?= =?Windows-1252?Q?8BOj0edXVXoGQCVaQvu1NU8Q/bx6uJLEMNxd8cTYG7BCBdDcbA/nqmLQ?= =?Windows-1252?Q?3NCIBFozTQawzkh6KsjT3hTeL3EB+o6DPDSrLgc3uOss93iUdt5Zohrw?= =?Windows-1252?Q?OMG01mlnnlknmH+ogtF1/ZuwRQ+3AtxQP3rKE2y8aSMkoBNz7l3IrN4W?= =?Windows-1252?Q?+J77mK7PXe81cVniwXnlVXvg/Z+LrRnHcCPdGnoJprxgjz4iHqO2EaYw?= =?Windows-1252?Q?xmZRVm13klJLtlu57miL6MztOVM=3D?=
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050021E796FA47455C7BFB689319HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8a4ee1c-4b21-436d-9991-08d9ee2435c0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2022 12:35:53.4402 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5e7KBxUSJB57l4FWGc2gEQW2zM1ukSPurewrtuB2SBQj06RnnSzS4Eh4AMhAuY6en+/orAAfV7TXXDHJB/56mv0ItdavIzhf4xlq1w9hdZg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB4644
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/OMnsCwE792deZgpzJxUXc-3Bwgo>
Subject: [saag] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Feb 2022 12:36:06 -0000

--_000_HE1PR0701MB3050021E796FA47455C7BFB689319HE1PR0701MB3050_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi,

I think this document is progressing nicely, but the security consideration=
s are severely lacking. I don't think the document can be published without=
 additions to the security considerations. The document mostly focuses on t=
hat fact that QKD is information-theoretically secure but misses a lot of p=
ractical security weaknesses. Only relying on QKD would catastrophically de=
crease the security of modern networks and augmenting modern networks with =
QKD does not make a significant difference.

I think the security consideration has to mention zero-trust as well as ref=
erring to the very good overviews given in [3][4][5].

Suggested text:

"
Modern networks are implemented with zero trust principles where classical =
cryptography is used for confidentiality, integrity protection, and authent=
ication on many of the logical layers of the network stack, often all the w=
ay from device to software in the cloud [1]. The cryptographic solutions in=
 use today are based on well-understood primitives, provably secure protoco=
ls and state-of-the-art implementations that are secure against a variety o=
f side-channel attacks.

In contrast to conventional cryptography and PQC, the security of QKD is in=
herently tied to the physical layer, which makes the threat surfaces of QKD=
 and conventional cryptography quite different. QKD implementations have al=
ready been subjected to publicized attacks [2] and the NSA notes that the r=
isk profile of conventional cryptography is better understood [3]. The fact=
 that conventional cryptography and PQC are implemented at a higher layer t=
han the physical one means PQC can be used to securely send protected infor=
mation through untrusted relays. This is in stark contrast with QKD, which =
relies on hop-by-hop security between intermediate trusted nodes. The PQC a=
pproach is better aligned with the modern technology environment, in which =
more applications are moving toward end-to-end security and zero-trust prin=
ciples. It is also important to note that while PQC can be deployed as a so=
ftware update, QKD requires new hardware.

Regarding QKD implementation details, the NSA states that communication nee=
ds and security requirements physically conflict in QKD and that the engine=
ering required to balance them has extremely low tolerance for error. While=
 conventional cryptography can be implemented in hardware in some cases for=
 performance or other reasons, QKD is inherently tied to hardware. The NSA =
points out that this makes QKD less flexible with regard to upgrades or sec=
urity patches. As QKD is fundamentally a point-to-point protocol, the NSA a=
lso notes that QKD networks often require the use of trusted relays, which =
increases the security risk from insider threats.

The UK=92s National Cyber Security Centre cautions against reliance on QKD,=
 especially in critical national infrastructure sectors, and suggests that =
PQC as standardized by the NIST is a better solution [4]. Meanwhile, the Na=
tional Cybersecurity Agency of France has decided that QKD could be conside=
red as a defense-in-depth measure complementing conventional cryptography, =
as long as the cost incurred does not adversely affect the mitigation of cu=
rrent threats to IT systems [5].
"

[1]  NIST, Zero Trust Architecture, August 2020
[2] Physical Review A 78, Experimental demonstration of time-shift attack a=
gainst practical quantum key distribution systems, October 28, 2008, Zhao, =
Y.; Fung, C.; Qi, B.; Chen, C.; Lo, H.
[3] NSA, Post-Quantum Cybersecurity Resources
[4] National Cyber Security Centre, Quantum security technologies, March, 2=
020
[5] ANNSI, Should quantum key distribution be used for secure communication=
s?, May 2020


--_000_HE1PR0701MB3050021E796FA47455C7BFB689319HE1PR0701MB3050_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"en-SE" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US">Hi,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I think this document is progre=
ssing nicely, but the security considerations are severely lacking. I don't=
 think the document can be published without additions to the security cons=
iderations. The document mostly focuses
 on that fact that QKD is information-theoretically secure but misses a lot=
 of practical security weaknesses. Only relying on QKD would catastrophical=
ly decrease the security of modern networks and augmenting modern networks =
with QKD does not make a significant
 difference.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I think the security considerat=
ion has to mention zero-trust as well as referring to the very good overvie=
ws given in [3][4][5].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Suggested text:<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Modern networks are implemented=
 with zero trust principles where classical cryptography is used for confid=
entiality, integrity protection, and authentication on many of the logical =
layers of the network stack, often all
 the way from device to software in the cloud [1]. The cryptographic soluti=
ons in use today are based on well-understood primitives, provably secure p=
rotocols and state-of-the-art implementations that are secure against a var=
iety of side-channel attacks.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">In contrast to conventional cry=
ptography and PQC, the security of QKD is inherently tied to the physical l=
ayer, which makes the threat surfaces of QKD and conventional cryptography =
quite different. QKD implementations
 have already been subjected to publicized attacks [2] and the NSA notes th=
at the risk profile of conventional cryptography is better understood [3]. =
The fact that conventional cryptography and PQC are implemented at a higher=
 layer than the physical one means
 PQC can be used to securely send protected information through untrusted r=
elays. This is in stark contrast with QKD, which relies on hop-by-hop secur=
ity between intermediate trusted nodes. The PQC approach is better aligned =
with the modern technology environment,
 in which more applications are moving toward end-to-end security and zero-=
trust principles. It is also important to note that while PQC can be deploy=
ed as a software update, QKD requires new hardware.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Regarding QKD implementation de=
tails, the NSA states that communication needs and security requirements ph=
ysically conflict in QKD and that the engineering required to balance them =
has extremely low tolerance for error.
 While conventional cryptography can be implemented in hardware in some cas=
es for performance or other reasons, QKD is inherently tied to hardware. Th=
e NSA points out that this makes QKD less flexible with regard to upgrades =
or security patches. As QKD is fundamentally
 a point-to-point protocol, the NSA also notes that QKD networks often requ=
ire the use of trusted relays, which increases the security risk from insid=
er threats.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">The UK=92s National Cyber Secur=
ity Centre cautions against reliance on QKD, especially in critical nationa=
l infrastructure sectors, and suggests that PQC as standardized by the NIST=
 is a better solution [4]. Meanwhile,
 the National Cybersecurity Agency of France has decided that QKD could be =
considered as a defense-in-depth measure complementing conventional cryptog=
raphy, as long as the cost incurred does not adversely affect the mitigatio=
n of current threats to IT systems
 [5].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[1]&nbsp; NIST, Zero Trust Arch=
itecture, August 2020<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[2] Physical Review A 78, Exper=
imental demonstration of time-shift attack against practical quantum key di=
stribution systems, October 28, 2008, Zhao, Y.; Fung, C.; Qi, B.; Chen, C.;=
 Lo, H.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[3] NSA, Post-Quantum Cybersecu=
rity Resources<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[4] National Cyber Security Cen=
tre, Quantum security technologies, March, 2020<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[5] ANNSI, Should quantum key d=
istribution be used for secure communications?, May 2020<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt"><o:p=
>&nbsp;</o:p></span></p>
</div>
</body>
</html>

