Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybrid KEM Combiners
Sophie Schmieg <sschmieg@google.com> Wed, 21 February 2024 20:36 UTC
Return-Path: <sschmieg@google.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8649C14F702 for <cfrg@ietfa.amsl.com>; Wed, 21 Feb 2024 12:36:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.607
X-Spam-Level:
X-Spam-Status: No, score=-17.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uW6f8mcbhZ-v for <cfrg@ietfa.amsl.com>; Wed, 21 Feb 2024 12:36:14 -0800 (PST)
Received: from mail-vs1-xe2a.google.com (mail-vs1-xe2a.google.com [IPv6:2607:f8b0:4864:20::e2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B5BC14F5FE for <cfrg@irtf.org>; Wed, 21 Feb 2024 12:36:09 -0800 (PST)
Received: by mail-vs1-xe2a.google.com with SMTP id ada2fe7eead31-46d745c4fa6so835175137.0 for <cfrg@irtf.org>; Wed, 21 Feb 2024 12:36:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1708547768; x=1709152568; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vurm47jThgJiXetftT3rDCiyTPNwZqzCC3fdzpQv/pA=; b=VDbWeKYYiUhSZd33qa5OCbURajvqQyQVEqyoJYXaJv70bvp7T/eKRxwPhDewVkZzrr 3V8pGVsdSPFeId2pmUDf+NcE2WJF/ED4vqUQSpuAGFCCkmz91VuCVW1+Ioo3LNy2Gbps fOCmov7N2BJ3Z1KxcnSdz1YJMaXNNX9ydSRpJNh0+kAfAzJgpAZUmcclheT7hkdjzqAB KXGHRrq0N15QL/dc8JLUkc3lgj7JEwAk9BQifjSS47UYvex+NmqQZ9dom08pwLgSVrRk sXYUE0F49oQma/aE5YKxSRQ55Zzv7c1sLxYFRzaEo8f4pO1HmBVIriyzzPNsMuuswZru e3qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708547768; x=1709152568; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vurm47jThgJiXetftT3rDCiyTPNwZqzCC3fdzpQv/pA=; b=FAoUisp3Gzy8aztEYQF5gMNeUIu5U2dN3UuYwUe7LuRsOrw9kCHgDwp4Rj5c1akHQu SgkfM3Ta0wGNd+2ij4s7CPQn8clo/rUOIkXen0tJOVp9UWPQAg+MDz5EAo04z1PGm/ti gUB4oVQV3J4xN/HjrGszrw4Bkqu7qSGKAozekaPd+TIlKnwAqe/iJzEGnHyE4aVGcKsQ CPFHQlik45WFyWOIUR7VZPQp57ghVbQfY8siiSm5TENtxCPSM54h2MrlhHdFv6JlItIQ VDkOxFXFGiJ0Vscj6ve2YS2hHAAFCuX02w83Sf7S2h2iLzEwwyRrpD7+gP1qX2gVnyOf Bv3w==
X-Forwarded-Encrypted: i=1; AJvYcCXIm1OrZ1asUILTb5bnJTnfDdWRQuxG+72I0Ey4rLsDOr10s+z9633FhcxKfmjNl1rsIp3hKmLYvlgfTzRU
X-Gm-Message-State: AOJu0Yyldv6GxcZir5vz4AOjqGW2Ntv/rCwYnAjh25q+ROuODrjG0xoo yNWxhy8MJEFNgxQBrWRzoFmtRFOcleyBYn+6cQnL+PjypWGFgANesjQ3QipN/OcGdKTyHe+F+BE lHTyMDnIIh7j+QNPnvFDe6XS24Z5kXx1cdx0e
X-Google-Smtp-Source: AGHT+IFZj6djMYv3rDiHRl7xD49jolFuQybronPRRCkSgi/J0W4/Fsw24+FOe8tMnGK4mZZ2GBBMvwW4On5bisVTRTA=
X-Received: by 2002:a67:ebc8:0:b0:470:43f0:fcb8 with SMTP id y8-20020a67ebc8000000b0047043f0fcb8mr8101422vso.7.1708547768500; Wed, 21 Feb 2024 12:36:08 -0800 (PST)
MIME-Version: 1.0
References: <CAOjisRyCU+nhJm+x-UxEUjEPAPxH6e-Sa+TkwgYYBDcAx_a93g@mail.gmail.com> <ZdIhou0UPo2YH-hx@LK-Perkele-VII2.locald> <4341fe61620343f8a4b6d43a6895ac06@bsi.bund.de> <ZdOM0Ju-_Mo6WUnJ@LK-Perkele-VII2.locald> <448616f1d7864b81a2f7e4b18ae4ddee@bsi.bund.de> <CAEEbLAbmEG-V5NbOUH9HGHHe6Gr3fbKd=t1rV37ds4+mh9bSaw@mail.gmail.com> <CH0PR11MB5739C5D339D52F1F2F9B251B9F502@CH0PR11MB5739.namprd11.prod.outlook.com> <CACsn0cncaCcO1cLVKOLykZ+bPGPLOSYBrhBvMw6hgKdE4hVrLw@mail.gmail.com> <CAEEbLAYJZ1T2QrKuYx9SNUTu-_j599i06exeecFz-FerUS3NAA@mail.gmail.com> <SY4PR01MB625152FE8A301EBB3FE3FEC8EE572@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB625152FE8A301EBB3FE3FEC8EE572@SY4PR01MB6251.ausprd01.prod.outlook.com>
From: Sophie Schmieg <sschmieg@google.com>
Date: Wed, 21 Feb 2024 12:35:57 -0800
Message-ID: <CAEEbLAby+MfOqgaT9f-tVxoCSZnpsLSOk1Vx=4xwKZ28ZvnFoA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>, Watson Ladd <watsonbladd@gmail.com>, CFRG <cfrg@irtf.org>, "Kousidis, Stavros" <stavros.kousidis@bsi.bund.de>
Content-Type: multipart/alternative; boundary="000000000000d377830611ea46ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/vU6vR0TvX1vntOkWczXtu7KtsY4>
Subject: Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybrid KEM Combiners
