Re: [Crypto-panel] Review request: draft-josefsson-ntruprime-ssh
Ludovic Perret <ludovic.perret@lip6.fr> Mon, 30 October 2023 17:18 UTC
Return-Path: <ludovic.perret@lip6.fr>
X-Original-To: crypto-panel@ietfa.amsl.com
Delivered-To: crypto-panel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8793FC151084; Mon, 30 Oct 2023 10:18:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVBrAtIEbrSJ; Mon, 30 Oct 2023 10:18:03 -0700 (PDT)
Received: from osiris.lip6.fr (osiris.lip6.fr [IPv6:2001:660:3302:283c::1e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F351C15170B; Mon, 30 Oct 2023 10:18:01 -0700 (PDT)
Received: from poleia.lip6.fr (poleia.lip6.fr [132.227.201.8]) by osiris.lip6.fr (8.16.1/8.15.2) with ESMTP id 39UHHm7H000576; Mon, 30 Oct 2023 18:17:50 +0100 (CET)
Received: from [132.227.101.35] (unknown [132.227.101.35]) by poleia.lip6.fr (Postfix) with ESMTPSA id 3889B32BD61; Mon, 30 Oct 2023 18:17:48 +0100 (CET)
From: Ludovic Perret <ludovic.perret@lip6.fr>
To: "Stanislav V. Smyshlyaev" <smyshsv@gmail.com>, Roman Danyliw <rdd@cert.org>, "crypto-panel@irtf.org" <crypto-panel@irtf.org>, cfrg-chairs@ietf.org
Date: Mon, 30 Oct 2023 17:17:47 +0000
Message-Id: <em3cf62103-9727-47e3-a073-bb7f91e85de9@a5b722a3.com>
In-Reply-To: <CAMr0u6nsDnAY196EyA0JRduPDmk7gP2tDe5RgdNwdjAFA1Jwnw@mail.gmail.com>
References: <BN2P110MB11072EDFD245DA1F0FA28FCCDCEDA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAMr0u6nsDnAY196EyA0JRduPDmk7gP2tDe5RgdNwdjAFA1Jwnw@mail.gmail.com>
Reply-To: Ludovic Perret <ludovic.perret@lip6.fr>
User-Agent: eM_Client/9.2.1841.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB9581A82B-D39D-4041-81A3-66AFA5B8ED5B"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (osiris.lip6.fr [132.227.60.30]); Mon, 30 Oct 2023 18:17:50 +0100 (CET)
X-Scanned-By: MIMEDefang 3.3 on 132.227.60.30
Archived-At: <https://mailarchive.ietf.org/arch/msg/crypto-panel/wIIKFsYfoLNwVSQrcOQlveHfSkA>
Subject: Re: [Crypto-panel] Review request: draft-josefsson-ntruprime-ssh
X-BeenThere: crypto-panel@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Review Panel review coordination <crypto-panel.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/crypto-panel/>
List-Post: <mailto:crypto-panel@irtf.org>
List-Help: <mailto:crypto-panel-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/crypto-panel>, <mailto:crypto-panel-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2023 17:18:08 -0000
Dear all, Independently of the technical quality, I have a strong “philosophical" concern about this draft. NIST has now selected a first post-quantum standard for KEM, and four more KEM are currently in a fourth round for a possible standardization in a few years. NTRU Prime is NOT one of these algorithms. Thus, I don’t see any fundamental reason to deploy a non-NIST standard in a widely used protocol such as SSH. Quite the opposite. This could be counter-productive for the fast deployment of post-quantum cryptography, will induce compatibility problems, will probably be seen by the community as a de-facto adoption by IETF of NTRU prime, etc .. What do you think ? Best Regards, Ludovic, ------ Message d'origine ------ De "Stanislav V. Smyshlyaev" <smyshsv@gmail.com> À "Roman Danyliw" <rdd@cert.org>; "crypto-panel@irtf.org" <crypto-panel@irtf.org> Cc cfrg-chairs@ietf.org; "Ludovic Perret" <ludovic.perret@lip6.fr>; "Ludovic Perret" <ludovic.perret@gmail.com> Date 23/10/2023 13:12:10 Objet Re: [Crypto-panel] Review request: draft-josefsson-ntruprime-ssh >Dear Crypto Panel Experts, > >We would like to support Roman's request for a Crypto Panel review. > >The name of the draft is "Secure Shell (SSH) Key Exchange Method Using >Hybrid Streamlined NTRU Prime sntrup761 and X25519 with SHA-512: >sntrup761x25519-sha512", >https://datatracker.ietf.org/doc/html/draft-josefsson-ntruprime-ssh >(see also >https://mailarchive.ietf.org/arch/msg/secdispatch/uM9_Vy97C53MWoLSFNuRKUC6iuA/) > >The review on behalf of Crypto Panel should mainly focus on csntrup761 >itself as a cryptographic mechanism which is new to the IETF. > >https://datatracker.ietf.org/doc/html/draft-josefsson-ntruprime-ssh > >Any volunteers? > >Ludovic, Jean-Philippe, Chloe, Scott? > > >Regards, >Stanislav (for CFRG Chairs) > >On Sat, Sep 9, 2023 at 12:24 AM Roman Danyliw <rdd@cert.org> wrote: >>Hi Crypto Panel! >> >>I would like to request a review of draft-josefsson-ntruprime-ssh. >>Full history of this request at >>https://mailarchive.ietf.org/arch/msg/secdispatch/uM9_Vy97C53MWoLSFNuRKUC6iuA/. >> >>In short, this draft is requesting a code point in an SSH registry >>with a registration policy of "IETF Review". This code point would >>register a new key exchange method of "sntrup761x25519-sha512" that >>has been fielded for several years in the SSH ecosystem. Since this >>is the first introduction (to my knowledge) of the NTRU Prime >>sntrup761 in the IETF stream, a Crypto Panel review is being requested >>to review this "new-to-the-IETF" cryptography. >> >>Thanks, >>Roman >> >> >>_______________________________________________ >>Crypto-panel mailing list >>Crypto-panel@irtf.org >>https://www.irtf.org/mailman/listinfo/crypto-panel ------------------------------------------------------------------------- Ludovic Perret Associate Professor, HDR PolSys/LIP6/Sorbonne University Coordinator of International Mobility for Computer Science Co-founder of CryptoNext Security https://www-polsys.lip6.fr/~perret/ https://www.linkedin.com/in/ludovic-perret-37a12524/ 4 Place Jussieu, F-75252 Paris cedex 5, France Office : 26-00 323 M: +33 6 95 51 66 81
- [Crypto-panel] Review request: draft-josefsson-nt… Roman Danyliw
- Re: [Crypto-panel] Review request: draft-josefsso… Stanislav V. Smyshlyaev
- Re: [Crypto-panel] Review request: draft-josefsso… Ludovic Perret
- Re: [Crypto-panel] Review request: draft-josefsso… Ludovic Perret
- Re: [Crypto-panel] Review request: draft-josefsso… Stephen Farrell
- Re: [Crypto-panel] Review request: draft-josefsso… Ludovic Perret