--_000_HE1PR0701MB3050021E796FA47455C7BFB689319HE1PR0701MB3050_--


From nobody Sat Feb 12 04:53:18 2022
Return-Path: <Chonggang.Wang@interdigital.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 201F43A130F; Sat, 12 Feb 2022 04:53:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=interdigital.com header.b=Uf33OeQr; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=interdigital.onmicrosoft.com header.b=pBrAwRQf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F52kPOEEeWJ1; Sat, 12 Feb 2022 04:53:04 -0800 (PST)
Received: from esa2.hc3352-98.iphmx.com (esa2.hc3352-98.iphmx.com [216.71.148.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B3F43A0FC1; Sat, 12 Feb 2022 04:53:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=interdigital.com; i=@interdigital.com; q=dns/txt; s=esa; t=1644670384; x=1676206384; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=T+4Fpjq5hH0sn06m6hmv8ya6DR+lRehcrBBp+g+oX/4=; b=Uf33OeQrTKMYq/yhN+CNN4OB/iPSrD6NWIbWNrkwyVaYTOPeN6KZ/hog Xj/NR435tKzR8J26mNhFCzWeFqjb8WJh9N9Zwet1vpcoxjE4M3LTImH1m iAoIJ21LziJzNqsfvVvcRlhrwzThbCjJiZCZJJaG0a1bxRh67QY0BvjHB 8DVV6nEb8SdceLfyGYlowxWquyhky382xTTbaqM8BGkGD+8gi8tJ+RQ4u NssTsHoHijPwgdBj9YNg994Zrbk7egG7WBsvHqIEmB7brPhn1g98urGhR IhpMRe/vdxcext3hz8PIU2GNUXt1QLIetbvDKlFmr/P4SR0NvVOx+ip64 Q==;
Received: from mail-bn8nam11lp2169.outbound.protection.outlook.com (HELO NAM11-BN8-obe.outbound.protection.outlook.com) ([104.47.58.169]) by ob1.hc3352-98.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2022 07:50:01 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kDqJks4N1hXlljqYypmbM2JBGqM6nYiN/VgPMt7Ieiq8x2cOMJPqQ8tIiQgP2WF0amMTMnh9FbqVoBNSOrvLMlCskBbU7jIBvTVLT7A8SbY4lycgyi6B/UgP9Sc7nTKP9a9DmfNk386aZ0605hGvRW9Qib+kfV+Xjp3aRS/0Ffb+l/fn5RUORUhm5kJ17zHWGD3Q7Mnmh3gXSBvVlYY370tp7zm0bJZTXxMzJCqlabuo5sbjOx6yX6Iyvkh0KNrqY+W4M/vThD3eawFBcCkmSuHR5E0ugQZyZ1WNZ8xoxjxxlfyg523xBOjviZWbPo34ZNCP87UJjR0q3xF2aB9jGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F2brCVlcIqXM1geeZ8GT/7LJ+a8j2/VpwJYM+rs90i8=; b=hTMBZD5RHpR6IzqKsOaTWoYQ81foaZuj1gG175DewSNS1JfITylKcqVdNtNEmNUzxpTb8mh/+hJaVTJ/gMur3CmEDZPkVm9ZTUFgiXRAG5GNRGiSOeZNqqSq2vI0vPskU8vmiYkH7qKmqy+kkBfSZTgHjXiMS1VxIEPBPTOzg8Lt9q2BPH+6BODElGQW5Cfgn+cKPfFBCQDyUYwoX3UqTShk0uEm8ishA759LVOVCWHev1tqZdttsFtdxosoNaB12eGE2M6RSHzjwqlYF6njCNJfY80c6wU1NozEC4TC4ce0Qt0Q78NzYdeLuk6kZ+ZdyUhaowZZIlto3h3lXC2BhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=interdigital.onmicrosoft.com; s=selector2-interdigital-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F2brCVlcIqXM1geeZ8GT/7LJ+a8j2/VpwJYM+rs90i8=; b=pBrAwRQfpxVyX9bZZMWz/VsrxRj8q08ba3IjTSW5hUIEDly0IWq1Jf06kfZg3o4mjPkSv3hIN086ddK9SdqYUWpsdgrqeQT9JTtoLyHpMk3Jd4F37MSCLDj6xy7XGTBE3QEStKFglcmdy+J0gSxL+83ssBbC7tBybN4TkCpE/zc=
Received: from BN0PR10MB5096.namprd10.prod.outlook.com (2603:10b6:408:117::23) by CY4PR1001MB2279.namprd10.prod.outlook.com (2603:10b6:910:41::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.11; Sat, 12 Feb 2022 12:49:58 +0000
Received: from BN0PR10MB5096.namprd10.prod.outlook.com ([fe80::a897:1084:762a:7d3f]) by BN0PR10MB5096.namprd10.prod.outlook.com ([fe80::a897:1084:762a:7d3f%4]) with mapi id 15.20.4951.019; Sat, 12 Feb 2022 12:49:58 +0000
From: Chonggang Wang <Chonggang.Wang@InterDigital.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "qirg@irtf.org" <qirg@irtf.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>, saag <saag@ietf.org>
Thread-Topic: Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
Thread-Index: AQHYIAwH8zEQdGvQAkOzECXdhs8fp6yP3bVg
Date: Sat, 12 Feb 2022 12:49:57 +0000
Message-ID: <BN0PR10MB5096558FEF15C44C9C9672F2F8319@BN0PR10MB5096.namprd10.prod.outlook.com>
References: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=InterDigital.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 07853432-db87-4dc4-6e6e-08d9ee262d19
x-ms-traffictypediagnostic: CY4PR1001MB2279:EE_
x-microsoft-antispam-prvs: <CY4PR1001MB2279A2ACB5F1E349178534B8F8319@CY4PR1001MB2279.namprd10.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: W6IUzKVF/URYCYvHp2fYa4sSpyb7SHj5F5ccCqI4klswVuXluewTwHwcno7ZmLr8TanW9iIJHieVtDy6Qap0+niE/hV6XlzXPqlZ/8A6/+Bhtzp9s8SZUnSxvnzFCv63FuvABGZeEfkMqtO8/stuh6XSbCqrE7H0gnIemyPE4X3mPdI0VnnqlHnEGTEWQbWrCzQutxEqSV5aUrJbJ63OL+0IwsuWeLYzWTmwNxjGCoWfEINhzM1WK0nJZ+TzqFIZpH53tDdXHxwct72OFMngw5agbcbDzPwvgj3FZQQQIdkkYsLxv+LjO7lYWTZwHUOlIdLu6ldzSfq2+aJsb1WEAeTPoLYTRHu6ZUdbXXjpIxQ9USIix4wVbD/3zEYnS42HKruhY0IqgPvGKOEOeUZ2Mck5Xaf9hlfQizeedXMJEQ7UEf1RSF7Wxo9X5vULbxxQOinTpRTxxZ3ngsF3tQbdQnNkrBJQgIyu5ciRsYggNj6tkYuxgsxXiOEUdcX445geCdze0jrI2c4DA14ViI3zpox0HrIlhTHbzqz2EKoeD7oiHW46KrQ5Ny784eFf1T/Sq7dqoZJDM8+g1Mu7/Dhe67HBo2upCDG9E8OvKM3rxJkvzW13PxSM8jzthHebKaAQ8FhxrQDVYPINZjK8QyRehIn8AYL0bP9s3hQ0fNQ/3ViXIT5nspHkbbGbzrlLRc20oURRsNmlg9y+sAIraSz0B1jsdkFQTELxaimdtbAmdvw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:BN0PR10MB5096.namprd10.prod.outlook.com; PTR:; CAT:NONE;  SFS:(13230001)(4636009)(366004)(26005)(7696005)(9686003)(53546011)(6506007)(9326002)(83380400001)(8936002)(186003)(66574015)(55016003)(15650500001)(5660300002)(2906002)(52536014)(38100700002)(110136005)(38070700005)(54906003)(508600001)(316002)(71200400001)(122000001)(4326008)(86362001)(8676002)(66556008)(66476007)(66446008)(64756008)(76116006)(66946007)(33656002)(85282002); DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?XIUKvuDZ+Pwllw6PvNrhfxw2ihzrhC10Axt7/uoOpqovzLHmze6YlbYlpb9/?= =?us-ascii?Q?lB7CPg06MLexkaTv2eldSGZpqR3+y2K9l5ycHOy0a9fSZlcU3xti/CbPmFP7?= =?us-ascii?Q?o9hfLexfYIoeRDAPNrJ8XiFAiWQPTikogg9SzKsOf0rXUfjpQbGPQWSKcGuD?= =?us-ascii?Q?mCy/PlxX80vicocn4LuTkVMjDIbKMFtWyKLBP+d8WHB634kUWz1eOhC9unix?= =?us-ascii?Q?M7HR6g4EpCJ1fuqBJMlc6AeDFDJo1Le67Z/Ws6dk6bHzIeqB6RnqWGku+MR8?= =?us-ascii?Q?yplMc8bqoCXA5+BalrG/L9PKLU239KivD4a4iCpBVeQqnulMXDyqvVI1qxfv?= =?us-ascii?Q?lJm771D/47Usl+IuXa8QqQu6y8YBaOhGCHIG9GQWiptLr+mLKTi5Pxt1cyKE?= =?us-ascii?Q?IQDi5xjUyCzbZA3CW77v+1dZ4SiVciXMjddEo9urQ2AlhIN1q2lt7cb3SEyW?= =?us-ascii?Q?7KBLeYQS3k5wlpi0BQLZoqALPZstOl7J6BVrgAPnZUXj+KRr0tLLR4f8J4go?= =?us-ascii?Q?VsYd3RPWaAnws2qWlTo6eeqByIk5njJ/KcbkRs9btLAZG66jJkyhDspxnXYh?= =?us-ascii?Q?Ie4SsjFsFsP+qunrK+pblNUbYMjz18c/OaKuRVvl0BOIGUkvZ6n3j/kdXKRX?= =?us-ascii?Q?y7K68EgP6GdPMb1EnEgImu+Nx6QDzVHRHk6etOWjrIWaq0q2XwGw1BZ7ofKn?= =?us-ascii?Q?u8YhOf0b7SnMWb47+JwY7yVZtCAcJJ2VthW+MHWFBsyHNGcPpRPlwL4WYEor?= =?us-ascii?Q?HFI9VwwgpNeEmWBPauwIHFg0NPD33oH3FdKQqsTDWGfMGM7Qc28uPj6db7dQ?= =?us-ascii?Q?o6dETITyuH3BjlobTGgjPZe7SdhPsKTsMsP6vDKiq/n7iQpIIiJS//POi81E?= =?us-ascii?Q?dG7GuIKjulu70pJYjpFOYDRcn6+qVpSJfVWz+rL194lereLNvH/jYESW3LyC?= =?us-ascii?Q?c9hq6a7oYHFmnszH8VJTJWE0VMaiClMf0h8TsWbjKoF7HA5eLhYkuNnxa5TD?= =?us-ascii?Q?CuYorp9rXakKVvA+/wlXiRFK7yFvkedwdwhjmTk9M9sR4NhSW8VafcGzvr/9?= =?us-ascii?Q?wk4w8WmfLBIylX4zHcx2LR1Qpb972dgDjHGAJ3/c4aPEdkdubHbMpNPSesJ1?= =?us-ascii?Q?oplsOb5umlylysx+HUE9G5Ruadb1SX5zc9dYIYZ7Yo77anZNdaH0U6/sLGUu?= =?us-ascii?Q?otxtFQpsNcbP8GOy7XUvFVSqeAFfGoI4ACztWbqhAEEbIqdDHgDWM4rK972G?= =?us-ascii?Q?rC9dc1rxrxqYwND+rHzztM0r1fEHHDcerOUGOfMgxdCoKGmnERHiVhiDS32W?= =?us-ascii?Q?euieX+TnritEtNMOhTglQD34u5czWz83dqLL3axqLrPiNTUE9AvLiiIyomKB?= =?us-ascii?Q?gJVYjBe0ckhpKRxgIEIcB7Is+rrOkQRHdU+lyIw1JCjAJBxB30SWDS2VsPNh?= =?us-ascii?Q?nR06cNtpFfueK3UmjXUhjc+5yq0ghHMt3DrVpSiARXBMb3VxL2zi2eFMkVdg?= =?us-ascii?Q?dX9WdAqndi7KFnm8STCuPOMUd/qKMeg5LKyMmB6fTbAZDTcmkL3k09aEh60e?= =?us-ascii?Q?lcPBPQiiJ9r/3Y7OcXAAbUeBTfbhbp8rYm8Yt3gzhS6lxI2xgNnBWu5C/1DZ?= =?us-ascii?Q?aN5/cnnf7XvVCUaSetxySW7hHXduZjHMIHpJmOHReq5TWviSHko4Jw2K5qsI?= =?us-ascii?Q?lH6Xuw=3D=3D?=
Content-Type: multipart/alternative; boundary="_000_BN0PR10MB5096558FEF15C44C9C9672F2F8319BN0PR10MB5096namp_"
MIME-Version: 1.0
X-OriginatorOrg: interdigital.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5096.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 07853432-db87-4dc4-6e6e-08d9ee262d19
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2022 12:49:58.0727 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e351b779-f6d5-4e50-8568-80e922d180ae
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fXS0G1K23h5K8zloxq/CvssH2lDc2tyOZTmYhmbRYJC5qkmUTSS+Wj5IbH1d+kc7EEzoc/dEVAcpIJOUZIVduXxLDOtXSH8A71YEBQuAx2g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1001MB2279
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sDdVRNpCUfdgYTUZGjklT3JxuxY>
Subject: Re: [saag] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Feb 2022 12:53:09 -0000

--_000_BN0PR10MB5096558FEF15C44C9C9672F2F8319BN0PR10MB5096namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi John,

Thanks for your feedback. We will incorporate your suggested texts to the n=
ext version of this document.

Best regards,
Chonggang

From: Qirg <qirg-bounces@irtf.org> On Behalf Of John Mattsson
Sent: Saturday, February 12, 2022 7:36 AM
To: qirg@irtf.org
Cc: cfrg@ietf.org; saag <saag@ietf.org>
Subject: [Qirg] Security considerations in draft-irtf-qirg-quantum-internet=
-use-cases-08

=20
Hi,

I think this document is progressing nicely, but the security consideration=
s are severely lacking. I don't think the document can be published without=
 additions to the security considerations. The document mostly focuses on t=
hat fact that QKD is information-theoretically secure but misses a lot of p=
ractical security weaknesses. Only relying on QKD would catastrophically de=
crease the security of modern networks and augmenting modern networks with =
QKD does not make a significant difference.

I think the security consideration has to mention zero-trust as well as ref=
erring to the very good overviews given in [3][4][5].

Suggested text:

"
Modern networks are implemented with zero trust principles where classical =
cryptography is used for confidentiality, integrity protection, and authent=
ication on many of the logical layers of the network stack, often all the w=
ay from device to software in the cloud [1]. The cryptographic solutions in=
 use today are based on well-understood primitives, provably secure protoco=
ls and state-of-the-art implementations that are secure against a variety o=
f side-channel attacks.

In contrast to conventional cryptography and PQC, the security of QKD is in=
herently tied to the physical layer, which makes the threat surfaces of QKD=
 and conventional cryptography quite different. QKD implementations have al=
ready been subjected to publicized attacks [2] and the NSA notes that the r=
isk profile of conventional cryptography is better understood [3]. The fact=
 that conventional cryptography and PQC are implemented at a higher layer t=
han the physical one means PQC can be used to securely send protected infor=
mation through untrusted relays. This is in stark contrast with QKD, which =
relies on hop-by-hop security between intermediate trusted nodes. The PQC a=
pproach is better aligned with the modern technology environment, in which =
more applications are moving toward end-to-end security and zero-trust prin=
ciples. It is also important to note that while PQC can be deployed as a so=
ftware update, QKD requires new hardware.

Regarding QKD implementation details, the NSA states that communication nee=
ds and security requirements physically conflict in QKD and that the engine=
ering required to balance them has extremely low tolerance for error. While=
 conventional cryptography can be implemented in hardware in some cases for=
 performance or other reasons, QKD is inherently tied to hardware. The NSA =
points out that this makes QKD less flexible with regard to upgrades or sec=
urity patches. As QKD is fundamentally a point-to-point protocol, the NSA a=
lso notes that QKD networks often require the use of trusted relays, which =
increases the security risk from insider threats.

The UK's National Cyber Security Centre cautions against reliance on QKD, e=
specially in critical national infrastructure sectors, and suggests that PQ=
C as standardized by the NIST is a better solution [4]. Meanwhile, the Nati=
onal Cybersecurity Agency of France has decided that QKD could be considere=
d as a defense-in-depth measure complementing conventional cryptography, as=
 long as the cost incurred does not adversely affect the mitigation of curr=
ent threats to IT systems [5].
"

[1]  NIST, Zero Trust Architecture, August 2020
[2] Physical Review A 78, Experimental demonstration of time-shift attack a=
gainst practical quantum key distribution systems, October 28, 2008, Zhao, =
Y.; Fung, C.; Qi, B.; Chen, C.; Lo, H.
[3] NSA, Post-Quantum Cybersecurity Resources
[4] National Cyber Security Centre, Quantum security technologies, March, 2=
020
[5] ANNSI, Should quantum key distribution be used for secure communication=
s?, May 2020


--_000_BN0PR10MB5096558FEF15C44C9C9672F2F8319BN0PR10MB5096namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle20
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Hi John,<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Thanks for your fee=
dback. We will incorporate your suggested texts to the next version of this=
 document.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Best regards,<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Chonggang<o:p></o:p=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt">From:</span></b>=
<span style=3D"font-size:11.0pt"> Qirg &lt;qirg-bounces@irtf.org&gt;
<b>On Behalf Of </b>John Mattsson<br>
<b>Sent:</b> Saturday, February 12, 2022 7:36 AM<br>
<b>To:</b> qirg@irtf.org<br>
<b>Cc:</b> cfrg@ietf.org; saag &lt;saag@ietf.org&gt;<br>
<b>Subject:</b> [Qirg] Security considerations in draft-irtf-qirg-quantum-i=
nternet-use-cases-08<o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<table class=3D"MsoNormalTable" border=3D"0" cellspacing=3D"3" cellpadding=
=3D"0" width=3D"100%" style=3D"width:100.0% ">
<tbody>
<tr>
<td style=3D"padding:.75pt .75pt .75pt .75pt">
<p class=3D"MsoNormal" align=3D"center" style=3D"margin-bottom:7.5pt;text-a=
lign:center">
<strong><span style=3D"font-size:9.0pt;font-family:&quot;Verdana&quot;,sans=
-serif"> </span></strong><span style=3D"font-size:11.0pt"><o:p></o:p></span=
></p>
</td>
</tr>
</tbody>
</table>
<p class=3D"MsoNormal">Hi,<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I think this document is progressing nicely, but the=
 security considerations are severely lacking. I don't think the document c=
an be published without additions to the security considerations. The docum=
ent mostly focuses on that fact that
 QKD is information-theoretically secure but misses a lot of practical secu=
rity weaknesses. Only relying on QKD would catastrophically decrease the se=
curity of modern networks and augmenting modern networks with QKD does not =
make a significant difference.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I think the security consideration has to mention ze=
ro-trust as well as referring to the very good overviews given in [3][4][5]=
.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Suggested text:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&quot;<o:p></o:p></p>
<p class=3D"MsoNormal">Modern networks are implemented with zero trust prin=
ciples where classical cryptography is used for confidentiality, integrity =
protection, and authentication on many of the logical layers of the network=
 stack, often all the way from device
 to software in the cloud [1]. The cryptographic solutions in use today are=
 based on well-understood primitives, provably secure protocols and state-o=
f-the-art implementations that are secure against a variety of side-channel=
 attacks.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">In contrast to conventional cryptography and PQC, th=
e security of QKD is inherently tied to the physical layer, which makes the=
 threat surfaces of QKD and conventional cryptography quite different. QKD =
implementations have already been
 subjected to publicized attacks [2] and the NSA notes that the risk profil=
e of conventional cryptography is better understood [3]. The fact that conv=
entional cryptography and PQC are implemented at a higher layer than the ph=
ysical one means PQC can be used
 to securely send protected information through untrusted relays. This is i=
n stark contrast with QKD, which relies on hop-by-hop security between inte=
rmediate trusted nodes. The PQC approach is better aligned with the modern =
technology environment, in which
 more applications are moving toward end-to-end security and zero-trust pri=
nciples. It is also important to note that while PQC can be deployed as a s=
oftware update, QKD requires new hardware.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Regarding QKD implementation details, the NSA states=
 that communication needs and security requirements physically conflict in =
QKD and that the engineering required to balance them has extremely low tol=
erance for error. While conventional
 cryptography can be implemented in hardware in some cases for performance =
or other reasons, QKD is inherently tied to hardware. The NSA points out th=
at this makes QKD less flexible with regard to upgrades or security patches=
. As QKD is fundamentally a point-to-point
 protocol, the NSA also notes that QKD networks often require the use of tr=
usted relays, which increases the security risk from insider threats.<o:p><=
/o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The UK&#8217;s National Cyber Security Centre cautio=
ns against reliance on QKD, especially in critical national infrastructure =
sectors, and suggests that PQC as standardized by the NIST is a better solu=
tion [4]. Meanwhile, the National Cybersecurity
 Agency of France has decided that QKD could be considered as a defense-in-=
depth measure complementing conventional cryptography, as long as the cost =
incurred does not adversely affect the mitigation of current threats to IT =
systems [5].<o:p></o:p></p>
<p class=3D"MsoNormal">&quot;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">[1]&nbsp; NIST, Zero Trust Architecture, August 2020=
<o:p></o:p></p>
<p class=3D"MsoNormal">[2] Physical Review A 78, Experimental demonstration=
 of time-shift attack against practical quantum key distribution systems, O=
ctober 28, 2008, Zhao, Y.; Fung, C.; Qi, B.; Chen, C.; Lo, H.<o:p></o:p></p>
<p class=3D"MsoNormal">[3] NSA, Post-Quantum Cybersecurity Resources<o:p></=
o:p></p>
<p class=3D"MsoNormal">[4] National Cyber Security Centre, Quantum security=
 technologies, March, 2020<o:p></o:p></p>
<p class=3D"MsoNormal">[5] ANNSI, Should quantum key distribution be used f=
or secure communications?, May 2020<o:p></o:p></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
</div>
</body>
</html>

