Re: [Cfrg] [TLS] NIST crypto group and HKDF (and therefore TLS 1.3)

"Salz, Rich" <rsalz@akamai.com> Sat, 09 May 2020 13:07 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A0DB3A09B4; Sat, 9 May 2020 06:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKmXCWlJCaG5; Sat, 9 May 2020 06:07:40 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56C593A0985; Sat, 9 May 2020 06:07:39 -0700 (PDT)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 049D2LL1008183; Sat, 9 May 2020 14:07:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=hDcwn2wOKW78+NNbUNie09CtMKwPM6m50Vp2Y05TSAQ=; b=UJFIt2o6OE8r61AR96xCkOH4CwyCB+PxF/lNdugOXanFaSv9C7orbdNvFEnSdBv1usD6 +wFZ6jJihIUWEDlDrV+FInGlD3F40mFW2oGJa7EBq9xVN9Oyeoqt96lsBRZEyTyZ35xs 7722qQMteR5PPF590HocopFCgf4BMnTAdPClmC3s8ESgpjYzUGfbUUKnCFPoVrKW419D pCUg5FzLKGYHWNr4RUAcigrydbymmSujonnhUy4y89HHtw8ZpmzEBKCZ79gksyxxSIl2 vuS/Mc/vTbjJV9VcEgKGvFkxOo9Ec5fXBad5RZVArDrnt0KDhucr7+MsyP8qO41Y3FjS Cw==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 30wks9yjjk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 09 May 2020 14:07:38 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 049D2fk1004567; Sat, 9 May 2020 09:07:37 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.118]) by prod-mail-ppoint3.akamai.com with ESMTP id 30wquu22jr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 09 May 2020 09:07:37 -0400
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com (172.27.165.121) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 9 May 2020 08:07:37 -0500
Received: from USTX2EX-DAG1MB3.msg.corp.akamai.com ([172.27.165.121]) by ustx2ex-dag1mb3.msg.corp.akamai.com ([172.27.165.121]) with mapi id 15.00.1497.006; Sat, 9 May 2020 08:07:37 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls@ietf.org" <tls@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>
CC: Sam Whited <sam@samwhited.com>, Dan Brown <danibrown@blackberry.com>
Thread-Topic: [TLS] NIST crypto group and HKDF (and therefore TLS 1.3)
Thread-Index: AQHWJXY75SUMYNJzo0q8VSbsRy8U7aiep7QAgAAXq4CAAEkFAIAAww4A
Date: Sat, 9 May 2020 13:07:35 +0000
Message-ID: <FFC8BB90-A57A-4A82-8739-1BD71D53DD58@akamai.com>
References: <07D37E65-0951-49BB-B86E-BD3167ADB352@akamai.com> <9bae52f88d99421cbae6ab362e52c0a3@blackberry.com> <83724575-D77E-4E1C-89E9-7550D816C451@akamai.com> <764a9a78-615c-4a91-817f-d25a2f1643cb@www.fastmail.com>
In-Reply-To: <764a9a78-615c-4a91-817f-d25a2f1643cb@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20050303
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.47.170]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F4E6D1D5D6A06C46B012421D124B92DC@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-09_03:2020-05-08, 2020-05-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=828 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2005090115
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-09_03:2020-05-08, 2020-05-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1011 bulkscore=0 phishscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 mlxlogscore=825 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2005090114
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/E-aF4ECv3iB1APB2Zhqv8XpXRQk>
Subject: Re: [Cfrg] [TLS] NIST crypto group and HKDF (and therefore TLS 1.3)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2020 13:07:42 -0000

Sorry for the confusion I caused.

HKDF is part of SP 800-56C.  NIST says that what TLS 1.3 does isn't quite the same, and therefore will not be covered by 56C. NIST wants to get TLS 1.3 validated for FIPS, and is currently trying to figure out how to do so.  The comment period for 56C closes Friday, and getting the TLS 1.3 KDF accepted into that is one way to get TLS 1.3 into FIPS.

Hope this helps clear things up.