Cryptography - clarification about 6.2.4 and PQC

[randomstuff]

Current:

6.2.4 [MODIFIED, MERGED FROM 1.6.3] Verify that the application is designed with crypto agility such that random number, encryption or hashing algorithms, key lengths, rounds, ciphers or modes can be reconfigured, upgraded, or swapped at any time, to protect against cryptographic breaks. Similarly, it must also be possible to replace keys and passwords and re-encrypt data. This should allow for seamless upgrades to post-quantum cryptography (PQC), once PQC standards are fully established.

Comment for Bart Preneel:

it is not clear what “fully established” means: 2 IETF RFCs and 3 NIST standards have been published so far – please clarify

I agree with that statement. Probably what we want to say here is "available in commonly-ysed cryptographic libraries"?

[jmanico]

Some of these early PQC standards from NIST have already been proved to be problematic.

I agree with switching from "established" to something along the lines of "in common use" or similar.

[tghosth]

Leave to @danielcuthbert's judgement

[unprovable]

I would think that 'Fully Established' here would imply a) 'has adoption', and b) 'has well tested and widely available standardised code'? Possibly akin to what the Linux Foundation are creating for PQCA - what they call 'high-assurance implementations'?

[tghosth]

I would think that 'Fully Established' here would imply a) 'has adoption', and b) 'has well tested and widely available standardised code'? Possibly akin to what the Linux Foundation are creating for PQCA - what they call 'high-assurance implementations'?

Thanks @unprovable

@randomstuff I think maybe we need to clarify this in the section text. Could you draft a PR based on this comment?

[randomstuff]

Suggestion (only the last sentence is modified):

6.2.4 [MODIFIED, MERGED FROM 1.6.3] Verify that the application is designed with crypto agility such that random number, encryption or hashing algorithms, key lengths, rounds, ciphers or modes can be reconfigured, upgraded, or swapped at any time, to protect against cryptographic breaks. Similarly, it must also be possible to replace keys and passwords and re-encrypt data. This should allow for seamless upgrades to post-quantum cryptography (PQC), once high-assurance implementations of approved PQC schemes or standards are widely available.

Questions:

• PCQ schemes ? PCQ standards ? PCQ protocols ?
• easily available ? widely available ?
• easily available for PCQ schemes but widely available for PQC protocols/standards ?