IETF Logo Mail Archive

[CFRG] Re: Taking X-Wing to Independent Stream

Dan Harkins <dharkins@lounge.org> Tue, 04 March 2025 17:48 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@mail2.ietf.org
Delivered-To: cfrg@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 389CB74524E for <cfrg@mail2.ietf.org>; Tue, 4 Mar 2025 09:48:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5NXBFLaoccGo for <cfrg@mail2.ietf.org>; Tue, 4 Mar 2025 09:48:47 -0800 (PST)
Received: from www.goatley.com (www.goatley.com [198.137.202.94]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 70DC7745209 for <cfrg@irtf.org>; Tue, 4 Mar 2025 09:48:47 -0800 (PST)
Received: from kitty.bergandi.net (syn-076-176-014-122.res.spectrum.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTPS id <0SSM0K71W1HADG@wwwlocal.goatley.com> for cfrg@irtf.org; Tue, 04 Mar 2025 12:48:46 -0500 (EST)
Received: from [192.168.1.24] (customer.snjecax1.pop.starlinkisp.net [98.97.26.200]) by kitty.bergandi.net (PMDF V6.8 #2433) with ESMTPSA id <0SSM00NCA1H8U5@kitty.bergandi.net> for cfrg@irtf.org; Tue, 04 Mar 2025 09:48:46 -0800 (PST)
Received: from customer.snjecax1.pop.starlinkisp.net ([98.97.26.200] EXTERNAL) (EHLO [192.168.1.24]) with TLS/SSL by kitty.bergandi.net ([10.0.42.19]) (PreciseMail V3.3-1); Tue, 04 Mar 2025 09:48:46 -0800
Date: Tue, 04 Mar 2025 09:48:44 -0800
From: Dan Harkins <dharkins@lounge.org>
In-reply-to: <CAEEbLAYOyHKTpLzU4kRiBk+KtvxY9QonAWqT-qD47kMt-EAk-A@mail.gmail.com>
To: Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>, Loganaden Velvindron <loganaden@gmail.com>
Message-id: <93a1bb8f-5054-44c2-b4f7-239ec9a7ae24@lounge.org>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_13JqF4Xtc3b5uV+/IW88GA)"
Content-language: en-US
User-Agent: Mozilla Thunderbird
X-PMAS-SPF: SPF check skipped for authenticated session (recv=kitty.bergandi.net, send-ip=98.97.26.200)
X-PMAS-External-Auth: customer.snjecax1.pop.starlinkisp.net [98.97.26.200] (EHLO [192.168.1.24])
References: <CAFR824xR4OryK8weuL4NV2+Xek_XzysWNgGdsO_R4ZmrYNrZ1w@mail.gmail.com> <CAKoiRuZdimd9_9UFePZzEOhrvbCZXKVjxmcLtNUyCedJd5d_ig@mail.gmail.com> <GVXPR07MB967891C9ACB6C074D24270B789CC2@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAOp4FwQ7001uZYSiS0Bg66kuztHXJqYX0TM85VwqZaXugiSjSA@mail.gmail.com> <CAEEbLAYOyHKTpLzU4kRiBk+KtvxY9QonAWqT-qD47kMt-EAk-A@mail.gmail.com>
X-PMAS-Software: PreciseMail V3.3-1 [250303] (kitty.bergandi.net)
X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists)
Message-ID-Hash: 3BKRMY5O4FW7D3DIR3XMSYJMYWR6V5ZL
X-Message-ID-Hash: 3BKRMY5O4FW7D3DIR3XMSYJMYWR6V5ZL
X-MailFrom: dharkins@lounge.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, CFRG <cfrg@irtf.org>, "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [CFRG] Re: Taking X-Wing to Independent Stream
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/DXR00qy6rTIajHudrD7gd5i4qrA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

   Are these implementers who don't want to deploy non-standard
cryptography aware of what a Independent Stream RFC is? It will
say:

    This is a contribution to the RFC Series, independently of any other
    RFC stream.  The RFC Editor has chosen to publish this document at
    its discretion and makes no statement about its value for
    implementation or deployment.  Documents approved for publication by
    the RFC Editor are not candidates for any level of Internet Standard;
    see Section 2 of RFC 7841.

Do they just need an RFC number?

   regards,

   Dan.