--_000_BN0PR10MB5096558FEF15C44C9C9672F2F8319BN0PR10MB5096namp_--


From nobody Mon Feb 21 15:54:56 2022
Return-Path: <prvs=037160803=joseph.d.touch@aero.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E44D3A1130; Mon, 14 Feb 2022 08:21:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aero.org header.b=r0kUyvSm; dkim=pass (1024-bit key) header.d=aerospacecloud.onmicrosoft.com header.b=V+RU8QOa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eypa87Dqs48I; Mon, 14 Feb 2022 08:21:38 -0800 (PST)
Received: from email3-east.aero.org (email3-east.aero.org [130.221.184.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0084A3A111C; Mon, 14 Feb 2022 08:21:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aero.org; i=@aero.org; q=dns/txt; s=mailhub; t=1644855698; x=1676391698; h=from:to:cc:subject:date:message-id:mime-version; bh=xYFEiqNhOaf9ZGINBEletNcFfeH2b50vUSSVQbxLqPM=; b=r0kUyvSmCMq9w25RrDo/zjb5nV43Zy5iCXROJp+qaJSUudW6CVaA0mIp dh7wQ/9E+KGHBq9dQLws+P2kCcGwnfyE0TOXcdV+GLhPlbdBa/BFp9vTw D9tpRlC9/P/rOtobUF096szQqhvPC+2kAh7jDgLHwj79I14WauaRwZuH6 8=;
x-SBRS: 3.5
x-SenderGroup: Inbound_Office365
IronPort-Data: A9a23:R9MkV6n2WP27aAGiB3QzeA3o5gzlIURdPkR7XQ2eYbSJt1+Wr1Gzt xIdWjjQOquKYjD8L9onbNnj9kJX6JeHy981HAA9q3wzFi4T+ZvOCOrCIxarNUt+DCFioGGLT ik6QoOdRCzhZiaE/n9BFJC/9yEkvU2vbuOkUrOUUsxJbVY4Dn9n0HqPosZh6mJSqYDR7zil5 JWi86UzBHf/g2QuajhNt/rZwP9SlK+aVA0w7wVWic9j7Ae2e0k9VPrz8onsR5dQatA88t+SH 44v/pnglo/q105F5ueer1rOWhZiroj6YFHU0iIOM0SVqkMqSiQais7XPReHAKtdo23hc9tZk L2huXEsIOuA02KldOk1CnFl/y9C0aJuwLTIGFK5tpGpwHLDYUXJ4OlfL00pBNhNkgp3KTkmG f0wBxsmNkrGq8fthbWxR69rm9gpK9TtMMUHoHZ8wDrFDPEgB5feX6HN4twe1zA17ixMNa+GO 4xFNnwxMVKZO0Mn1lQ/UfrSmM+qgWLyaz0epBSJorc840DawRZ2lr/3P7I5f/TRGJoJwBjwS mTu52nLLRo6F9al4gGXzmi1isH3vhjlV9dHfFG/3qUz2wbMroAJMzUUUlu95/ywllKlQNVZf hBM9zAvprMp80rtRd74dxG9qWSP+B8RR9QWFPc1gCmUy7DbyweDGmZCSSROAPQtutU5bT0ny lHPmMnmbRR0ubSaYXOQ6rnSqim9URX5NkcHbC4ACAcAuNboq9lpigqVF449VqmoktfyBDf8h SiQqzQzjKkSishN0Lin+VfAgHSnoZ2hohMJChv/Zmmq1yl/Y9OfaLOt+2b+zupxD4qGdwzU1 JQboPS24OcLBJCLsSWCRuQRAb2kj8pp1hWM3TaD+LFxqFyQF26fkZN4vGggfB0wWioQUXq4O xGK41g5CIp7ZSPyNcdKj5SN59PGJEQKPfjoTbjxadtIb4MZmOSvoXk1PRH4M4wAgCERfUwXP J6adYOgCC0VAq8/lj6uHb5Fj/ks2zw0wn7VSdbj1RO73LGCZXmTD7AYLF+JaeN/56SByOk0z zq9H5TTo/m8eLShCsUyzWL1BQxVRZTcLcymw/G7jsbZfmJb9JgJUpc9O48JdY1/hLhynezV5 Hy7UUIw4AOh2SGYeVjUNiozOeqHsXNDQZQTbXJE0bGAiyhLXGpTxPtFH3fKVeV6qL0+laIsJ xX7U5zRXKoSElwrBAjxnbGm9dc5K3xHdCqLPiG/ZyM4cYIoTAvT4tj+dxfu8y9mM8ZEnZpWn lFU7SuCGcBrb106Uq7+Mavzp3vs4yR1sL8sDiPgf4kCEG2xodMCA3Gg3pcffZpWQT2dnWTy6 upjKUxFzQU7i9Rpq4ahaGHth9vBLtaS6WIEQziFve7ub3GyE6jK6dYobdtktAv1DAvckJhOr 80Ppx0gGJXrRGp3jrc=
IronPort-HdrOrdr: A9a23:olbo0q+TYtr125tVu2Ruk+ESdr1zdoMgy1knxilNoENuH/Bwxv rFoB1E73TJoR4LUnAhhtyMfIGcKEmsq6KdgbNxAV5tZnjMhILaFvAh0WKE+UyhJ8SezJ8d6U 4EScQObayXMbEUt7e23ODTKadZ/DC4ytGDuQ6z9QYaceguUdAq0++WYjzrRnGfamF9dMwE/b Cnl5h6TwPJQwVBUixQbkN1dtQr3ue7wa4OAiR2SSLPijP+wg9AOISKXyRwhS1uAA+nqI1KmQ eq4m+JhNTFworLu26tphyjneUi6a+RveevHPbttiFWEESltu/PXvVIZ1TrhkEYnAiB0icGrD CmmWZrAy0H0QKVQojam2ql5+EguAxeukMK/WXorkcKwaTCNRwH41cov/NiTvKV0TsagDk6u5 g7/V6xht5yN1ftjS7979/HW1VDkVe1m2Mrlaopg3lWQeIlGZlshL1a2HkQPIYLHSr85oxiOv JpFtvg6PFfdk7fR2zFv0F0qebcbkgbL1OjeAwvq8aV2z9ZkDRS1E0D3vESmX8G6dYUV4RE3e LZKa5l/Ys+f/P+VZgNN9vpfPHHNFAlACi8D156GG6XKJ3uOBr22rnKCfsOldOXkaczvbsPca L6IXdlXF4JCmPT4PK1rb522yGIZG28WD/q24V6559004eMIIYDSRfzC2zHHKOb0qUi6+3gKs +O0cFtcsfexVWHI/dt4+SSYegqFZBIarxQhj98YSOynisnEPyWigXASoetGJPdVQw8Ume6OH EERzSbHrQ90qm0YA6HvPEHYQKqRqQ0lagASZQzPIAoudAw3kgliHlItbx8jvv7dAGrGMQNDR RDyHSOqNLgmUCGuVvI72JqPhJcCwJ8/KjgOkk64jPi7HmEC4rqNr2kCDtv4Ec=
X-IronPort-AV: E=McAfee;i="6200,9189,10258"; a="357466"
X-IronPort-AV: E=Sophos;i="5.88,368,1635220800"; d="scan'208,217";a="357466"
Received: from mail-dm3gcc02lp2106.outbound.protection.outlook.com (HELO GCC02-DM3-obe.outbound.protection.outlook.com) ([104.47.65.106]) by email3-east.aero.org with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Feb 2022 11:21:34 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PS5A1WOFPFJxUsfq/pYiqL9iT8e8RK2hUE+vg12egctT78zX2/EHIs1n7cENa1f1/IOjAscESuHb2SwCCwFabnmfWqfl21L/aPZVAzQunLfwlleOnWtHXW+9lJcOOfXonBot2f0bb2tKbQ4bVy8eKrq2rObcScHNdYGEKvHBqpbNAHKufoeWOsJYDGPVwXjjoIcrt7fkHoLlFUIWYo4ALME13rr2H+tUkPdhf1r2joA21K/fRpbCmQPyyB7NKAhTnC6RH4LzHfnJdZrWPm612FbTNcDVT7hBNCDshrQXcT+oUETIY/FubPl40ScObS+26er8/RyNBWRcwQ/k5il72A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;  s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xYFEiqNhOaf9ZGINBEletNcFfeH2b50vUSSVQbxLqPM=; b=GA/22VlXaoIZbdVrPbGJW+mNpzKtXgpzLX7U0U5PoGzagFqayB1wGmOEGR2hik6lHV4jGFmyhqD+W/+HmSJ7puYL6eiSRgLc+XMDKbS3Jfbnqpt3vsDl6xx7uETazDnnmftz9mXIS4kih3D4AY65blD4/KK6IQyem3PAsYIbR6LqgIDok5PzgJyUT3gKgVYOG5TyQmG79v6avth6c73mCpIW1QnCUf5n2o7fukS3SYEypjRxtDASeTFJ0KIoEAjxGcuyp8+UJZr+LOpW/UWpJeQA5qW3/HBaaFc7T61DFb1hITCNtLnFnffdQZpxAnpmmaf0n2JKWrreYgS6PfJaJA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aerospacecloud.onmicrosoft.com; s=selector2-aerospacecloud-onmicrosoft-com;  h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xYFEiqNhOaf9ZGINBEletNcFfeH2b50vUSSVQbxLqPM=; b=V+RU8QOan9bXDqI0hGooMNnwWB2ZRQ794B3XbodDT1PP48eyJdKVfLjwzrDg9cYdGQk3qYndZhRl4d+fUrWWf9xL2x7HyS15ZPvBmFMu21uXAPxG59ZTusmVSAMB4J27TC9Cszl61Ih+lERb/ugrfzxWIyrDZS2MSaFOhSBpALU=
Received: from SJ0PR09MB6542.namprd09.prod.outlook.com (2603:10b6:a03:266::20) by SJ0PR09MB6399.namprd09.prod.outlook.com (2603:10b6:a03:268::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4975.17; Mon, 14 Feb 2022 16:21:33 +0000
Received: from SJ0PR09MB6542.namprd09.prod.outlook.com ([fe80::9d9:2d2f:e71:8d43]) by SJ0PR09MB6542.namprd09.prod.outlook.com ([fe80::9d9:2d2f:e71:8d43%5]) with mapi id 15.20.4975.019; Mon, 14 Feb 2022 16:21:33 +0000
From: Joseph D Touch <joseph.d.touch@aero.org>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "qirg@irtf.org" <qirg@irtf.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>, saag <saag@ietf.org>
Thread-Topic: [Qirg] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
Thread-Index: AQHYIb7un+HZWK/OK0afiMO7u4+DkQ==
Date: Mon, 14 Feb 2022 16:21:33 +0000
Message-ID: <DBB63D54-C4C5-42C8-9612-9324BAB6EEDA@aero.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=aero.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1037973-a5cb-4cc8-a097-08d9efd610c4
x-ms-traffictypediagnostic: SJ0PR09MB6399:EE_
x-microsoft-antispam-prvs: <SJ0PR09MB63992E1798D83ADC12D1F1C0BD339@SJ0PR09MB6399.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VL4HHKiSYCg/yFIqOblmb5eEIBZCUk+/KUO5eZyBR03aO1Mz5yHLD0E8xP6B4y82F/7Iob4uH8OiKxHoVK6kgWtkxsPajcgkOxpbNDtoDsqWQrtIly5DD4vNPIbgSELO0ptGWdyCNVwgi52s2ryLMug9OxE16YWRVL1Ez4HY3+KgxK3UGOAnIqpFjxOsx0WKOU6hccp8vhOz38kzQoY9Hrfp6iuEft1EwXnKUOYNP/9S2drTLcOeglGIkh2kpiNrNE9DAyOyDOVPzNwbS/4gCOOwgLDK0J4xpl3i9+TQBKN4uVjd0ff50eUCIy2KARPNga976uZPbBLf399/BSr5DYD0s3B7Jt3O1IkPNB5nY3I1orhbV/hhPRwHs50k36npRI07DBOdxfyuw7gUBXV/3Zo6IXR+jnusn5M2HIOmMapDI9dMKMIJM5N73pow5Tv+/A7KGS8UUSHZrX8G2lCBGSKuI9IMmiyiC3X1FDPIYR1MK7deKqx7/B84e4HlvFfhjEhWp8GX5BPQ9QAvyX7i4itE7DVgfFGfOp5LB23xYwGao7dGi2vymjq88R5jLapp6lTS/taSWBMa85T3lrdORO+FE+y8Qgl3MNm7rZx4TmRCNW8N5KHBasL8FEhO/qXMT4AsvzvwiIdNnOslcKzNbwrpe/OQ64IeXVKKJ9n+iqRqDGtHWc8E0h2YqRrq5GM4umUon1p2JREdfBNCGdtOqnITNpBUDyWQVmogGp5Twjt0dORifs42JyV9QeGlIbLW
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;  IPV:NLI; SFV:NSPM; H:SJ0PR09MB6542.namprd09.prod.outlook.com; PTR:; CAT:NONE;  SFS:(13230001)(4636009)(366004)(86362001)(4326008)(54906003)(110136005)(8676002)(6486002)(8936002)(66446008)(64756008)(66476007)(316002)(76116006)(66556008)(66946007)(38070700005)(36756003)(5660300002)(38100700002)(122000001)(71200400001)(508600001)(2616005)(6506007)(83380400001)(15650500001)(2906002)(40140700001)(6512007)(53546011)(33656002)(26005)(186003)(66574015)(45980500001); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?Qk0zS0tZalFwYXB6ZmdVRGRkTE5wajJlWlR0U1BqMnBLNkJtUC92c0dkMlRR?= =?utf-8?B?MTRtVzdhcE5oRlIzamdoWU9GZlNPTXdIYXQrWHU2TEV6b1dBLzhjZFJ5NGts?= =?utf-8?B?VkthTm1aQVhGdXhLN2JJWmdFay93eDBNdW9Rc2lHUjdITUY5RndRTEpJcmRF?= =?utf-8?B?Z1p2YXlzbFlmcXJqU1JOWVBMb1hUcXZVdWJ2NzEvNm9Bd2E1VDBZaG1IVm9m?= =?utf-8?B?WTdmWUJiNEJHVzV0V3lIc2NUU3EvZWFONGNXWStlNURBOC9hdU9JQ2tDVmFN?= =?utf-8?B?a0JUaTZlV3BVR1BlTTltYWYvandrVVJRRUNYbEJjKzkyM2lIa3N6VWdsYlhn?= =?utf-8?B?VHowZ3dnU0dvTUMwVkp6bzNBcmpteTA0emd3V0FKTWYvV3dpNDNDbUxzQi9N?= =?utf-8?B?WmNPYk42MU9xcm5FSjlTMjV5NlZxT1gxMFJEVVZUWllhWTJYcjdXMXlPdUhC?= =?utf-8?B?dkw1VFVqRk45am1pS0hqeHBSNXBacmg2bENuRnhOZUtMNlZCNHFuRWJmTFdV?= =?utf-8?B?eGVEWEFrUGFadHZLMEMxekFzYXFValU1Vk5hWGlRWnJ4bDNkOXZtb3YrUldh?= =?utf-8?B?NTcxdkN2SXNraUFJTzNhU3BnRm1WYkg0dHlDOFRKZzNIY2s4UTR3RWlvWHQy?= =?utf-8?B?NUo5aVRGRURRTnRic0k4RCtGTUhXL1RvRkZGc0dmRTRMb0kySXE2ZE9LL0xi?= =?utf-8?B?dkxxNFpTaU9yTExITlhSM3Y3UW5uaUEra2hYQzZOUHdzTWNWYWhNY3NlV3o2?= =?utf-8?B?aWFwaEVVcUwvbU1NNW5ZWGVabGg5aG1PeTVyb2ZQT1NNZThQa1dydnFQMmNN?= =?utf-8?B?UEx1WjQ0blJSdHlNTmpHK0dmdHJhdUtMQ3Q2TjhYMVFndHRwNjdPempyZDJ1?= =?utf-8?B?SWs0aENTV3VpcnFXTHpxc0xOS2tteFJ0VUY3L2dEL0dITHFaS2IrM3pMZWFP?= =?utf-8?B?R05RaHY0R3NiM2U2eG5uYU5GZWdoamxyS1ZUV0tGUGtYWUtiNk1NUndNT3gz?= =?utf-8?B?aXUyakRTbjJtSFVFb1JtSjdRYnZDWVdML1hIMXdJNmE0MDNNK2h0MTBac2VI?= =?utf-8?B?S1ZqUi9KL3J5aTJ5UlpJY2VjemwxSk0wdjRIYTBkWXVnTXJhbjdjSVNPbGFk?= =?utf-8?B?bjlPNUNydWs0eHl5RkZwaHVMRVVmZXBhWHNuTm1URm5BWUFRMlhEWlB1QjNS?= =?utf-8?B?RmdMRUJiZFZrRkdNMnVRYW8yZ2l2azgvSnE4ZE5KTVJmMGRUa0crdnJmYms5?= =?utf-8?B?bit1WEVwS21SUFRDRXJrajUrdlFwaElxN2s0bzRPK1pjaWdqQjRYdDBaazdr?= =?utf-8?B?MkttZE5FMXJyeTAyWFRWSXRRNjBSQUVmK3h3eDhxb0hnWVhVeGhFSzRsR1Bp?= =?utf-8?B?STFqNmYzczNLTzc1c0JWQU5WV3g2UFRMdGgyKzQvdVR5VTVGUGMwVlE4NTZ1?= =?utf-8?B?TmlXUHM3R0NlNmxhYmo1N0Q3d21YT0RDajZWOWRHUW8zUGVIZ0JwbldOS2RR?= =?utf-8?B?T2xpNEUwZkJRWGNJckVUM3RlNWREMFlaR1Y2SGliZEI2dUd5dTJRTUZNSmNl?= =?utf-8?B?RkEwdURZcVFoaHBRSDZXQnE3WHc1QTRTK21TU3ErTlRoU01pSU9xK0Jra0lv?= =?utf-8?B?S2FVSDVTTUtOYWdLMXpVWG1JS09SS2YvUEl1MW5mQllXT2FadHhQc2duZFkw?= =?utf-8?B?Q3pPUHQrOHFVQ3dUVWFZekZxWlhqVTgrL01FN1VINzE4WXU4UHNUZDIzUE5q?= =?utf-8?B?T1pwS2U5UmxFeXQ4SWNEaVdJNVVVaGNud0pQd1NvMEExeFY0SkZEY0I3d1Fo?= =?utf-8?B?OU1QVlFvMzVYZXp2Z08zQT09?=
Content-Type: multipart/alternative; boundary="_000_DBB63D54C4C542C896129324BAB6EEDAaeroorg_"
MIME-Version: 1.0
X-OriginatorOrg: aero.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR09MB6542.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1037973-a5cb-4cc8-a097-08d9efd610c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2022 16:21:33.0966 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c8294700-c5a4-4ca1-a876-1457d39899fd
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR09MB6399
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/6JMJ0lNPwMIvaBLQlbFPhrdd8Rc>
X-Mailman-Approved-At: Mon, 21 Feb 2022 15:54:55 -0800
Subject: Re: [saag] [Qirg] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 16:21:44 -0000

