botan icon indicating copy to clipboard operation
botan copied to clipboard
verified publisher icon randombit

Adopt (temporary) PQC OID mappings from IETF hackathon

Open reneme opened this issue 2 years ago • 5 comments

As suggested in #3585, this changes the (nonetheless temporary) OID mappings for Kyber, Dilithium and SPHINCS+ to the mappings used in the IETF interoperability hackathon.

For backward compatibility to Botan 3.0.0, we will be able to read the OIDs for Kyber/Dilithium that were previously defined in Botan's private region.

With SPHINCS+ merged earlier today no backward compatibility will be needed here. However, the hackathon does not seem to define OIDs for SPHINCS+ with SHAKE (let alone Haraka). We therefore have no other choice than to keep those in Botan's private region for now.

@janklaussner, @randombit Thoughts on that?

reneme avatar Jun 19 '23 14:06 reneme

Coverage Status

coverage: 91.711%. remained the same when pulling 3f1b14322ef5674c8b46b9817479eabb59501dd2 on Rohde-Schwarz:chore/oid_assignments into 99dbdd53a9a9ac66e4d4fe710413bb7402f6cb95 on randombit:master.

coveralls avatar Jun 19 '23 16:06 coveralls

@reneme Looks fine to me modulo the concerns about key encoding I raised in #3585. I have not had a chance to follow up on this aspect.

randombit avatar Jun 22 '23 11:06 randombit

I'm going to defer on this one until 3.2 - the worst possible outcome here is we switch the OIDs but then the other implementations are using an incompatible key encoding. That would leave us with a bigger problem than the current situation.

randombit avatar Jul 10 '23 10:07 randombit