From f0f9d3ca8ab7d3ca39619d2158ff1ca7fbd33b6c Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 12 Sep 2024 09:05:00 +0200 Subject: [PATCH 1/4] add explicit usage warning [skip ci] Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index 77997f0f..e4e0838c 100644 --- a/README.md +++ b/README.md @@ -249,6 +249,23 @@ THIS SOFTWARE IS PROVIDED WITH NO WARRANTIES, EXPRESS OR IMPLIED, AND ALL IMPLIED WARRANTIES ARE DISCLAIMED, INCLUDING ANY WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. +## Standards compliance + +This project follows the [NIST PQC standardization process](https://csrc.nist.gov/projects/post-quantum-cryptography) +and aims to support experimentation with the various PQC algorithms +under evaluation and in different stages of standardization by NIST. +`oqsprovider` at this time cannot claim or prove adherence to any +standards documents published. For more details, review the file +[STANDARDS.md](STANDARDS.md) carefully. Most notably, hybrid and +composite implementations exclusively implemented in `oqsprovider` +are at a pre-standard/draft stage only. Over time the project aims +to provide standards compliance and solicits input by way of +contributions to achieve this state. + ## Component disclaimer +`oqsprovider` for the implementation of all pure PQC functionality +is completely dependent on the following package and accordingly +cannot recommend any use beyond experimentation purposes: + [liboqs disclaimer](https://github.com/open-quantum-safe/liboqs#limitations-and-security) From 3d925694bf1c56a86b50346dbfe5efdb61ab4d93 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 12 Sep 2024 13:41:25 +0200 Subject: [PATCH 2/4] copying the liboqs core warning over to avoid any misunderstanding [skip ci] Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e4e0838c..5b0c2c0d 100644 --- a/README.md +++ b/README.md @@ -268,4 +268,8 @@ contributions to achieve this state. is completely dependent on the following package and accordingly cannot recommend any use beyond experimentation purposes: +WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS SOFTWARE IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This software is meant to help with research and prototyping. While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use. + +Further details and background available at: + [liboqs disclaimer](https://github.com/open-quantum-safe/liboqs#limitations-and-security) From b2e4f149747391c078b6fa85e0b3740d6de4d7e5 Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 12 Sep 2024 18:09:42 +0200 Subject: [PATCH 3/4] Update README.md Co-authored-by: Spencer Wilson Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5b0c2c0d..a4b11c52 100644 --- a/README.md +++ b/README.md @@ -265,7 +265,7 @@ contributions to achieve this state. ## Component disclaimer `oqsprovider` for the implementation of all pure PQC functionality -is completely dependent on the following package and accordingly +is completely dependent on [liboqs](https://github.com/open-quantum-safe/liboqs) and accordingly cannot recommend any use beyond experimentation purposes: WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS SOFTWARE IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This software is meant to help with research and prototyping. While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use. From fb99d4c1d4ec6143ecde566a8610bb5945bd49eb Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Thu, 12 Sep 2024 19:19:45 +0200 Subject: [PATCH 4/4] disable CF hybrid interop testing Signed-off-by: Michael Baentsch <57787676+baentsch@users.noreply.github.com> --- scripts/oqsprovider-externalinterop.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/oqsprovider-externalinterop.sh b/scripts/oqsprovider-externalinterop.sh index 7a161a4e..5a6e3129 100755 --- a/scripts/oqsprovider-externalinterop.sh +++ b/scripts/oqsprovider-externalinterop.sh @@ -28,6 +28,11 @@ fi # Ascertain algorithms are available: +# skipping these tests for now as per https://mailarchive.ietf.org/arch/msg/tls/hli5ogDbUudAA4tZXskVbOqeor4 +# TBD replace with suitable ML-KEM hybrid tests as and when available XXX + +exit 0 + echo " Cloudflare:" if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber768); then