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 20:36:18 -0000
Oh yeah, there is definitely lots of PKCS1 + AES-CBC, but that is so trivially insecure that the combiner doesn't really have to care about it to begin with in my opinion, since you can't make the argument that the PQC algorithm might be less secure. On Tue, Feb 20, 2024 at 5:09 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org> writes: > > >I'm specifically thinking about S/MIME, which might be one of the more > >complex situations. At the moment, the most commonly used encryption > scheme > >there is using RSA-OAEP to encrypt an AES-CBC or (hopefully mostly these > >days) AES-GCM key. > > What's that claim based on? Is it a specific operating environment? I've > seen essentially zero use of OAEP in S/MIME, it's all PKCS #1 v1.5. > > I do still occasionally see RC2/40 used, just as a side-note. > > Peter. > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://mailman.irtf.org/mailman/listinfo/cfrg > -- Sophie Schmieg | Information Security Engineer | ISE Crypto | sschmieg@google.com
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Mike Ounsworth
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Orie Steele
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Chris Barber
- [CFRG] Call for adoption: Hybrid KEM Combiners Nick Sullivan
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Aritra Banerjee (Nokia)
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Stephen Farrell
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Dan Brown
- Re: [CFRG] [EXTERNAL] Call for adoption: Hybrid K… Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Call for adoption: Hybrid K… Ira McDonald
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Russ Housley
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners D. J. Bernstein
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Nick Sullivan
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Santosh Chokhani
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Deirdre Connolly
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Aron Wussler
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Nick Sullivan
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… D. J. Bernstein
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Mike Ounsworth
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners D. J. Bernstein
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… D. J. Bernstein
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Aron Wussler
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Flo D
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… D. J. Bernstein
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Kousidis, Stavros
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Bas Westerbaan
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Kris Kwiatkowski
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Ilari Liusvaara
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Kousidis, Stavros
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Ilari Liusvaara
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Kousidis, Stavros
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Sophie Schmieg
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Mike Ounsworth
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Sophie Schmieg
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Watson Ladd
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Peter Gutmann
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Watson Ladd
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Sophie Schmieg
- Re: [CFRG] [EXTERNAL] Re: Call for adoption: Hybr… Peter Gutmann
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Nick Sullivan
- Re: [CFRG] Call for adoption: Hybrid KEM Combiners Nick Sullivan