Request PQ Dilithium5 Cert with SSCEP about sscep HOT 1 CLOSED

The sscep code base compiles against upstream OpenSSL and hence does not support the unofficial PQC OpenSSL variant published by Open Quantum Safe.
First of all, the PQC standardization is by far not finished yet. Although we now have the finalists which will very likely be adopted in the upcoming standards, it is not clear yet how these algorithms will be included in all the standards which deal with cryptographic algorithms. We even do not know yet if PQC algorithms will simply replace traditional algorithms in certificates and other primitives (this is what Open Quantum Safe's OpenSSL is doing) or the IETF will propose a hybrid approach to allow for a smooth transition between traditional and PQC algorithms. I believe the latter will be the way to go, but for that, as mentioned, we first need standardization to define how hybrid algorithms shall be encoded/transported and how they shall be used in existing standards. In my opinion it does not make much sense to prepare for the native replacement of traditional algorithms with PQC ones before standardization has finished.

That said, even if sscep already supported PQC algorithms via the OQS OpenSSL fork, it is very likely that this will not be the final word on it, and it is even more likely that all the other infrastructure involved (software used by the Issuing CA, Relying Parties and End Entities) will not support these PQC algorithms right now.

For the sscep project, the sensible way to deal with this is to wait for standardization to finish (algorithm choice, updates of the X.509, PKCS#7 and SCEP RFCs) and only then implement the necessary modifications.

from sscep.