--_000_DBB63D54C4C542C896129324BAB6EEDAaeroorg_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGksIGFsbCwNCg0KQmVzaWRlcyB0aGUgcXVhbnR1bSBpc3N1ZXMsIGl0IG1pZ2h0IGJlIGltcG9y
dGFudCB0byBpbmNsdWRlIGFsbCBvZiB0aGUgY2xhc3NpY2FsIGNoYW5uZWwgaXNzdWVzIHdpdGgg
UUtEIHRvby4NCg0KSm9lDQoNCi0tDQpEci4gSm9zZXBoIFRvdWNoDQpQcmluY2lwYWwgU2NpZW50
aXN0DQpJbmZvcm1hdGlvbiBTeXN0ZW1zIGFuZCBDeWJlciBEaXZpc2lvbg0KVGhlIEFlcm9zcGFj
ZSBDb3Jwb3JhdGlvbg0KNDI0LTI1NC00MzU3IGNlbGwNCg0KDQpGcm9tOiBRaXJnIDxxaXJnLWJv
dW5jZXNAaXJ0Zi5vcmc+IG9uIGJlaGFsZiBvZiBKb2huIE1hdHRzc29uIDxqb2huLm1hdHRzc29u
PTQwZXJpY3Nzb24uY29tQGRtYXJjLmlldGYub3JnPg0KRGF0ZTogU2F0dXJkYXksIEZlYnJ1YXJ5
IDEyLCAyMDIyIGF0IDQ6MzcgQU0NClRvOiAicWlyZ0BpcnRmLm9yZyIgPHFpcmdAaXJ0Zi5vcmc+
DQpDYzogImNmcmdAaWV0Zi5vcmciIDxjZnJnQGlldGYub3JnPiwgc2FhZyA8c2FhZ0BpZXRmLm9y
Zz4NClN1YmplY3Q6IFtRaXJnXSBTZWN1cml0eSBjb25zaWRlcmF0aW9ucyBpbiBkcmFmdC1pcnRm
LXFpcmctcXVhbnR1bS1pbnRlcm5ldC11c2UtY2FzZXMtMDgNCg0KSGksDQoNCkkgdGhpbmsgdGhp
cyBkb2N1bWVudCBpcyBwcm9ncmVzc2luZyBuaWNlbHksIGJ1dCB0aGUgc2VjdXJpdHkgY29uc2lk
ZXJhdGlvbnMgYXJlIHNldmVyZWx5IGxhY2tpbmcuIEkgZG9uJ3QgdGhpbmsgdGhlIGRvY3VtZW50
IGNhbiBiZSBwdWJsaXNoZWQgd2l0aG91dCBhZGRpdGlvbnMgdG8gdGhlIHNlY3VyaXR5IGNvbnNp
ZGVyYXRpb25zLiBUaGUgZG9jdW1lbnQgbW9zdGx5IGZvY3VzZXMgb24gdGhhdCBmYWN0IHRoYXQg
UUtEIGlzIGluZm9ybWF0aW9uLXRoZW9yZXRpY2FsbHkgc2VjdXJlIGJ1dCBtaXNzZXMgYSBsb3Qg
b2YgcHJhY3RpY2FsIHNlY3VyaXR5IHdlYWtuZXNzZXMuIE9ubHkgcmVseWluZyBvbiBRS0Qgd291
bGQgY2F0YXN0cm9waGljYWxseSBkZWNyZWFzZSB0aGUgc2VjdXJpdHkgb2YgbW9kZXJuIG5ldHdv
cmtzIGFuZCBhdWdtZW50aW5nIG1vZGVybiBuZXR3b3JrcyB3aXRoIFFLRCBkb2VzIG5vdCBtYWtl
IGEgc2lnbmlmaWNhbnQgZGlmZmVyZW5jZS4NCg0KSSB0aGluayB0aGUgc2VjdXJpdHkgY29uc2lk
ZXJhdGlvbiBoYXMgdG8gbWVudGlvbiB6ZXJvLXRydXN0IGFzIHdlbGwgYXMgcmVmZXJyaW5nIHRv
IHRoZSB2ZXJ5IGdvb2Qgb3ZlcnZpZXdzIGdpdmVuIGluIFszXVs0XVs1XS4NCg0KU3VnZ2VzdGVk
IHRleHQ6DQoNCiINCk1vZGVybiBuZXR3b3JrcyBhcmUgaW1wbGVtZW50ZWQgd2l0aCB6ZXJvIHRy
dXN0IHByaW5jaXBsZXMgd2hlcmUgY2xhc3NpY2FsIGNyeXB0b2dyYXBoeSBpcyB1c2VkIGZvciBj
b25maWRlbnRpYWxpdHksIGludGVncml0eSBwcm90ZWN0aW9uLCBhbmQgYXV0aGVudGljYXRpb24g
b24gbWFueSBvZiB0aGUgbG9naWNhbCBsYXllcnMgb2YgdGhlIG5ldHdvcmsgc3RhY2ssIG9mdGVu
IGFsbCB0aGUgd2F5IGZyb20gZGV2aWNlIHRvIHNvZnR3YXJlIGluIHRoZSBjbG91ZCBbMV0uIFRo
ZSBjcnlwdG9ncmFwaGljIHNvbHV0aW9ucyBpbiB1c2UgdG9kYXkgYXJlIGJhc2VkIG9uIHdlbGwt
dW5kZXJzdG9vZCBwcmltaXRpdmVzLCBwcm92YWJseSBzZWN1cmUgcHJvdG9jb2xzIGFuZCBzdGF0
ZS1vZi10aGUtYXJ0IGltcGxlbWVudGF0aW9ucyB0aGF0IGFyZSBzZWN1cmUgYWdhaW5zdCBhIHZh
cmlldHkgb2Ygc2lkZS1jaGFubmVsIGF0dGFja3MuDQoNCkluIGNvbnRyYXN0IHRvIGNvbnZlbnRp
b25hbCBjcnlwdG9ncmFwaHkgYW5kIFBRQywgdGhlIHNlY3VyaXR5IG9mIFFLRCBpcyBpbmhlcmVu
dGx5IHRpZWQgdG8gdGhlIHBoeXNpY2FsIGxheWVyLCB3aGljaCBtYWtlcyB0aGUgdGhyZWF0IHN1
cmZhY2VzIG9mIFFLRCBhbmQgY29udmVudGlvbmFsIGNyeXB0b2dyYXBoeSBxdWl0ZSBkaWZmZXJl
bnQuIFFLRCBpbXBsZW1lbnRhdGlvbnMgaGF2ZSBhbHJlYWR5IGJlZW4gc3ViamVjdGVkIHRvIHB1
YmxpY2l6ZWQgYXR0YWNrcyBbMl0gYW5kIHRoZSBOU0Egbm90ZXMgdGhhdCB0aGUgcmlzayBwcm9m
aWxlIG9mIGNvbnZlbnRpb25hbCBjcnlwdG9ncmFwaHkgaXMgYmV0dGVyIHVuZGVyc3Rvb2QgWzNd
LiBUaGUgZmFjdCB0aGF0IGNvbnZlbnRpb25hbCBjcnlwdG9ncmFwaHkgYW5kIFBRQyBhcmUgaW1w
bGVtZW50ZWQgYXQgYSBoaWdoZXIgbGF5ZXIgdGhhbiB0aGUgcGh5c2ljYWwgb25lIG1lYW5zIFBR
QyBjYW4gYmUgdXNlZCB0byBzZWN1cmVseSBzZW5kIHByb3RlY3RlZCBpbmZvcm1hdGlvbiB0aHJv
dWdoIHVudHJ1c3RlZCByZWxheXMuIFRoaXMgaXMgaW4gc3RhcmsgY29udHJhc3Qgd2l0aCBRS0Qs
IHdoaWNoIHJlbGllcyBvbiBob3AtYnktaG9wIHNlY3VyaXR5IGJldHdlZW4gaW50ZXJtZWRpYXRl
IHRydXN0ZWQgbm9kZXMuIFRoZSBQUUMgYXBwcm9hY2ggaXMgYmV0dGVyIGFsaWduZWQgd2l0aCB0
aGUgbW9kZXJuIHRlY2hub2xvZ3kgZW52aXJvbm1lbnQsIGluIHdoaWNoIG1vcmUgYXBwbGljYXRp
b25zIGFyZSBtb3ZpbmcgdG93YXJkIGVuZC10by1lbmQgc2VjdXJpdHkgYW5kIHplcm8tdHJ1c3Qg
cHJpbmNpcGxlcy4gSXQgaXMgYWxzbyBpbXBvcnRhbnQgdG8gbm90ZSB0aGF0IHdoaWxlIFBRQyBj
YW4gYmUgZGVwbG95ZWQgYXMgYSBzb2Z0d2FyZSB1cGRhdGUsIFFLRCByZXF1aXJlcyBuZXcgaGFy
ZHdhcmUuDQoNClJlZ2FyZGluZyBRS0QgaW1wbGVtZW50YXRpb24gZGV0YWlscywgdGhlIE5TQSBz
dGF0ZXMgdGhhdCBjb21tdW5pY2F0aW9uIG5lZWRzIGFuZCBzZWN1cml0eSByZXF1aXJlbWVudHMg
cGh5c2ljYWxseSBjb25mbGljdCBpbiBRS0QgYW5kIHRoYXQgdGhlIGVuZ2luZWVyaW5nIHJlcXVp
cmVkIHRvIGJhbGFuY2UgdGhlbSBoYXMgZXh0cmVtZWx5IGxvdyB0b2xlcmFuY2UgZm9yIGVycm9y
LiBXaGlsZSBjb252ZW50aW9uYWwgY3J5cHRvZ3JhcGh5IGNhbiBiZSBpbXBsZW1lbnRlZCBpbiBo
YXJkd2FyZSBpbiBzb21lIGNhc2VzIGZvciBwZXJmb3JtYW5jZSBvciBvdGhlciByZWFzb25zLCBR
S0QgaXMgaW5oZXJlbnRseSB0aWVkIHRvIGhhcmR3YXJlLiBUaGUgTlNBIHBvaW50cyBvdXQgdGhh
dCB0aGlzIG1ha2VzIFFLRCBsZXNzIGZsZXhpYmxlIHdpdGggcmVnYXJkIHRvIHVwZ3JhZGVzIG9y
IHNlY3VyaXR5IHBhdGNoZXMuIEFzIFFLRCBpcyBmdW5kYW1lbnRhbGx5IGEgcG9pbnQtdG8tcG9p
bnQgcHJvdG9jb2wsIHRoZSBOU0EgYWxzbyBub3RlcyB0aGF0IFFLRCBuZXR3b3JrcyBvZnRlbiBy
ZXF1aXJlIHRoZSB1c2Ugb2YgdHJ1c3RlZCByZWxheXMsIHdoaWNoIGluY3JlYXNlcyB0aGUgc2Vj
dXJpdHkgcmlzayBmcm9tIGluc2lkZXIgdGhyZWF0cy4NCg0KVGhlIFVL4oCZcyBOYXRpb25hbCBD
eWJlciBTZWN1cml0eSBDZW50cmUgY2F1dGlvbnMgYWdhaW5zdCByZWxpYW5jZSBvbiBRS0QsIGVz
cGVjaWFsbHkgaW4gY3JpdGljYWwgbmF0aW9uYWwgaW5mcmFzdHJ1Y3R1cmUgc2VjdG9ycywgYW5k
IHN1Z2dlc3RzIHRoYXQgUFFDIGFzIHN0YW5kYXJkaXplZCBieSB0aGUgTklTVCBpcyBhIGJldHRl
ciBzb2x1dGlvbiBbNF0uIE1lYW53aGlsZSwgdGhlIE5hdGlvbmFsIEN5YmVyc2VjdXJpdHkgQWdl
bmN5IG9mIEZyYW5jZSBoYXMgZGVjaWRlZCB0aGF0IFFLRCBjb3VsZCBiZSBjb25zaWRlcmVkIGFz
IGEgZGVmZW5zZS1pbi1kZXB0aCBtZWFzdXJlIGNvbXBsZW1lbnRpbmcgY29udmVudGlvbmFsIGNy
eXB0b2dyYXBoeSwgYXMgbG9uZyBhcyB0aGUgY29zdCBpbmN1cnJlZCBkb2VzIG5vdCBhZHZlcnNl
bHkgYWZmZWN0IHRoZSBtaXRpZ2F0aW9uIG9mIGN1cnJlbnQgdGhyZWF0cyB0byBJVCBzeXN0ZW1z
IFs1XS4NCiINCg0KWzFdICBOSVNULCBaZXJvIFRydXN0IEFyY2hpdGVjdHVyZSwgQXVndXN0IDIw
MjANClsyXSBQaHlzaWNhbCBSZXZpZXcgQSA3OCwgRXhwZXJpbWVudGFsIGRlbW9uc3RyYXRpb24g
b2YgdGltZS1zaGlmdCBhdHRhY2sgYWdhaW5zdCBwcmFjdGljYWwgcXVhbnR1bSBrZXkgZGlzdHJp
YnV0aW9uIHN5c3RlbXMsIE9jdG9iZXIgMjgsIDIwMDgsIFpoYW8sIFkuOyBGdW5nLCBDLjsgUWks
IEIuOyBDaGVuLCBDLjsgTG8sIEguDQpbM10gTlNBLCBQb3N0LVF1YW50dW0gQ3liZXJzZWN1cml0
eSBSZXNvdXJjZXMNCls0XSBOYXRpb25hbCBDeWJlciBTZWN1cml0eSBDZW50cmUsIFF1YW50dW0g
c2VjdXJpdHkgdGVjaG5vbG9naWVzLCBNYXJjaCwgMjAyMA0KWzVdIEFOTlNJLCBTaG91bGQgcXVh
bnR1bSBrZXkgZGlzdHJpYnV0aW9uIGJlIHVzZWQgZm9yIHNlY3VyZSBjb21tdW5pY2F0aW9ucz8s
IE1heSAyMDIwDQoNCg==