On 3/3/25 1:43 PM, Sophie Schmieg wrote:
> In my opinion, there is indeed some urgency to the adoption of X-Wing. 
> As mentioned, NIST is referring to it already, and several 
> implementors are itching to deploy it, but do not want to deploy 
> non-standard cryptography. This has led to the rather unfortunate 
> situation that pure deployment of PQC is currently far easier than 
> hybrid deployment, despite the hybrid deployment being recommended by 
> some regulators (mostly BSI and ANSSI).
>
> X-Wing has been well analyzed in academia [1], I don't think there are 
> any concerns about the cryptographic correctness that would warrant 
> further reviews here.
> The only counterargument I know of is that there are similar, but not 
> quite equivalent proposals that are more generic, but X-Wing, with its 
> already well-defined format, is in my opinion a much more mature 
> candidate, that given the time pressure to finally have a hybrid 
> standard out would be highly welcomed.
>
> [1] https://eprint.iacr.org/2024/039
>
> On Fri, Feb 28, 2025 at 11:20 PM Loganaden Velvindron 
> <loganaden@gmail.com> wrote:
>
>     Last time I checked, NIST is already referring to X-Wing.
>
>     "This is sometimes referred to as hybrid 978 PQ/T (post-quantum /
>     traditional) key establishment. For example, X-Wing is a hybrid 979
>     PQ/T KEM built from two components: ML-KEM (a lattice-based
>     post-quantum KEM) and 980 X25519 (a traditional Diffie-Hellman-style
>     key exchange)"
>
>     >From :
>     https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-227.ipd.pdf
>
>     On Fri, 28 Feb 2025 at 22:27, John Mattsson
>     <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:
>     >
>     > Hi Deidre and the X-Wing Team,
>     >
>     >
>     >
>     > I am happy to help with any effort to get X-Wing published as an
>     RFC. X-Wing is already the de facto standard for practical use of
>     ML-KEM in TLS, DTLS, and QUIC. I hope it will be MTI as soon as
>     possible. I think it is essential to document X-Wing in an RFC. I
>     think NIST should refer to X-Wing as a good example of a hybrid
>     KEM in SP 800-227. Chosing a fast secure Montgomery curve and
>     using SHA-3 as KDF are the optimal choices. I am against CFRG
>     combining ML-KEM with anything else.
>     >
>     >
>     >
>     > The only problem with X-Wing is that it is not generic, but
>     X-Wing should be everybody's first hand choice if they want do
>     deploy ML-KEM.
>     >
>     >
>     >
>     > Cheers,
>     >
>     > John
>     >
>     >
>     >
>     > From: Rohan Mahy <rohan.mahy@gmail.com>
>     > Date: Friday, 28 February 2025 at 18:23
>     > To: Deirdre Connolly <durumcrustulum@gmail.com>
>     > Cc: CFRG <cfrg@irtf.org>, Independent Submissions Editor (Eliot
>     Lear) <rfc-ise@rfc-editor.org>
>     > Subject: [CFRG] Re: Taking X-Wing to Independent Stream
>     >
>     > I'm willing to do document review.
>     >
>     > Thanks,
>     >
>     > -rohan
>     >
>     >
>     >
>     > On Fri, Feb 28, 2025, 08:33 Deirdre Connolly
>     <durumcrustulum@gmail.com> wrote:
>     >
>     > FYI the chairs have declined again to have an adoption call for
>     X-Wing. The authors are now in discussion with the Independent
>     Stream Editor to pursue review and publication there.
>     >
>     >
>     >
>     > https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/
>     >
>     >
>     >
>     > If you wish to volunteer document and cryptographic reviews for
>     X-Wing we can take those to the ISE.
>     >
>     >
>     >
>     > Thanks for all the interest and support!
>     >
>     >
>     >
>     > Cheers,
>     >
>     > Deirdre, on behalf of the X-Wing Team
>     >
>     > _______________________________________________
>     > CFRG mailing list -- cfrg@irtf.org
>     > To unsubscribe send an email to cfrg-leave@irtf.org
>     >
>     > _______________________________________________
>     > CFRG mailing list -- cfrg@irtf.org
>     > To unsubscribe send an email to cfrg-leave@irtf.org
>
>     _______________________________________________
>     CFRG mailing list -- cfrg@irtf.org
>     To unsubscribe send an email to cfrg-leave@irtf.org
>
>
>
> -- 
>
> Sophie Schmieg | Information Security Engineer | ISE 
> Crypto |sschmieg@google.com
>
>
> _______________________________________________
> CFRG mailing list --cfrg@irtf.org
> To unsubscribe send an email tocfrg-leave@irtf.org

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius

v2.43.4 | Report a Bug | By Email | System Status