Re: [CFRG] NSA vs. hybrid
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 13 November 2021 14:57 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 688F73A15BF for <cfrg@ietfa.amsl.com>; Sat, 13 Nov 2021 06:57:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.33
X-Spam-Level:
X-Spam-Status: No, score=-5.33 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-3.33, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id czZF1AlnhKSq for <cfrg@ietfa.amsl.com>; Sat, 13 Nov 2021 06:57:23 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10124.outbound.protection.outlook.com [40.107.1.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 138D63A15BE for <cfrg@irtf.org>; Sat, 13 Nov 2021 06:57:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KjxfAx/yJmR1BVaTJ7bUCr91B6D05M3ThNsCrCoz9gKOoB9McStxlGVgA4yMBoawP61Q0zsVK59ejya7r8N3MHxlXB5A9XaaGlFAa69OlCjKmAmnI1yaeNNcw+mI5KCcVCQE8/qbMqxLhfBfSKLs6xSecHe6MDllGMZiROIWqlcBN1XHs6VUcxVfxKPEagcPNGPoZaCWrYltV61pvgliz+DigX1N9q5JIsSbzo8ZTUHWZzf+nwxI45LqGJfMDcG28y14G9GXQJgw93QsNrDQ/myWf9ri4iahIWhfH45r7y5B1pnkfxO2+pSJiIKWPgG9j+vYgDvgVH1xjUh01JupOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8AmI3K2vkMBJCCuWm9One01ayzi/bUdATMIpILdZDMM=; b=FE8rDm/OF8+Lz/Z5AenSRWIYk6BHpdaorFEPRTMpFuL4t9PqXvVU8NO7G8IvFd+rZ/lrYqR0Pd28133tWSCjbRgHsAczIumYWd8U2cXDJy6ySQzPuPR3MECAUkxpiGmGbG3zu8umwwmDWNeAlPIDI+jOS/AzNwRYmZ+RnCTHkm36I6n+SwWy6r5LlvT6uSTcxY6+L+B+l72F856s/O3uKKJsWN6aVDYqoKsmr7YKW/y4xZCBEvQKrO5CcitvUb2KF5e8i15N92fqU6SJUeitRA8GMdPAj/EQ/6/apEwz3/XEyiCTGS64y3UjJ1u8Oteqv2Mw0JH7GDtDwJGnBGW8Qw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8AmI3K2vkMBJCCuWm9One01ayzi/bUdATMIpILdZDMM=; b=bQLrVrQM/x8BLziD5AO6mfkLG1GQzIlKhQRfmv/ZgJvB66WHN+lraYNCzqfKKfImshtofqJKaLpDj6wh/MO/ZRWedt2SlB40iPcsPw46rgmZVNVBnmmN68SYC3VH7y+QxjfLy9JW0vmUxajBa4qGDtjqqmc4x8IkgI5BuK2lwM7Zl8Kd0B+erHpJqLjv9I49qquJi4todbgVQ9VgJ0tXGnf8BAu0gxV5KGIIKz2IWSmM1xuvemhU2GTHFgrlRAy3fYo5SKMroyculC56P8dk4SsAvQTlQllIpeLM5zwM5MypPtQkOYmAoWqeNmS4nrL758icQxuFcT1TRLUTivegkA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (20.178.45.207) by DB7PR02MB4249.eurprd02.prod.outlook.com (20.176.239.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.18; Sat, 13 Nov 2021 14:57:18 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::cc12:31d:4dac:8672%3]) with mapi id 15.20.4669.021; Sat, 13 Nov 2021 14:57:18 +0000
To: cfrg@irtf.org
References: <20211113135339.770521.qmail@cr.yp.to>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <9cffc5cd-a844-7311-6fd9-80691b4b10e6@cs.tcd.ie>
Date: Sat, 13 Nov 2021 14:57:15 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <20211113135339.770521.qmail@cr.yp.to>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="xw81QRnPxs5dc7mlUZ4xcyrxFM6A6MlSz"