--_000_DBB63D54C4C542C896129324BAB6EEDAaeroorg_
Content-Type: text/html; charset="utf-8"
Content-ID: <029FBE00FD675D47B1114C60CB1B0446@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCWZvbnQtc2l6
ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0Kc3Bhbi5FbWFp
bFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0O30NCkBw
YWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4waW4gMS4w
aW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9
DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9IiMwNTYzQzEi
IHZsaW5rPSIjOTU0RjcyIiBzdHlsZT0id29yZC13cmFwOmJyZWFrLXdvcmQiPg0KPGRpdiBjbGFz
cz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTEuMHB0Ij5IaSwgYWxsLDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpw
Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjExLjBwdCI+QmVzaWRlcyB0aGUgcXVhbnR1bSBpc3N1ZXMsIGl0IG1pZ2h0IGJlIGltcG9ydGFu
dCB0byBpbmNsdWRlIGFsbCBvZiB0aGUgY2xhc3NpY2FsIGNoYW5uZWwgaXNzdWVzIHdpdGggUUtE
IHRvby48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkpvZTxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTEuMHB0Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPi0tJm5ic3A7PG86
cD48L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOmJsYWNrIj5Eci4gSm9zZXBoIFRvdWNoPC9zcGFu
PjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Y29sb3I6YmxhY2si
PlByaW5jaXBhbCBTY2llbnRpc3Q8L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtjb2xvcjpibGFjayI+SW5mb3JtYXRpb24gU3lzdGVtcyBhbmQgQ3liZXIg
RGl2aXNpb248L3NwYW4+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtjb2xvcjpibGFjayI+VGhlIEFlcm9zcGFjZSBDb3Jwb3JhdGlvbjwvc3Bhbj48c3BhbiBzdHls
ZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2NvbG9yOmJsYWNrIj40MjQtMjU0LTQz
NTcgY2VsbDwvc3Bhbj48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQg
I0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+RnJvbTogPC9zcGFuPjwvYj48c3Bh
biBzdHlsZT0iY29sb3I6YmxhY2siPlFpcmcgJmx0O3FpcmctYm91bmNlc0BpcnRmLm9yZyZndDsg
b24gYmVoYWxmIG9mIEpvaG4gTWF0dHNzb24gJmx0O2pvaG4ubWF0dHNzb249NDBlcmljc3Nvbi5j
b21AZG1hcmMuaWV0Zi5vcmcmZ3Q7PGJyPg0KPGI+RGF0ZTogPC9iPlNhdHVyZGF5LCBGZWJydWFy
eSAxMiwgMjAyMiBhdCA0OjM3IEFNPGJyPg0KPGI+VG86IDwvYj4mcXVvdDtxaXJnQGlydGYub3Jn
JnF1b3Q7ICZsdDtxaXJnQGlydGYub3JnJmd0Ozxicj4NCjxiPkNjOiA8L2I+JnF1b3Q7Y2ZyZ0Bp
ZXRmLm9yZyZxdW90OyAmbHQ7Y2ZyZ0BpZXRmLm9yZyZndDssIHNhYWcgJmx0O3NhYWdAaWV0Zi5v
cmcmZ3Q7PGJyPg0KPGI+U3ViamVjdDogPC9iPltRaXJnXSBTZWN1cml0eSBjb25zaWRlcmF0aW9u
cyBpbiBkcmFmdC1pcnRmLXFpcmctcXVhbnR1bS1pbnRlcm5ldC11c2UtY2FzZXMtMDg8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
SSB0aGluayB0aGlzIGRvY3VtZW50IGlzIHByb2dyZXNzaW5nIG5pY2VseSwgYnV0IHRoZSBzZWN1
cml0eSBjb25zaWRlcmF0aW9ucyBhcmUgc2V2ZXJlbHkgbGFja2luZy4gSSBkb24ndCB0aGluayB0
aGUgZG9jdW1lbnQgY2FuIGJlIHB1Ymxpc2hlZCB3aXRob3V0IGFkZGl0aW9ucyB0byB0aGUgc2Vj
dXJpdHkgY29uc2lkZXJhdGlvbnMuIFRoZSBkb2N1bWVudCBtb3N0bHkgZm9jdXNlcyBvbiB0aGF0
IGZhY3QgdGhhdA0KIFFLRCBpcyBpbmZvcm1hdGlvbi10aGVvcmV0aWNhbGx5IHNlY3VyZSBidXQg
bWlzc2VzIGEgbG90IG9mIHByYWN0aWNhbCBzZWN1cml0eSB3ZWFrbmVzc2VzLiBPbmx5IHJlbHlp
bmcgb24gUUtEIHdvdWxkIGNhdGFzdHJvcGhpY2FsbHkgZGVjcmVhc2UgdGhlIHNlY3VyaXR5IG9m
IG1vZGVybiBuZXR3b3JrcyBhbmQgYXVnbWVudGluZyBtb2Rlcm4gbmV0d29ya3Mgd2l0aCBRS0Qg
ZG9lcyBub3QgbWFrZSBhIHNpZ25pZmljYW50IGRpZmZlcmVuY2UuPG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPkkgdGhpbmsgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb24gaGFzIHRvIG1lbnRpb24g
emVyby10cnVzdCBhcyB3ZWxsIGFzIHJlZmVycmluZyB0byB0aGUgdmVyeSBnb29kIG92ZXJ2aWV3
cyBnaXZlbiBpbiBbM11bNF1bNV0uPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlN1Z2dlc3RlZCB0
ZXh0OjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7PG86cD48L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mcXVvdDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPk1vZGVybiBuZXR3b3JrcyBhcmUgaW1wbGVtZW50ZWQgd2l0aCB6ZXJv
IHRydXN0IHByaW5jaXBsZXMgd2hlcmUgY2xhc3NpY2FsIGNyeXB0b2dyYXBoeSBpcyB1c2VkIGZv
ciBjb25maWRlbnRpYWxpdHksIGludGVncml0eSBwcm90ZWN0aW9uLCBhbmQgYXV0aGVudGljYXRp
b24gb24gbWFueSBvZiB0aGUgbG9naWNhbCBsYXllcnMgb2YgdGhlIG5ldHdvcmsgc3RhY2ssIG9m
dGVuIGFsbCB0aGUgd2F5IGZyb20gZGV2aWNlDQogdG8gc29mdHdhcmUgaW4gdGhlIGNsb3VkIFsx
XS4gVGhlIGNyeXB0b2dyYXBoaWMgc29sdXRpb25zIGluIHVzZSB0b2RheSBhcmUgYmFzZWQgb24g
d2VsbC11bmRlcnN0b29kIHByaW1pdGl2ZXMsIHByb3ZhYmx5IHNlY3VyZSBwcm90b2NvbHMgYW5k
IHN0YXRlLW9mLXRoZS1hcnQgaW1wbGVtZW50YXRpb25zIHRoYXQgYXJlIHNlY3VyZSBhZ2FpbnN0
IGEgdmFyaWV0eSBvZiBzaWRlLWNoYW5uZWwgYXR0YWNrcy48bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+SW4gY29udHJhc3QgdG8gY29udmVudGlvbmFsIGNyeXB0b2dyYXBoeSBhbmQgUFFDLCB0aGUg
c2VjdXJpdHkgb2YgUUtEIGlzIGluaGVyZW50bHkgdGllZCB0byB0aGUgcGh5c2ljYWwgbGF5ZXIs
IHdoaWNoIG1ha2VzIHRoZSB0aHJlYXQgc3VyZmFjZXMgb2YgUUtEIGFuZCBjb252ZW50aW9uYWwg
Y3J5cHRvZ3JhcGh5IHF1aXRlIGRpZmZlcmVudC4gUUtEIGltcGxlbWVudGF0aW9ucyBoYXZlIGFs
cmVhZHkgYmVlbg0KIHN1YmplY3RlZCB0byBwdWJsaWNpemVkIGF0dGFja3MgWzJdIGFuZCB0aGUg
TlNBIG5vdGVzIHRoYXQgdGhlIHJpc2sgcHJvZmlsZSBvZiBjb252ZW50aW9uYWwgY3J5cHRvZ3Jh
cGh5IGlzIGJldHRlciB1bmRlcnN0b29kIFszXS4gVGhlIGZhY3QgdGhhdCBjb252ZW50aW9uYWwg
Y3J5cHRvZ3JhcGh5IGFuZCBQUUMgYXJlIGltcGxlbWVudGVkIGF0IGEgaGlnaGVyIGxheWVyIHRo
YW4gdGhlIHBoeXNpY2FsIG9uZSBtZWFucyBQUUMgY2FuIGJlIHVzZWQNCiB0byBzZWN1cmVseSBz
ZW5kIHByb3RlY3RlZCBpbmZvcm1hdGlvbiB0aHJvdWdoIHVudHJ1c3RlZCByZWxheXMuIFRoaXMg
aXMgaW4gc3RhcmsgY29udHJhc3Qgd2l0aCBRS0QsIHdoaWNoIHJlbGllcyBvbiBob3AtYnktaG9w
IHNlY3VyaXR5IGJldHdlZW4gaW50ZXJtZWRpYXRlIHRydXN0ZWQgbm9kZXMuIFRoZSBQUUMgYXBw
cm9hY2ggaXMgYmV0dGVyIGFsaWduZWQgd2l0aCB0aGUgbW9kZXJuIHRlY2hub2xvZ3kgZW52aXJv
bm1lbnQsIGluIHdoaWNoDQogbW9yZSBhcHBsaWNhdGlvbnMgYXJlIG1vdmluZyB0b3dhcmQgZW5k
LXRvLWVuZCBzZWN1cml0eSBhbmQgemVyby10cnVzdCBwcmluY2lwbGVzLiBJdCBpcyBhbHNvIGlt
cG9ydGFudCB0byBub3RlIHRoYXQgd2hpbGUgUFFDIGNhbiBiZSBkZXBsb3llZCBhcyBhIHNvZnR3
YXJlIHVwZGF0ZSwgUUtEIHJlcXVpcmVzIG5ldyBoYXJkd2FyZS48bzpwPjwvbzpwPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+UmVnYXJkaW5nIFFLRCBpbXBsZW1lbnRhdGlvbiBkZXRhaWxzLCB0aGUgTlNBIHN0YXRl
cyB0aGF0IGNvbW11bmljYXRpb24gbmVlZHMgYW5kIHNlY3VyaXR5IHJlcXVpcmVtZW50cyBwaHlz
aWNhbGx5IGNvbmZsaWN0IGluIFFLRCBhbmQgdGhhdCB0aGUgZW5naW5lZXJpbmcgcmVxdWlyZWQg
dG8gYmFsYW5jZSB0aGVtIGhhcyBleHRyZW1lbHkgbG93IHRvbGVyYW5jZSBmb3IgZXJyb3IuIFdo
aWxlIGNvbnZlbnRpb25hbA0KIGNyeXB0b2dyYXBoeSBjYW4gYmUgaW1wbGVtZW50ZWQgaW4gaGFy
ZHdhcmUgaW4gc29tZSBjYXNlcyBmb3IgcGVyZm9ybWFuY2Ugb3Igb3RoZXIgcmVhc29ucywgUUtE
IGlzIGluaGVyZW50bHkgdGllZCB0byBoYXJkd2FyZS4gVGhlIE5TQSBwb2ludHMgb3V0IHRoYXQg
dGhpcyBtYWtlcyBRS0QgbGVzcyBmbGV4aWJsZSB3aXRoIHJlZ2FyZCB0byB1cGdyYWRlcyBvciBz
ZWN1cml0eSBwYXRjaGVzLiBBcyBRS0QgaXMgZnVuZGFtZW50YWxseSBhIHBvaW50LXRvLXBvaW50
DQogcHJvdG9jb2wsIHRoZSBOU0EgYWxzbyBub3RlcyB0aGF0IFFLRCBuZXR3b3JrcyBvZnRlbiBy
ZXF1aXJlIHRoZSB1c2Ugb2YgdHJ1c3RlZCByZWxheXMsIHdoaWNoIGluY3JlYXNlcyB0aGUgc2Vj
dXJpdHkgcmlzayBmcm9tIGluc2lkZXIgdGhyZWF0cy48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
VGhlIFVL4oCZcyBOYXRpb25hbCBDeWJlciBTZWN1cml0eSBDZW50cmUgY2F1dGlvbnMgYWdhaW5z
dCByZWxpYW5jZSBvbiBRS0QsIGVzcGVjaWFsbHkgaW4gY3JpdGljYWwgbmF0aW9uYWwgaW5mcmFz
dHJ1Y3R1cmUgc2VjdG9ycywgYW5kIHN1Z2dlc3RzIHRoYXQgUFFDIGFzIHN0YW5kYXJkaXplZCBi
eSB0aGUgTklTVCBpcyBhIGJldHRlciBzb2x1dGlvbiBbNF0uIE1lYW53aGlsZSwgdGhlIE5hdGlv
bmFsIEN5YmVyc2VjdXJpdHkNCiBBZ2VuY3kgb2YgRnJhbmNlIGhhcyBkZWNpZGVkIHRoYXQgUUtE
IGNvdWxkIGJlIGNvbnNpZGVyZWQgYXMgYSBkZWZlbnNlLWluLWRlcHRoIG1lYXN1cmUgY29tcGxl
bWVudGluZyBjb252ZW50aW9uYWwgY3J5cHRvZ3JhcGh5LCBhcyBsb25nIGFzIHRoZSBjb3N0IGlu
Y3VycmVkIGRvZXMgbm90IGFkdmVyc2VseSBhZmZlY3QgdGhlIG1pdGlnYXRpb24gb2YgY3VycmVu
dCB0aHJlYXRzIHRvIElUIHN5c3RlbXMgWzVdLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+JnF1b3Q7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJz
cDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlsxXSZuYnNwOyBOSVNULCBa
ZXJvIFRydXN0IEFyY2hpdGVjdHVyZSwgQXVndXN0IDIwMjA8bzpwPjwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPlsyXSBQaHlzaWNhbCBSZXZpZXcgQSA3OCwgRXhwZXJpbWVudGFsIGRl
bW9uc3RyYXRpb24gb2YgdGltZS1zaGlmdCBhdHRhY2sgYWdhaW5zdCBwcmFjdGljYWwgcXVhbnR1
bSBrZXkgZGlzdHJpYnV0aW9uIHN5c3RlbXMsIE9jdG9iZXIgMjgsIDIwMDgsIFpoYW8sIFkuOyBG
dW5nLCBDLjsgUWksIEIuOyBDaGVuLCBDLjsgTG8sIEguPG86cD48L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj5bM10gTlNBLCBQb3N0LVF1YW50dW0gQ3liZXJzZWN1cml0eSBSZXNvdXJj
ZXM8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPls0XSBOYXRpb25hbCBDeWJl
ciBTZWN1cml0eSBDZW50cmUsIFF1YW50dW0gc2VjdXJpdHkgdGVjaG5vbG9naWVzLCBNYXJjaCwg
MjAyMDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+WzVdIEFOTlNJLCBTaG91
bGQgcXVhbnR1bSBrZXkgZGlzdHJpYnV0aW9uIGJlIHVzZWQgZm9yIHNlY3VyZSBjb21tdW5pY2F0
aW9ucz8sIE1heSAyMDIwPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+Jm5ic3A7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_DBB63D54C4C542C896129324BAB6EEDAaeroorg_--


From nobody Mon Feb 21 15:55:05 2022
Return-Path: <tobias.hemmert@bsi.bund.de>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8790F3A0D66; Tue, 15 Feb 2022 07:26:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level: 
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=bsi.bund.de header.b=8T4wwZsv; dkim=pass (2048-bit key) header.d=bsi.bund.de header.b=TWAiqqFN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yy_gLqGemdrF; Tue, 15 Feb 2022 07:26:47 -0800 (PST)
Received: from m2-bn.bund.de (m2-bn.bund.de [77.87.228.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4243A0D71; Tue, 15 Feb 2022 07:26:45 -0800 (PST)
Received: from m2-bn.bund.de (localhost [127.0.0.1]) by m2-bn.bund.de (Postfix) with ESMTP id AB5E3729873; Tue, 15 Feb 2022 16:26:42 +0100 (CET)
Received: (from localhost) by m2-bn.bund.de (MSCAN) id 4/m2-bn.bund.de/smtp-gw/mscan; Tue Feb 15 16:26:42 2022
X-NdB-Source: NdB
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-ed25519; t=1644938802; bh=V7y1NoJlSkeDihv8CPWysFX26Wp9C9h2+DyXqGK7tzo=; h=From:To:CC:Subject:Date:References:In-Reply-To:Content-Type: MIME-Version:Autocrypt:Cc:Content-Transfer-Encoding:Content-Type: Date:From:In-Reply-To:Mime-Version:Openpgp:References:Reply-To: Resent-To:Sender:Subject:To; b=8T4wwZsvOFFD3d/5BKsDzcU78W0+fNAAJKG6Q/5Gg8EMJ0h79hRWERuxSVSfiviRu byzeD0A4gHZpdkTU68RBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-rsa; t=1644938802; bh=V7y1NoJlSkeDihv8CPWysFX26Wp9C9h2+DyXqGK7tzo=; h=From:To:CC:Subject:Date:References:In-Reply-To:Content-Type: MIME-Version:Autocrypt:Cc:Content-Transfer-Encoding:Content-Type: Date:From:In-Reply-To:Mime-Version:Openpgp:References:Reply-To: Resent-To:Sender:Subject:To; b=TWAiqqFNnCoGwfrdNS4JD5XvSjaUWvAyo8aFr0zy3BU+8eXQkaxRsFUscB2bVVbu3 dhmL7vNQfj85SREzmM4/ypiqY4DF99uu0b9NxQwJdgikZzvQ0chxMQXJa3FQf2bDwE uUXDcbJPRsQtjT7fqz97Z0w1ECYHPRBsSq5Vsa+cnW5i8THQ6pSotmEuc1OztiZzjJ c/YOHKceU+avCd684xPSvl/VRO0PBY0c9K3cde3DYvlz5CrK+8npMCdTdx/aIg4snM 5nMWJJARB+93cqKAQqzFihBXoZlE/M6i9KJ+szRAdbpEa7DeYl936Sa3giaF7ZWVnm gSYPyZO/Zo1eg==
X-P350-Id: 105e319257ce45d6
X-Virus-Scanned: amavisd-new at bsi.bund.de
From: "Hemmert, Tobias" <tobias.hemmert@bsi.bund.de>
To: Chonggang Wang <Chonggang.Wang@InterDigital.com>, "qirg@irtf.org" <qirg@irtf.org>
CC: "cfrg@ietf.org" <cfrg@ietf.org>, saag <saag@ietf.org>
Thread-Topic: Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
Thread-Index: AQHYIAwH8zEQdGvQAkOzECXdhs8fp6yP3bVggAS1jqA=
Date: Tue, 15 Feb 2022 15:26:36 +0000
Message-ID: <b66c8a9e456445948a2e9a62b5388705@bsi.bund.de>
References: <HE1PR0701MB3050021E796FA47455C7BFB689319@HE1PR0701MB3050.eurprd07.prod.outlook.com> <BN0PR10MB5096558FEF15C44C9C9672F2F8319@BN0PR10MB5096.namprd10.prod.outlook.com>
In-Reply-To: <BN0PR10MB5096558FEF15C44C9C9672F2F8319@BN0PR10MB5096.namprd10.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-esetresult: clean, is OK
x-esetid: 37303A29C0E90D5360746B
Content-Type: multipart/related; boundary="_005_b66c8a9e456445948a2e9a62b5388705bsibundde_"; type="multipart/alternative"
MIME-Version: 1.0
X-Rusd: domwl, Pass through domain bsi.bund.de
X-Rurd: query_ok, Pass through domain irtf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/sxGYqWC93l6Reie6vQWVguK4ako>
X-Mailman-Approved-At: Mon, 21 Feb 2022 15:54:55 -0800
Subject: Re: [saag] Security considerations in draft-irtf-qirg-quantum-internet-use-cases-08
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 15:26:54 -0000

--_005_b66c8a9e456445948a2e9a62b5388705bsibundde_
Content-Type: multipart/alternative;
 boundary="_000_b66c8a9e456445948a2e9a62b5388705bsibundde_"

--_000_b66c8a9e456445948a2e9a62b5388705bsibundde_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Dear all,

for your information, adding to the references that have already been provi=
ded, I would like to point out two more quite recent publications on QKD se=
curity.

The German BSI has recently published an extensive document on the migratio=
n to quantum-safe cryptography [1] (unfortunately only available in German =
at the moment, an English version is in preparation). This also includes a =
chapter on QKD that points out some of the limitations and discusses securi=
ty properties of QKD. Sections 4.5 and 4.6 on page 54 contain a concise sum=
mary of some of the main points and some recommendations.

Furthermore, the NLNCSA has also recently published recommendations on the =
quantum threat that also contain a short section on QKD [2].

Maybe these are of interest to you as well.

All best
Tobias

[1] BSI, Kryptografie quantensicher gestalten, December 2021. www.bsi.bund.=
de/PQ-Migration<http://www.bsi.bund.de/PQ-Migration>
[2] NLNCSA, Prepare for the threat of quantum computers, January 2022. http=
s://english.aivd.nl/publications/publications/2022/01/18/prepare-for-the-th=
reat-of-quantumcomputers


Von: Qirg <qirg-bounces@irtf.org> Im Auftrag von Chonggang Wang
Gesendet: Samstag, 12. Februar 2022 13:50
An: John Mattsson <john.mattsson=3D40ericsson.com@dmarc.ietf.org>; qirg@irt=
f.org
Cc: cfrg@ietf.org; saag <saag@ietf.org>
Betreff: Re: [Qirg] Security considerations in draft-irtf-qirg-quantum-inte=
rnet-use-cases-08

Hi John,

Thanks for your feedback. We will incorporate your suggested texts to the n=
ext version of this document.

Best regards,
Chonggang

From: Qirg <qirg-bounces@irtf.org> On Behalf Of John Mattsson
Sent: Saturday, February 12, 2022 7:36 AM
To: qirg@irtf.org
Cc: cfrg@ietf.org; saag <saag@ietf.org>
Subject: [Qirg] Security considerations in draft-irtf-qirg-quantum-internet=
-use-cases-08


Hi,

I think this document is progressing nicely, but the security consideration=
s are severely lacking. I don't think the document can be published without=
 additions to the security considerations. The document mostly focuses on t=
hat fact that QKD is information-theoretically secure but misses a lot of p=
ractical security weaknesses. Only relying on QKD would catastrophically de=
crease the security of modern networks and augmenting modern networks with =
QKD does not make a significant difference.

I think the security consideration has to mention zero-trust as well as ref=
erring to the very good overviews given in [3][4][5].

Suggested text:

"
Modern networks are implemented with zero trust principles where classical =
cryptography is used for confidentiality, integrity protection, and authent=
ication on many of the logical layers of the network stack, often all the w=
ay from device to software in the cloud [1]. The cryptographic solutions in=
 use today are based on well-understood primitives, provably secure protoco=
ls and state-of-the-art implementations that are secure against a variety o=
f side-channel attacks.

