Hi All,

A few years ago a proposal for External Public Keys was published in the IETF, it was added to BC not long after by user request, but we've since lost track of the person who asked for it. Originally the requestor was working on system using Classic McEliece. The executive summary on External Public Keys is they store the hash of the public key and a retrieval URL, not the key itself. For people using an algorithm like Classic McEliece, where a public key can be 1.3 Meg, the advantage of maintaining a key cache and not burdening the general protocol layer with certificates trying to contain the Classic McEliece key directly is easy to see.

The proposal has been since bought back to life here:

https://datatracker.ietf.org/doc/draft-ounsworth-lamps-pq-external-pubkeys/

but it's going to founder again if someone can't produce some feedback from people saying they want to use it. If it does founder again we'll probably need to deprecate the support.

So, is anyone using this? Or thinking of using it? Have any feedback on our implementation in general? Any better ideas?

The move to PQC for public key cryptography is going to present a lot of challenges, ideally we'd have standards that would help, our feeling (based on the earlier request) is that this is one standard that would help, but the IETF rules require us to present someone who is actually going to use it.

As I said, feedback would be much appreciated.

Thanks,

David