X-ClientProxiedBy: DB6PR0402CA0008.eurprd04.prod.outlook.com (2603:10a6:4:91::18) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:a924:fefe:9f17:3736] (2001:bb6:5e5e:b458:a924:fefe:9f17:3736) by DB6PR0402CA0008.eurprd04.prod.outlook.com (2603:10a6:4:91::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.15 via Frontend Transport; Sat, 13 Nov 2021 14:57:17 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: db5b0e93-adda-47bd-0c1b-08d9a6b5e30a
X-MS-TrafficTypeDiagnostic: DB7PR02MB4249:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB4249988E4C10E255BE35D544A8969@DB7PR02MB4249.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1923;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fuCptHPEzJfbgcHRNvq16aoBQ3ZMDTdq6AxY09jmMH2BT4G9QysDkfcrozNy+xCng1t53toJNDIe0q9SEXKazr2TwY3KAZOaqfBbQQdYaFnByYYSA6GHwbIwLPiaZk6ZCMcEWVk8dBeeCfWN2EmYnXzOl5hq5uPZkMlVO+xMJWyq6yXJJrGdPbbO3piKL3UNWS+sMim7nuoPETOBmglk9zvS1WIw/9QIOZJclcv4OYBj/CQnCjGX2XZwRud1K8FA8h2+OEYQqSfqsTcQR/Gzt0GejGFDSqFCPFNSpUvUY4Rbx3dvmq25GK4DEd6JvxqE882oOnJJV7pQC1Wr/zRnTiXlW8F1dPo/oaM1jzfcmCiMWE+Ss85wc8+yWqSq/PdBgsw0jGAIoEuDg1VWcUFK11k1U5ZkjbNBMQCMpQhYVgqxFDFzVu8aPRfPJqPs6rA4mO2LRbFEJDgGJh9RcxIxMpm6nVHGBFuJgXhPIbU7xtC/cJPAyBOBciy2sUnzYDZSdq6l/vqxhc9m7Z3EpXtBf4oxL9O9/iud+BNapB3glz9Rjx1+RYfb8xNoS0vnUIK+K47EtVG2/a5/srlcsF44WKMJ9ciKEZnUxXLznN38IlzyJ/LzoYZNEWw5L94QSIoTMvnLtE9pNqLWJLfny5gQcTIKw4OiS70VQxkFkGa55wCeeO4ZDtDUmoLVSHgMEwNx8ejtFuSEowQVZW9QrzPnFYvWzEiQY1JMAE+49BE0RBB756eG2sItLSupwWt2ntkw
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(86362001)(6916009)(44832011)(36756003)(2906002)(8676002)(508600001)(2616005)(66946007)(66556008)(5660300002)(66476007)(53546011)(31686004)(33964004)(31696002)(83380400001)(316002)(786003)(21480400003)(6486002)(38100700002)(235185007)(8936002)(186003)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: K0xMXfSV1ThtloRHPuQu0VEv0C8Qy+zJ+VkDBMcpMGUQRhljQhptZ58RNnDjf0JzmX0CWgQqG4mWm13dt3joeGowBszwRzuvCJZcAn1cCUsTpqN95aAKmqPtdZ/0O7QKtj4CorpbHjqaNTv/3sEkTtidfaIeg/7YzOV8eZYHWUUAQ45UFe+/OitNxZ438Wqr3XVQCqVTl6aNA0+uHxwHKAnRvGgNepXt/jLUeL5UJwCPLgBfErVmsHKpw+Cur0F5oYqey6i1PLn9FRtHW3gvwLTJPBV3ya1XxuT9NwIQuADVU7gvlXk9rO42JNJL3IjfTpotkpS68QiGEVqxbMRDp2lVGuHoIre3JRU6aORpTEC60UsmX4vMjUPfFR1TZ72CKXS4t72Smg99taBu+hSOQH9OwvgQ3leSk4xvh4wKQs9nEXoi85tYE/m3PtzzpW8D3qmAPLIhZXS7qxIk5oKmptMHwUprc7Dk3nevYhBuFmKAyMW5aiZCqeWYFXr8BNbyUPDmHTR/JKItoRwuFnsfnIPGSzm6/Fz35B1CHYVVYXNjDyw9p0ZtbXYQGKRFEbiwzJ9YtjnGLBwwgOKiRFsW0m60A06COFyaGMGxqFu0PWhe+L2dXSAnqQ/tltz/32c/lyzjzNNNW3yf7y+Y6uZNRiD76DqjYEsqVz21BmgDtcSx5BVeZiDPZ5gnQNk2/NW2gd09i8xUpqgjJwz6lOOZ9yKZ8c0usRMvtAV+DT13ItwPlCeBsURkJugEFoE5NKGdsdLHx/NcAOCdGI3X0JiQGJK902hROLHsdtzD2kPcwp8kG/C7UXMSvWNSvdaR36lW79fSWFo/xD8Lbn5mW5cBUOION6jF7X4nF5qwBxeT5k3nu+sCTLkAzhsd/FlrwHO9gbl/vPVDCh0lkNglzs2/gnBgXQcAxLJNcA1NkwAmbAxTKIkReQr/rAcMOlO4D3I0HrQVre/HR7XOsIrvWBMRRDSBUelZjafsfwJX92mzKZAnTYxJ3q5Sk9VUMckveISHZ8e8B3Nb+GxIIFk+Iaqpm6HarTgJbZ9drfqpvlVheXmFbu5Y4Wcb510URxl