In contrast to conventional cryptography and PQC, the security of QKD is in=
herently tied to the physical layer, which makes the threat surfaces of QKD=
 and conventional cryptography quite different. QKD implementations have al=
ready been subjected to publicized attacks [2] and the NSA notes that the r=
isk profile of conventional cryptography is better understood [3]. The fact=
 that conventional cryptography and PQC are implemented at a higher layer t=
han the physical one means PQC can be used to securely send protected infor=
mation through untrusted relays. This is in stark contrast with QKD, which =
relies on hop-by-hop security between intermediate trusted nodes. The PQC a=
pproach is better aligned with the modern technology environment, in which =
more applications are moving toward end-to-end security and zero-trust prin=
ciples. It is also important to note that while PQC can be deployed as a so=
ftware update, QKD requires new hardware.

Regarding QKD implementation details, the NSA states that communication nee=
ds and security requirements physically conflict in QKD and that the engine=
ering required to balance them has extremely low tolerance for error. While=
 conventional cryptography can be implemented in hardware in some cases for=
 performance or other reasons, QKD is inherently tied to hardware. The NSA =
points out that this makes QKD less flexible with regard to upgrades or sec=
urity patches. As QKD is fundamentally a point-to-point protocol, the NSA a=
lso notes that QKD networks often require the use of trusted relays, which =
increases the security risk from insider threats.

The UK's National Cyber Security Centre cautions against reliance on QKD, e=
specially in critical national infrastructure sectors, and suggests that PQ=
C as standardized by the NIST is a better solution [4]. Meanwhile, the Nati=
onal Cybersecurity Agency of France has decided that QKD could be considere=
d as a defense-in-depth measure complementing conventional cryptography, as=
 long as the cost incurred does not adversely affect the mitigation of curr=
ent threats to IT systems [5].
"

[1]  NIST, Zero Trust Architecture, August 2020
[2] Physical Review A 78, Experimental demonstration of time-shift attack a=
gainst practical quantum key distribution systems, October 28, 2008, Zhao, =
Y.; Fung, C.; Qi, B.; Chen, C.; Lo, H.
[3] NSA, Post-Quantum Cybersecurity Resources
[4] National Cyber Security Centre, Quantum security technologies, March, 2=
020
[5] ANNSI, Should quantum key distribution be used for secure communication=
s?, May 2020

[Das Bild wurde vom Absender entfernt. Banner]

[Das Bild wurde vom Absender entfernt. Banner]<https://www.interdigital.com=
/features/sustainability-in-a-wireless-world>

Sustainability in a Wireless World: Research dedicated to understanding the=
 impact of our technologies on the planet.<https://www.interdigital.com/fea=
tures/sustainability-in-a-wireless-world>

This e-mail is intended only for the use of the individual or entity to whi=
ch it is addressed, and may contain information that is privileged, confide=
ntial and/or otherwise protected from disclosure to anyone other than its i=
ntended recipient. Unintended transmission shall not constitute waiver of a=
ny privilege or confidentiality obligation. If you received this communicat=
ion in error, please do not review, copy or distribute it, notify me immedi=
ately by email, and delete the original message and any attachments. Unless=
 expressly stated in this e-mail, nothing in this message or any attachment=
 should be construed as a digital or electronic signature.

Java, JavaScript sowie aktive Inhalte wurden aus dieser E-Mail herausgefilt=
ert.

--_000_b66c8a9e456445948a2e9a62b5388705bsibundde_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage19
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
span.E-MailFormatvorlage20
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:#1F497D;}
span.E-MailFormatvorlage21
	{mso-style-type:personal;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"DE" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">Dear all,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">for your information, adding to the re=
ferences that have already been provided, I would like to point out two mor=
e quite recent publications on QKD security.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">The German BSI has recently published =
an extensive document on the migration to quantum-safe cryptography [1] (un=
fortunately only available in German at
 the moment, an English version is in preparation). This also includes a ch=
apter on QKD that points out some of the limitations and discusses security=
 properties of QKD. Sections 4.5 and 4.6 on page 54 contain a concise summa=
ry of some of the main points and
 some recommendations.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">Furthermore, the NLNCSA has also recen=
tly published recommendations on the quantum threat that also contain a sho=
rt section on QKD [2].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">Maybe these are of interest to you as =
well.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">All best<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">Tobias<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;color:#1F497D;mso-fa=
reast-language:EN-US">[1] BSI, Kryptografie quantensicher gestalten, Decemb=
er 2021.
<a href=3D"http://www.bsi.bund.de/PQ-Migration">www.bsi.bund.de/PQ-Migratio=
n</a><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US">[2] NLNCSA, Prepare for the threat of =
quantum computers, January 2022.
<a href=3D"https://english.aivd.nl/publications/publications/2022/01/18/pre=
pare-for-the-threat-of-quantumcomputers">
https://english.aivd.nl/publications/publications/2022/01/18/prepare-for-th=
e-threat-of-quantumcomputers</a><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"font-size:11.0pt;color=
:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-GB" style=3D"mso-fareast-language:E=
N-US"><o:p>&nbsp;</o:p></span></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b><span style=3D"font-size:11.0pt">Von:</span></b><=
span style=3D"font-size:11.0pt"> Qirg &lt;qirg-bounces@irtf.org&gt;
<b>Im Auftrag von </b>Chonggang Wang<br>
<b>Gesendet:</b> Samstag, 12. </span><span lang=3D"EN-GB" style=3D"font-siz=
e:11.0pt">Februar 2022 13:50<br>
<b>An:</b> John Mattsson &lt;john.mattsson=3D40ericsson.com@dmarc.ietf.org&=
gt;; qirg@irtf.org<br>
<b>Cc:</b> cfrg@ietf.org; saag &lt;saag@ietf.org&gt;<br>
<b>Betreff:</b> Re: [Qirg] Security considerations in draft-irtf-qirg-quant=
um-internet-use-cases-08<o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"EN-GB"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt">Hi J=
ohn,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt">Than=
ks for your feedback. We will incorporate your suggested texts to the next =
version of this document.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt">Best=
 regards,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt">Chon=
ggang<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt"><o:p=
>&nbsp;</o:p></span></p>
<div>
<div style=3D"border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm =
0cm 0cm">
<p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:11.0pt">F=
rom:</span></b><span lang=3D"EN-US" style=3D"font-size:11.0pt"> Qirg &lt;qi=
rg-bounces@irtf.org&gt;
<b>On Behalf Of </b>John Mattsson<br>
<b>Sent:</b> Saturday, February 12, 2022 7:36 AM<br>
<b>To:</b> qirg@irtf.org<br>
<b>Cc:</b> cfrg@ietf.org; saag &lt;saag@ietf.org&gt;<br>
<b>Subject:</b> [Qirg] Security considerations in draft-irtf-qirg-quantum-i=
nternet-use-cases-08<o:p></o:p></span></p>
</div>
</div>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<table class=3D"MsoNormalTable" border=3D"0" cellspacing=3D"3" cellpadding=
=3D"0" width=3D"100%" style=3D"width:100.0%">
<tbody>
<tr>
<td style=3D"padding:.75pt .75pt .75pt .75pt"></td>
</tr>
</tbody>
</table>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Hi,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I think this document is progre=
ssing nicely, but the security considerations are severely lacking. I don't=
 think the document can be published without additions to the security cons=
iderations. The document mostly focuses
 on that fact that QKD is information-theoretically secure but misses a lot=
 of practical security weaknesses. Only relying on QKD would catastrophical=
ly decrease the security of modern networks and augmenting modern networks =
with QKD does not make a significant
 difference.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">I think the security considerat=
ion has to mention zero-trust as well as referring to the very good overvie=
ws given in [3][4][5].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Suggested text:<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Modern networks are implemented=
 with zero trust principles where classical cryptography is used for confid=
entiality, integrity protection, and authentication on many of the logical =
layers of the network stack, often all
 the way from device to software in the cloud [1]. The cryptographic soluti=
ons in use today are based on well-understood primitives, provably secure p=
rotocols and state-of-the-art implementations that are secure against a var=
iety of side-channel attacks.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">In contrast to conventional cry=
ptography and PQC, the security of QKD is inherently tied to the physical l=
ayer, which makes the threat surfaces of QKD and conventional cryptography =
quite different. QKD implementations
 have already been subjected to publicized attacks [2] and the NSA notes th=
at the risk profile of conventional cryptography is better understood [3]. =
The fact that conventional cryptography and PQC are implemented at a higher=
 layer than the physical one means
 PQC can be used to securely send protected information through untrusted r=
elays. This is in stark contrast with QKD, which relies on hop-by-hop secur=
ity between intermediate trusted nodes. The PQC approach is better aligned =
with the modern technology environment,
 in which more applications are moving toward end-to-end security and zero-=
trust principles. It is also important to note that while PQC can be deploy=
ed as a software update, QKD requires new hardware.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">Regarding QKD implementation de=
tails, the NSA states that communication needs and security requirements ph=
ysically conflict in QKD and that the engineering required to balance them =
has extremely low tolerance for error.
 While conventional cryptography can be implemented in hardware in some cas=
es for performance or other reasons, QKD is inherently tied to hardware. Th=
e NSA points out that this makes QKD less flexible with regard to upgrades =
or security patches. As QKD is fundamentally
 a point-to-point protocol, the NSA also notes that QKD networks often requ=
ire the use of trusted relays, which increases the security risk from insid=
er threats.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">The UK&#8217;s National Cyber S=
ecurity Centre cautions against reliance on QKD, especially in critical nat=
ional infrastructure sectors, and suggests that PQC as standardized by the =
NIST is a better solution [4]. Meanwhile,
 the National Cybersecurity Agency of France has decided that QKD could be =
considered as a defense-in-depth measure complementing conventional cryptog=
raphy, as long as the cost incurred does not adversely affect the mitigatio=
n of current threats to IT systems
 [5].<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">&quot;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[1]&nbsp; NIST, Zero Trust Arch=
itecture, August 2020<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[2] Physical Review A 78, Exper=
imental demonstration of time-shift attack against practical quantum key di=
stribution systems, October 28, 2008, Zhao, Y.; Fung, C.; Qi, B.; Chen, C.;=
 Lo, H.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[3] NSA, Post-Quantum Cybersecu=
rity Resources<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[4] National Cyber Security Cen=
tre, Quantum security technologies, March, 2020<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US">[5] ANNSI, Should quantum key d=
istribution be used for secure communications?, May 2020<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt"><o:p=
>&nbsp;</o:p></span></p>
<div>
<table class=3D"MsoNormalTable" border=3D"0" cellpadding=3D"0" width=3D"0" =
style=3D"width:386.25pt">
<tbody>
<tr style=3D"height:18.75pt">
<td valign=3D"top" style=3D"padding:7.5pt .75pt 7.5pt .75pt;height:18.75pt"=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:&quot;Ar=
ial&quot;,sans-serif;border:solid windowtext 1.0pt;padding:0cm"><img border=
=3D"0" width=3D"200" height=3D"200" style=3D"width:2.0833in;height:2.0833in=
" id=3D"Bild_x0020_3" src=3D"cid:image001.jpg@01D82288.CBC23A30" alt=3D"Das=
 Bild wurde vom Absender entfernt. Banner"></span><span lang=3D"EN-GB" styl=
e=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,sans-serif"><br>
<br>
</span><a href=3D"https://www.interdigital.com/features/sustainability-in-a=
-wireless-world"><span style=3D"font-size:10.0pt;font-family:&quot;Arial&qu=
ot;,sans-serif;border:solid windowtext 1.0pt;padding:0cm;text-decoration:no=
ne"><img border=3D"0" width=3D"100" height=3D"100" style=3D"width:1.0416in;=
height:1.0416in" id=3D"Bild_x0020_2" src=3D"cid:~WRD000.jpg" alt=3D"Das Bil=
d wurde vom Absender entfernt. Banner"></span></a><span lang=3D"EN-GB" styl=
e=3D"font-size:10.0pt;font-family:&quot;Arial&quot;,sans-serif"><br>
<br>
</span><a href=3D"https://www.interdigital.com/features/sustainability-in-a=
-wireless-world"><span lang=3D"EN-GB" style=3D"font-size:10.0pt;font-family=
:&quot;Arial&quot;,sans-serif">Sustainability in a Wireless World: Research=
 dedicated to understanding the impact of our technologies
 on the planet.</span></a><span lang=3D"EN-GB" style=3D"font-size:10.0pt;fo=
nt-family:&quot;Arial&quot;,sans-serif"><o:p></o:p></span></p>
</td>
</tr>
<tr style=3D"height:18.75pt">
<td valign=3D"top" style=3D"padding:7.5pt .75pt .75pt .75pt;height:18.75pt"=
>
<p class=3D"MsoNormal" style=3D"text-align:justify"><span lang=3D"EN-GB" st=
yle=3D"font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:#4545=
45">This e-mail is intended only for the use of the individual or entity to=
 which it is addressed, and may contain information
 that is privileged, confidential and/or otherwise protected from disclosur=
e to anyone other than its intended recipient. Unintended transmission shal=
l not constitute waiver of any privilege or confidentiality obligation. If =
you received this communication
 in error, please do not review, copy or distribute it, notify me immediate=
ly by email, and delete the original message and any attachments. Unless ex=
pressly stated in this e-mail, nothing in this message or any attachment sh=
ould be construed as a digital or
 electronic signature.</span><span lang=3D"EN-GB" style=3D"font-size:9.0pt;=
font-family:&quot;Arial&quot;,sans-serif">
<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class=3D"MsoNormal"><span style=3D"font-family:&quot;Times New Roman&quo=
t;,serif">Java, JavaScript sowie aktive Inhalte wurden aus dieser E-Mail he=
rausgefiltert.
<o:p></o:p></span></p>
</div>
</body>
</html>

--_000_b66c8a9e456445948a2e9a62b5388705bsibundde_--

--_005_b66c8a9e456445948a2e9a62b5388705bsibundde_
Content-Type: image/jpeg; name="~WRD000.jpg"
Content-Description: ~WRD000.jpg
Content-Disposition: inline; filename="~WRD000.jpg"; size=823;
 creation-date="Tue, 15 Feb 2022 12:43:52 GMT";
 modification-date="Tue, 15 Feb 2022 12:43:52 GMT"
Content-ID: <~WRD000.jpg>
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABkAGQDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii
gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA
CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK
KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo
ooAKKKKACiiigAooooAKKKKACiiigD//2Q==

--_005_b66c8a9e456445948a2e9a62b5388705bsibundde_
Content-Type: image/jpeg; name="image001.jpg"
Content-Description: image001.jpg
Content-Disposition: inline; filename="image001.jpg"; size=800;
 creation-date="Tue, 15 Feb 2022 15:26:36 GMT";
 modification-date="Tue, 15 Feb 2022 15:26:36 GMT"
Content-ID: <image001.jpg@01D82288.CBC23A30>
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf
IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/wAALCADIAMgBAREA/8QAHwAAAQUBAQEB
AQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1Fh
ByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZ
WmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG
x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APZqKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
/9k=

