Hello Thomas,
Thanks for the review of PQC for Engineers draft.
The Issues have been addressed in the
https://github.com/tireddy2/pqc-for-engineers/pull/89 and the updated draft will be published after addressing comments from other reviews of the Last Call.
Regards,
Aritra.
From:
Thomas Fossati via Datatracker <noreply@xxxxxxxx>
Date: Sunday, 15 June 2025 at 16:49
To: art@xxxxxxxx <art@xxxxxxxx>
Cc: draft-ietf-pquip-pqc-engineers.all@xxxxxxxx <draft-ietf-pquip-pqc-engineers.all@xxxxxxxx>, last-call@xxxxxxxx <last-call@xxxxxxxx>, pqc@xxxxxxxx <pqc@xxxxxxxx>
Subject: draft-ietf-pquip-pqc-engineers-12 ietf last call Artart review
CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.
Document: draft-ietf-pquip-pqc-engineers
Title: Post-Quantum Cryptography for Engineers
Reviewer: Thomas Fossati
Review result: Ready with Issues
The stated goals of this document are as follows (taken from the
introduction):
This document aims to provide general guidance to engineers working on
cryptographic libraries, network security, and infrastructure
development, where long-term security planning is crucial.
While the first two categories (netsec and crypto library developers)
are fully catered for, I am not sure that Section 7 provides
infrastructure developers with enough strategic and tactical insight.
This is my main issue with the document.
Personally, I find the editorial style too verbose at times and the
overall structure not particularly cohesive. Perhaps the editors could
take a step back and review the content to reorganise, reflow, prune and
make it smoother. However, this is certainly not a deal-breaker: the
document is very informative, and the editors have done a great job of
capturing many important facets.
One minor issue is that the impact on the IoT devices and deployments is
not mentioned. I am flagging this as a minor issue because perhaps this
topic deserves its own document.
Nits
* Section 1: s/much of classical cryptography/much of classical public
key cryptography/
* Section 1 (third paragraph): PQC is the acronym for Post-quantum
cryptography, not "Post-quantum cryptographic"
* Section 1: 4th para doesn’t seem to introduce any new content. Can it
be dropped?
* Section 1: I am confused by the statement: "PQC is based on
conventional (that is, not quantum) math"
* What is "quantum math"? Is it the mathematics of quantum
mechanics? If so, I am not sure how it differs from "conventional
math".
* Section 3: "as this is" => "as they are"?
* What is the purpose of Section 4? Could it be a sentence instead of an
entire section?
* Section 9:
* OLD:
KEMs, on the other hand, behave according to the following API:
KEM relies on the following primitives [PQCAPI]:
* NEW:
KEMs, on the other hand, behave according to the following API
primitives [PQCAPI]:
* Section 11:
* OLD:
The following table discusses the impact
* NEW:
The following table illustrates the impact
|
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