4l4m9cbRW2IV8jsokU2s404pmv46SOfDqXstF+ROH8JcDgf+bh9tzOHpjB+/wg6cIP7OxtWrNQjXXuB6C8ihwRZQwGDUFZkQCuC+NYQYWs6kHq8zAtXXzz9q4dM8RscY66M59WRtjK8Px7hqUz93rQJnY6DwGOwIKRJH6AmxKP9l+LcstIRV5wyu4ST9oErAbH9qdBcEIBWCW02rdnLDNduf1ebQwR1G3oNH4x0f6PyV5iXwiALBFo8XuYtxN7xc1l3YFzWbUfMh7t++t0SDXUmWxbEBqCPACfMTMdrWdXk0eevqt35F0IeXV2WK6lGsHtVodOMv/olEZ/FJ41uovWPeSgER76eshcizNw5wMFywP+TqtPurASvZWNuLXmRQD0BambF3PmsPv0LademcKLcq0A3sTeZenc3g23lnDy7vluHJeVtPOY0ut15DuE3LmowOt4vKgM944LBvngA2zMBCEtlQQucDOvkGvZFmKEFzIrA0vreSRwCskvN0LEvPSnbRW4c1vZgi0IvFKb37XRmPttLhcGQmrFueuQcm+YZbeZWg=
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: db5b0e93-adda-47bd-0c1b-08d9a6b5e30a
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Nov 2021 14:57:17.9582 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: /njQVYecMtsgZmKtVZe49Mr2RbuYBj9kGl4Ii7ek+K72Invdn3ytnheacSR3CTnH
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB4249
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/snPb87IrAt-D53bEOdwn4IoTMRo>
Subject: Re: [CFRG] NSA vs. hybrid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Nov 2021 14:57:28 -0000
Hiya, I think I'm in general agreement with djb on this. One note though... On 13/11/2021 13:53, D. J. Bernstein wrote: > I agree that certificate validation is a mess. For protocols like TLS (likely to remain the most important for quite a while) I don't think we need care about changes to the web PKI for a much longer while. Maybe we should add some PQC algorithm into some TLS handshakes soon, but there is no need to change the PKI for that in the same timeframe. In general, I'd be for slowing down much of this transition stuff, and having CFRG opine to that effect might be a good thing. Cheers, S.
- [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Stephen Farrell
- Re: [CFRG] NSA vs. hybrid Scott Fluhrer (sfluhrer)
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Jeff Burdges
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Ilari Liusvaara
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Soatok Dreamseeker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid D. J. Bernstein
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Phillip Hallam-Baker
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Dan Brown
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Martin Thomson
- Re: [CFRG] NSA vs. hybrid Andrey Jivsov
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Loganaden Velvindron
- Re: [CFRG] NSA vs. hybrid Richard Outerbridge
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Christopher Peikert
- Re: [CFRG] [EXTERNAL] Re: NSA vs. hybrid Mike Ounsworth
- Re: [CFRG] NSA vs. hybrid Marek Jankowski
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] NSA vs. hybrid Mike Hamburg
- Re: [CFRG] NSA vs. hybrid Natanael
- Re: [CFRG] Re: NSA vs. hybrid Björn Haase