| CARVIEW |
Select Language
HTTP/2 200
date: Mon, 14 Jul 2025 03:14:52 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self' 'unsafe-inline' data: https://datatracker.ietf.org/ https://www.ietf.org/ https://ietf.org/ https://analytics.ietf.org https://static.ietf.org; frame-ancestors 'self' ietf.org *.ietf.org meetecho.com *.meetecho.com
cross-origin-opener-policy: unsafe-none
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=3600; includeSubDomains
vary: Cookie, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cf-cache-status: MISS
expires: Mon, 14 Jul 2025 07:14:52 GMT
cache-control: public, max-age=14400
server: cloudflare
cf-ray: 95edda2d791de8e0-BLR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
IETF Last Call Review of draft-ietf-pquip-pqc-engineers-12
Skip to main content
IETF Last Call Review of draft-ietf-pquip-pqc-engineers-12
IETF Last Call Review of draft-ietf-pquip-pqc-engineers-12
review-ietf-pquip-pqc-engineers-12-artart-lc-fossati-2025-06-15-00
review-ietf-pquip-pqc-engineers-12-artart-lc-fossati-2025-06-15-00
The stated goals of this document are as follows (taken from the
introduction):
This document aims to provide general guidance to engineers working on
cryptographic libraries, network security, and infrastructure
development, where long-term security planning is crucial.
While the first two categories (netsec and crypto library developers)
are fully catered for, I am not sure that Section 7 provides
infrastructure developers with enough strategic and tactical insight.
This is my main issue with the document.
Personally, I find the editorial style too verbose at times and the
overall structure not particularly cohesive. Perhaps the editors could
take a step back and review the content to reorganise, reflow, prune and
make it smoother. However, this is certainly not a deal-breaker: the
document is very informative, and the editors have done a great job of
capturing many important facets.
One minor issue is that the impact on the IoT devices and deployments is
not mentioned. I am flagging this as a minor issue because perhaps this
topic deserves its own document.
Nits
* Section 1: s/much of classical cryptography/much of classical public
key cryptography/
* Section 1 (third paragraph): PQC is the acronym for Post-quantum
cryptography, not "Post-quantum cryptographic"
* Section 1: 4th para doesn’t seem to introduce any new content. Can it
be dropped?
* Section 1: I am confused by the statement: "PQC is based on
conventional (that is, not quantum) math"
* What is "quantum math"? Is it the mathematics of quantum
mechanics? If so, I am not sure how it differs from "conventional
math".
* Section 3: "as this is" => "as they are"?
* What is the purpose of Section 4? Could it be a sentence instead of an
entire section?
* Section 9:
* OLD:
KEMs, on the other hand, behave according to the following API:
KEM relies on the following primitives [PQCAPI]:
* NEW:
KEMs, on the other hand, behave according to the following API
primitives [PQCAPI]:
* Section 11:
* OLD:
The following table discusses the impact
* NEW:
The following table illustrates the impact