IETF Logo Mail Archive

Re: [Curdle] sntrup761x25519-sha512

Simon Josefsson <simon@josefsson.org> Tue, 16 May 2023 05:53 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B727C1522C8; Mon, 15 May 2023 22:53:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="sTX7Ym1k"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="POVcvwe2"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDaa32oeKoM4; Mon, 15 May 2023 22:53:30 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F9FC15198E; Mon, 15 May 2023 22:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=I8vH9kFEf3AkQtJx9v13IT45yLUXwVVcsKYimPT47JQ=; t=1684216399; x=1685425999; b=sTX7Ym1kyR3/w5rt5FBrYYfRxZ15gpTRqHQW3sy/fj4pT7/CkSHCqOLwE8po0NuW1khxVx4jlKP yVhqqMRgJCA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=I8vH9kFEf3AkQtJx9v13IT45yLUXwVVcsKYimPT47JQ=; t=1684216399; x=1685425999; b=POVcvwe2qZTwvgNskfk/JtlzSHJReDi+ek4kEOdWMQ66j+wGS6N3YbDmnDa6qSkV/vGwyXukkTp NKTez0MN2yw+TxRFQDP+5BAq2qqq1SbBSnW+mm/yLySwkFHYclHmIxtIw20tfMJtlLWtnu568uBOe xuTAFH1s/ApVjREDX3wyGyyF6WUVd6yJC06m/EUsOvFGU1MLKitdkJRHHtjax/VyA6J/LfdVs/0sg +9YweYSgOT7Iuz19IAGSE+I5pXPh6LeZ0L+TNX7DulCHLLFesAY4ZFy7z1LIBh7wRat+RfdZTA7dt 3ZHSMbffIpRnbsCVyucRLBrILgbmsEOmWpBzCaKyAgvwi4fhXWIvyBiu5cxXQ06Qqga/JO3cmL7Yn V7w8q8jPDRf1AhrRqK0KNi4F/gWGO4S4gMb1UzkeFR08wBuYAuePFefz3QGzBxd1HyvuxI6CK;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=44894 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1pyncX-00BYyN-9y; Tue, 16 May 2023 05:53:13 +0000
From: Simon Josefsson <simon@josefsson.org>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "Mark Baushke (ietf)" <mbaushke@gmail.com>, Simo Sorce <simo@redhat.com>, "curdle@ietf.org" <curdle@ietf.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
References: <875y8y4ip2.fsf@kaka.sjd.se> <84296E62-5843-4E7A-BD43-430491A5A1F3@akamai.com> <30525ce993ee83050cd8181c15bc84746a002f95.camel@redhat.com> <0E4AB77A-7C09-41C6-9196-74F4BD202579@akamai.com> <B3DC74FC-CF38-426F-969C-B93C4726DB5A@gmail.com> <108FE7B2-0769-4FA1-A8A4-2BD8D48C426B@akamai.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:230516:simo@redhat.com::0WPuCB/icbp7RPv8:ddv
X-Hashcash: 1:22:230516:curdle@ietf.org::yaLuroBwGChuTR6B:vHA
X-Hashcash: 1:22:230516:ietf-ssh@netbsd.org::QqZabmLqp91WdFAP:G2I0
X-Hashcash: 1:22:230516:rsalz=40akamai.com@dmarc.ietf.org::w+Tr3NXmp56fUmM/:OQ69
X-Hashcash: 1:22:230516:mbaushke@gmail.com::AMCRxRKLlDpm9THc:RgYQ
Date: Tue, 16 May 2023 07:53:11 +0200
In-Reply-To: <108FE7B2-0769-4FA1-A8A4-2BD8D48C426B@akamai.com> (Rich Salz's message of "Mon, 15 May 2023 19:47:05 +0000")
Message-ID: <877ct8256g.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/DhtIaoxLoYNNAxvJTVt-hBWXB5k>
Subject: Re: [Curdle] sntrup761x25519-sha512
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 05:53:36 -0000

"Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> writes:

> Nice to hear from you Mark!
>
>> I personally believe that using the @openssh.com extension is
> sufficient until final NIST candidate parameters are published.
>
> Okay, if that works, then that makes sense :)

It doesn't work -- sntrup761 is used widely on the Internet today and
will continue to be used.  What decision could NIST make that would
affect anything for sntrup761x25519-sha512?  The algorithm has been
stable since 2017.  Deferring publication of protocol specifications
until some external organization has made some unrelated decision is an
active decision that is harmful to Internet security, in my opinion.
Organization will continue to harvest data that will be decrypted in the
future, and this is contrary to the goals of the IETF.  It is similar to
say that we shouldn't have published Curve25519 because it wasn't
published by NIST.  Or ChaCha20.  Or TLS 1.3.  Or OpenPGP.  Or just
about anything that the IETF has ever published.

/Simon

v2.23.0 | Report a Bug | By Email