--_005_b66c8a9e456445948a2e9a62b5388705bsibundde_--


From nobody Fri Feb 25 17:34:58 2022
Return-Path: <agenda@ietf.org>
X-Original-To: saag@ietf.org
Delivered-To: saag@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 75E9E3A0F05; Fri, 25 Feb 2022 17:29:11 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "\"IETF Secretariat\"" <agenda@ietf.org>
To: <kaduk@mit.edu>, <saag-chairs@ietf.org>
Cc: kaduk@mit.edu, saag@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.46.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164583895146.24617.13787290494502647988@ietfa.amsl.com>
Date: Fri, 25 Feb 2022 17:29:11 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/h8pOgvq3Zf3LR7bUQ1wxWQVAQ30>
Subject: [saag] saag - Requested session has been scheduled for IETF 113
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Feb 2022 01:29:18 -0000

Dear Benjamin Kaduk,

The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request. 


    saag Session 1 (2:00 requested)
    Thursday, 24 March 2022, Morning Session I 1000-1200
    Room Name: Grand Park Hall 3 size: 250
    ---------------------------------------------


iCalendar: https://datatracker.ietf.org/meeting/113/sessions/saag.ics

Request Information:


---------------------------------------------------------
Working Group Name: Security Area Open Meeting
Area Name: Security Area
Session Requester: Benjamin Kaduk


Number of Sessions: 1
Length of Session(s): 
Number of Attendees: 150
Conflicts to Avoid: 

       


People who must be present:
  Benjamin Kaduk
  Roman Danyliw

Resources Requested:

Special Requests:
  Thursday is preferred.  Please don&#39;t schedule this concurrently with any SEC area activity.
We can condense our agenda to fit in a 1-hour slot if that helps scheduling.
---------------------------------------------------------



From nobody Sun Feb 27 22:21:58 2022
Return-Path: <info@ieee-csr.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 393413A03F5; Sat, 26 Feb 2022 16:39:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level: 
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee-csr.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DkhL8ymVzjj4; Sat, 26 Feb 2022 16:39:13 -0800 (PST)
Received: from ieee-csr.org (vmi146817.contaboserver.net [173.249.7.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5806A3A03EC; Sat, 26 Feb 2022 16:39:07 -0800 (PST)
Received: from webmail.ieee-csr.org (localhost [IPv6:::1]) by vmi146817.contaboserver.net (Postfix) with ESMTPSA id D3F672E08F2; Sun, 27 Feb 2022 01:26:06 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee-csr.org; s=default; t=1645921575; bh=VsbxuZ6SMWflokuhgfFoIcAx+7EgVJBVSwR92kAwnkA=; h=From:To:Subject; b=00E37zhDdgOFle7Qifq/+SvdQQhSnoQ/IBC5IP8YEKmP9R41H8TrPDvyQBHJxPio3 9c1MWgMPUS5eY+qa8jAyOOoF+2AEuH7CehlhAaT5fM72zDuV0IX77Mo7y6rkp9O8oQ OrfEg7SkT5yc9LMh4hXOMmxrdb5ADPmJhh/5ez/o=
Authentication-Results: vmi146817.contaboserver.net; spf=pass (sender IP is ::1) smtp.mailfrom=info@ieee-csr.org smtp.helo=webmail.ieee-csr.org
Received-SPF: pass (vmi146817.contaboserver.net: connection is authenticated)
MIME-Version: 1.0
Date: Sun, 27 Feb 2022 02:26:06 +0200
From: info@ieee-csr.org
To: undisclosed-recipients:;
User-Agent: Roundcube Webmail/1.4.13
Message-ID: <e98a41f0f6983e872125e4e36665d410@ieee-csr.org>
X-Sender: info@ieee-csr.org
Content-Type: multipart/alternative; boundary="=_7d8aa2d2ec6007ed32fca578e8dd5030"
X-PPP-Message-ID: <164592156957.19778.3990579695307755687@vmi146817.contaboserver.net>
X-PPP-Vhost: ieee-csr.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/kAjJRl7SYJL45X-m3wJwJeSgUn0>
X-Mailman-Approved-At: Sun, 27 Feb 2022 22:21:56 -0800
Subject: [saag] [CFP] 2022 IEEE International Conference on Cyber Security and Resilience
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Feb 2022 00:39:18 -0000

--=_7d8aa2d2ec6007ed32fca578e8dd5030
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed

[Please accept our apologies for cross-postings]
[CSR IS A VIRTUAL EVENT]

==============================================================

C a l l   F o r   P a p e r s

IEEE CSR 2022
IEEE International Conference on Cyber Security and Resilience
Virtual Conference | July 27-29, 2022

https://www.ieee-csr.org/
==============================================================

The IEEE International Conference on Cyber Security and Resilience (IEEE 
CSR) is an annual event sponsored by the IEEE Systems, Man, and 
Cybernetics (SMC) Society.

DESCRIPTION & SCOPE
-------------------
The technological and industrial revolution brought by complex 
Cyber-Physical Systems (CPSs) comes with new threats and cyber-attacks 
that exploit their inherent complexity and heterogeneity. Systems under 
attack, should exhibit cyber resilience, i.e. a mixture of strategies, 
methods, and techniques to support complex CPS adaptive capacity during 
cyber-attacks. The conference focuses on theoretical and practical 
aspects of the security, privacy, trust, and resilience of networks, 
systems, and services as well as novel ways for dealing with their 
vulnerabilities and mitigating sophisticated cyber-attacks.

TOPICS OF INTEREST
------------------
Prospective authors are encouraged to submit previously unpublished 
contributions from a broad range of topics, which include but are not 
limited to the following:

Cyber security

› Cyber-security and AI
› Cyber-threat intelligence
› Moving target defense
› Network intrusion detection
› Post-quantum security
› Privacy and data protection

Cyber resilience
› AI resilience management
› Cyber-range platforms
› Cyber-risk forecasting
› Cyber-security training
› Dynamic risk management
› Gamification in security

Complex CPS security
› Automotive security
› Industrial IoT security
› IoT and cloud forensics
› Smart cities security
› Smart grid security
› Virtualization security

The complete list of topics can be found at the PDF version of the CFP: 
https://www.ieee-csr.org/docs/ieee_csr_cfp.pdf

IMPORTANT DATES
---------------
Paper submission deadline: March 18, 2022
Authors' notification: April 15, 2022
Camera-ready submission: May 6, 2022
Early registration deadline: June 3, 2022

SUBMISSION GUIDELINES
---------------------
The IEEE CSR 2022 conference will accept high-quality regular research 
papers, Systematization of Knowledge (SoK) papers, and industrial 
papers. The IEEE CSR 2022 also hosts workshops that specialize into the 
conference's areas or focus on high-quality applied research and 
innovation results obtained from cyber-security and resilience projects.

Submitted manuscripts should not exceed 6 pages (plus 2 extra pages, 
being subject to overlength page charges) and should be of sufficient 
detail to be evaluated by expert reviewers in the field. The conference 
(including workshops) proceedings will be published by IEEE and will be 
included in IEEE Xplore.

Detailed information about the paper submission and guidelines to 
authors have been posted on the IEEE CSR 2022 conference website 
https://www.ieee-csr.org [1].

CONFERENCE CHAIRS
-----------------
Stavros Shiaeles, University of Portsmouth (stavros.shiaeles@port.ac.uk)
Nicholas Kolokotronis, University of Peloponnese (nkolok@uop.gr)

CONTACT US
----------

info@ieee-csr.org

Links:
------
[1] https://www.ieee-csr.org/
--=_7d8aa2d2ec6007ed32fca578e8dd5030
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family: Verdana,Gen=
eva,sans-serif'>
<p><span class=3D"">[Please accept our apologies for cross-postings]<br /><=
/span><span class=3D""><strong class=3D""><span style=3D"color: #831100;">[=
CSR IS A VIRTUAL EVENT]</span></strong></span></p>
<div class=3D""><span class=3D"">&nbsp;</span></div>
<div class=3D""><span class=3D"">&nbsp;</span></div>
<div class=3D""><span style=3D"font-family: Courier;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</span></div>
<div class=3D"">
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;"><strong =
class=3D"">C a l l &nbsp; F o r &nbsp; P a p e r s<br class=3D"" /></strong=
><br class=3D"" />IEEE CSR 2022</span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;">IEEE Int=
ernational Conference on Cyber Security and Resilience<br class=3D"" />Virt=
ual Conference | July 27-29, 2022<br class=3D"" /><br class=3D"" /><a class=
=3D"" href=3D"https://www.ieee-csr.org/">https://www.ieee-csr.org/</a>&nbsp=
;<br class=3D"" />=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br class=3D"" /><br =
class=3D"" /><br class=3D"" />The IEEE International Conference on Cyber Se=
curity and Resilience (IEEE CSR) is an annual event sponsored by the IEEE S=
ystems, Man, and Cybernetics (SMC) Society.<br class=3D"" /><br class=3D"" =
/><br class=3D"" />DESCRIPTION &amp; SCOPE<br class=3D"" />----------------=
---<br class=3D"" />The technological and industrial revolution brought by =
complex Cyber-Physical Systems (CPSs) comes with new threats and cyber-atta=
cks that exploit their inherent complexity and heterogeneity. Systems under=
 attack, should exhibit cyber&nbsp;resilience, i.e. a mixture of strategies=
, methods, and techniques to support complex CPS adaptive capacity during c=
yber-attacks. The conference focuses on theoretical and practical aspects o=
f the security, privacy, trust, and resilience of&nbsp;networks, systems, a=
nd services as well as novel ways for dealing with their vulnerabilities an=
d mitigating sophisticated cyber-attacks.<br class=3D"" /><br class=3D"" />=
<br class=3D"" />TOPICS OF INTEREST<br class=3D"" />------------------<br c=
lass=3D"" />Prospective authors are encouraged to submit previously unpubli=
shed contributions from a broad range of topics, which include but are not =
limited to the following:<br class=3D"" /><br class=3D"" /><strong class=3D=
"">Cyber security</strong><br /></span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;">&rsaquo;=
 Cyber-security and AI<br class=3D"" />&rsaquo; Cyber-threat intelligence</=
span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;">&rsaquo;=
 Moving target defense<br class=3D"" />&rsaquo; Network intrusion detection=
<br class=3D"" />&rsaquo; Post-quantum security<br class=3D"" />&rsaquo; Pr=
ivacy and data protection<br class=3D"" /><br class=3D"" /><strong class=3D=
"">Cyber resilience<br class=3D"" /></strong>&rsaquo; AI resilience managem=
ent<br class=3D"" />&rsaquo; Cyber-range platforms<br class=3D"" />&rsaquo;=
 Cyber-risk forecasting<br class=3D"" />&rsaquo; Cyber-security training<br=
 class=3D"" />&rsaquo; Dynamic risk management<br class=3D"" />&rsaquo; Gam=
ification in security<br class=3D"" /><br class=3D"" /><strong class=3D"">C=
omplex CPS security<br class=3D"" /></strong>&rsaquo; Automotive security<b=
r class=3D"" />&rsaquo; Industrial IoT security<br class=3D"" />&rsaquo; Io=
T and cloud forensics<br class=3D"" />&rsaquo; Smart cities security<br cla=
ss=3D"" />&rsaquo; Smart grid security<br class=3D"" />&rsaquo; Virtualizat=
ion security<br class=3D"" /><br class=3D"" />The complete list of topics c=
an be found at the PDF version of the CFP:&nbsp;<a href=3D"https://www.ieee=
-csr.org/docs/ieee_csr_cfp.pdf">https://www.ieee-csr.org/docs/ieee_csr_cfp.=
pdf</a><br class=3D"" /><br class=3D"" /><br class=3D"" />IMPORTANT DATES<b=
r class=3D"" />---------------<br class=3D"" />Paper submission deadline:&n=
bsp;March 18, 2022<br />Authors' notification: April 15, 2022<br class=3D""=
 />Camera-ready submission: May 6, 2022<br class=3D"" />Early registration =
deadline:&nbsp;June 3, 2022<br /><br class=3D"" /><br class=3D"" />SUBMISSI=
ON GUIDELINES<br class=3D"" />---------------------<br class=3D"" />The IEE=
E CSR 2022 conference will accept high-quality regular research papers, Sys=
tematization of Knowledge (SoK) papers, and industrial papers.&nbsp;The IEE=
E CSR 2022 also&nbsp;hosts workshops that specialize into the conference&rs=
quo;s areas or focus on&nbsp;high-quality applied research and innovation r=
esults obtained from&nbsp;cyber-security and resilience projects.<br class=
=3D"" /><br class=3D"" />Submitted manuscripts should not exceed 6 pages (p=
lus 2 extra pages, being subject to overlength&nbsp;page charges) and shoul=
d be of sufficient detail to be evaluated by expert reviewers in the field.=
&nbsp;The conference (including workshops) proceedings will be published by=
&nbsp;IEEE and will be included&nbsp;in IEEE Xplore.</span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;"><span><b=
r class=3D"" />Detailed information about the paper submission and guidelin=
es to authors have been posted on the IEEE CSR 2022 conference website&nbsp=
;<a class=3D"" href=3D"https://www.ieee-csr.org/">https://www.ieee-csr.org<=
/a>.<br class=3D"" /><br class=3D"" /><br class=3D"" />CONFERENCE CHAIRS<br=
 class=3D"" />-----------------<br class=3D"" />Stavros Shiaeles, Universit=
y of Portsmouth (<a class=3D"" href=3D"mailto:stavros.shiaeles@port.ac.uk">=
stavros.shiaeles@port.ac.uk</a>)<br class=3D"" />Nicholas Kolokotronis, Uni=
versity of Peloponnese (<a class=3D"" href=3D"mailto:nkolok@uop.gr">nkolok@=
uop.gr</a>)<br class=3D"" /></span><br class=3D"" /></span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;">&nbsp;</=
span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;"><span cl=
ass=3D"">CONTACT US</span><br class=3D"" /><span class=3D"">----------</spa=
n><br class=3D"" /></span></div>
<div class=3D"" dir=3D"auto"><span style=3D"font-family: Courier;"><a class=
=3D"" href=3D"mailto:info@ieee-csr.org">info@ieee-csr.org</a></span></div>
</div>

</body></html>

--=_7d8aa2d2ec6007ed32fca578e8dd5030--