IETF Last Call Review of draft-ietf-pquip-pqc-engineers-12
review-ietf-pquip-pqc-engineers-12-secdir-lc-orman-2025-06-09-00
review-ietf-pquip-pqc-engineers-12-secdir-lc-orman-2025-06-09-00
Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. The document has a lot of information about Post Quantum Cryptography --- why it is necessary for long-term security, the many considerations to keep in mind when deciding to use PQC, the security properties of various algorithms for signing, hashing, and exchanging keys. From the introduction to the document: "... detailing the impact of CRQCs on existing systems and the challenges involved in transitioning to post-quantum algorithms" "... this shift may require significant protocol redesign due to the unique properties of post-quantum algorithms." The authors make a valiant effort to unravel the PQC ball of yarn, and they have a great deal of information to share. I think it would be good to have a document like this, but I'm skeptical about this draft being the right thing. The minor problems with the document aggregate around introducing terminology or specific references before defining them. There is a warning about possible quick advances in quantum computing that might sharply increase the number of logical qubits, but the dependence of successful QC on logical qubits is not explained. There's some hyperbole that is not based on published data, and other similar things. The first half of the document might be text from multiple authors that was edited together. Although it reads smoothly, the logic of it is "jumpy". I started marking problem areas, but that distracted me from reading the whole thing, so I abandoned the details and read it through for content. The larger problem is that there is a great deal of information and a lot of admonishments and warnings about considering this and that, but there's very little clear guidance. Or there is far too much guidance. At one point the document mentions that it may take decades to transition to PQC. But their methodology for evaluating need for PQC may indicate the some organizations should transition immediately. How can they do that if everything is as complicated as the document indicates? I don't know if very many people will be helped by reading this document. Most will probably throw up their hands and say "there's no hope." I think the guidance needs to be more consistent, simpler (less "branchy"), and more focused on solutions. If it is the case that anyone involved in the PQC transition needs to know everything this document, then I can understand why it might take decades to get to the PQ world. Hilarie