Re: [Cfrg] [TLS] NIST crypto group and HKDF (and therefore TLS 1.3)

Watson Ladd <watsonbladd@gmail.com> Sat, 09 May 2020 15:41 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B4013A0B30; Sat, 9 May 2020 08:41:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFBEwmGM22jc; Sat, 9 May 2020 08:41:03 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C1C13A0B2B; Sat, 9 May 2020 08:41:03 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id f18so4810764lja.13; Sat, 09 May 2020 08:41:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YAv/2udOaIMwiZuR3Wbjrt4kdBRlBsUWPhjja7PE+Zw=; b=nwk1eBoGTIQhwI9MnVOGewrrOUBN1Znkztd4mMN5PyLNWzhNI17XXCTxsmkUx0yikH Zn4raAMmecO60at23AGMrUsBmKKhyzP00fImGaN+7e9pVWVJe9AtZqNAmGifozZmFl0W h/IXr9mNrZ7aHysI0pA8rB8pJUomRJqOOzoTEZzunu86kJFHKjxdQZflIIPdYczrOp17 VpY7vANu/KnoLWQ3dXHmfw9vp+r4yD62NssIhwp0kp/SD8dQk05YB5W8s1NL3Ir2kkeH OUoUMlPZmWclRgRIkJaDXh/5huCPFV0hBLMzgcskny8MfgaBcsr68SY9dammxunzY6jh Pz/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YAv/2udOaIMwiZuR3Wbjrt4kdBRlBsUWPhjja7PE+Zw=; b=fvq2xz52B2w2r3w1Tu1GU9tdI8T9A82/6kkVO6JwATm8RVNyOD2PDI//5wzSi5rkhd VjcV21h4JkwzbJzPKlp+jMnP+lcrDLeTVd7J/qo1sp9PloXdVoVtwkd8FOd/WEnEqi/C HhKALSKXptDakArTX0vkXklVObcnlbfUEnC5KO+2hs1dIxF3AxrMuVvyNB1iqvBMvbRG h0LBkJGupsr7eA7iaJxHVu2tSC7PXnMOgHRP7vp+HNFqViuoRdkKMZ1M1hHufbRrwDKE qkxJggZWYx4zZLkD3zd5Q3JRiKiHQgFDe1G9hVMhHvbYsbOZL7+bAUJUBALBqONsS+RC iEKw==
X-Gm-Message-State: AOAM533kqC70HMsbIcMQmB4XL4RZkoYtr3KFAZUYVZrLlvSDgA/BBMBK 5D5M4hP3cBZ5gM+Z9oamnC0eA/Mi4JTCfITntsp/bW7j
X-Google-Smtp-Source: ABdhPJyBvlrOchPKLDkT04U1cs5uuPde5kN123RHuSD0TvUskX5vTo9S/bBJWHjhHN3kVb24ltloJc4/JlskhjzDMEI=
X-Received: by 2002:a2e:8590:: with SMTP id b16mr5312050lji.45.1589038861145; Sat, 09 May 2020 08:41:01 -0700 (PDT)
MIME-Version: 1.0
References: <07D37E65-0951-49BB-B86E-BD3167ADB352@akamai.com> <9bae52f88d99421cbae6ab362e52c0a3@blackberry.com> <83724575-D77E-4E1C-89E9-7550D816C451@akamai.com> <764a9a78-615c-4a91-817f-d25a2f1643cb@www.fastmail.com> <FFC8BB90-A57A-4A82-8739-1BD71D53DD58@akamai.com>
In-Reply-To: <FFC8BB90-A57A-4A82-8739-1BD71D53DD58@akamai.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 9 May 2020 11:40:49 -0400
Message-ID: <CACsn0c=dp=VczS3gVfnKYFZ5DYjN_h7MN7NHp-7evOGpoC-bjg@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: TLS List <tls@ietf.org>, cfrg@ietf.org
Content-Type: multipart/alternative; boundary="000000000000da593405a538f075"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/dK2lAL_71BfdHLjWaiwHuyk92BY>
Subject: Re: [Cfrg] [TLS] NIST crypto group and HKDF (and therefore TLS 1.3)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2020 15:41:06 -0000

On Sat, May 9, 2020 at 9:08 AM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
wrote:
>
> Sorry for the confusion I caused.
>
> HKDF is part of SP 800-56C.  NIST says that what TLS 1.3 does isn't quite
the same, and therefore will not be covered by 56C. NIST wants to get TLS
1.3 validated for FIPS, and is currently trying to figure out how to do
so.  The comment period for 56C closes Friday, and getting the TLS 1.3 KDF
accepted into that is one way to get TLS 1.3 into FIPS.

Well, now I'm really confused. Can't NIST look at the spec and ensure they
have documents covering all parts of TLS 1.3 for FIPS?

>
> Hope this helps clear things up.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls