Re: [Curdle] sntrup761x25519-sha512
Simon Josefsson <simon@josefsson.org> Tue, 16 May 2023 05:53 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B727C1522C8; Mon, 15 May 2023 22:53:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="sTX7Ym1k"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="POVcvwe2"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDaa32oeKoM4; Mon, 15 May 2023 22:53:30 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F9FC15198E; Mon, 15 May 2023 22:53:29 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=I8vH9kFEf3AkQtJx9v13IT45yLUXwVVcsKYimPT47JQ=; t=1684216399; x=1685425999; b=sTX7Ym1kyR3/w5rt5FBrYYfRxZ15gpTRqHQW3sy/fj4pT7/CkSHCqOLwE8po0NuW1khxVx4jlKP yVhqqMRgJCA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=I8vH9kFEf3AkQtJx9v13IT45yLUXwVVcsKYimPT47JQ=; t=1684216399; x=1685425999; b=POVcvwe2qZTwvgNskfk/JtlzSHJReDi+ek4kEOdWMQ66j+wGS6N3YbDmnDa6qSkV/vGwyXukkTp NKTez0MN2yw+TxRFQDP+5BAq2qqq1SbBSnW+mm/yLySwkFHYclHmIxtIw20tfMJtlLWtnu568uBOe xuTAFH1s/ApVjREDX3wyGyyF6WUVd6yJC06m/EUsOvFGU1MLKitdkJRHHtjax/VyA6J/LfdVs/0sg +9YweYSgOT7Iuz19IAGSE+I5pXPh6LeZ0L+TNX7DulCHLLFesAY4ZFy7z1LIBh7wRat+RfdZTA7dt 3ZHSMbffIpRnbsCVyucRLBrILgbmsEOmWpBzCaKyAgvwi4fhXWIvyBiu5cxXQ06Qqga/JO3cmL7Yn V7w8q8jPDRf1AhrRqK0KNi4F/gWGO4S4gMb1UzkeFR08wBuYAuePFefz3QGzBxd1HyvuxI6CK;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=44894 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1pyncX-00BYyN-9y; Tue, 16 May 2023 05:53:13 +0000
From: Simon Josefsson <simon@josefsson.org>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "Mark Baushke (ietf)" <mbaushke@gmail.com>, Simo Sorce <simo@redhat.com>, "curdle@ietf.org" <curdle@ietf.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
References: <875y8y4ip2.fsf@kaka.sjd.se> <84296E62-5843-4E7A-BD43-430491A5A1F3@akamai.com> <30525ce993ee83050cd8181c15bc84746a002f95.camel@redhat.com> <0E4AB77A-7C09-41C6-9196-74F4BD202579@akamai.com> <B3DC74FC-CF38-426F-969C-B93C4726DB5A@gmail.com> <108FE7B2-0769-4FA1-A8A4-2BD8D48C426B@akamai.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:230516:simo@redhat.com::0WPuCB/icbp7RPv8:ddv
X-Hashcash: 1:22:230516:curdle@ietf.org::yaLuroBwGChuTR6B:vHA
X-Hashcash: 1:22:230516:ietf-ssh@netbsd.org::QqZabmLqp91WdFAP:G2I0
X-Hashcash: 1:22:230516:rsalz=40akamai.com@dmarc.ietf.org::w+Tr3NXmp56fUmM/:OQ69
X-Hashcash: 1:22:230516:mbaushke@gmail.com::AMCRxRKLlDpm9THc:RgYQ
Date: Tue, 16 May 2023 07:53:11 +0200
In-Reply-To: <108FE7B2-0769-4FA1-A8A4-2BD8D48C426B@akamai.com> (Rich Salz's message of "Mon, 15 May 2023 19:47:05 +0000")
Message-ID: <877ct8256g.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/DhtIaoxLoYNNAxvJTVt-hBWXB5k>
Subject: Re: [Curdle] sntrup761x25519-sha512
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 05:53:36 -0000
"Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> writes: > Nice to hear from you Mark! > >> I personally believe that using the @openssh.com extension is > sufficient until final NIST candidate parameters are published. > > Okay, if that works, then that makes sense :) It doesn't work -- sntrup761 is used widely on the Internet today and will continue to be used. What decision could NIST make that would affect anything for sntrup761x25519-sha512? The algorithm has been stable since 2017. Deferring publication of protocol specifications until some external organization has made some unrelated decision is an active decision that is harmful to Internet security, in my opinion. Organization will continue to harvest data that will be decrypted in the future, and this is contrary to the goals of the IETF. It is similar to say that we shouldn't have published Curve25519 because it wasn't published by NIST. Or ChaCha20. Or TLS 1.3. Or OpenPGP. Or just about anything that the IETF has ever published. /Simon
- [Curdle] sntrup761x25519-sha512 Simon Josefsson
- Re: [Curdle] sntrup761x25519-sha512 Salz, Rich
- Re: [Curdle] sntrup761x25519-sha512 Simo Sorce
- Re: [Curdle] sntrup761x25519-sha512 Salz, Rich
- Re: [Curdle] sntrup761x25519-sha512 Mark Baushke (ietf)
- Re: [Curdle] sntrup761x25519-sha512 Salz, Rich
- Re: [Curdle] sntrup761x25519-sha512 Simon Josefsson
- Re: [Curdle] sntrup761x25519-sha512 Matt Johnston
- Re: [Curdle] sntrup761x25519-sha512 Niels Möller
- Re: [Curdle] sntrup761x25519-sha512 John Mattsson
- Re: [Curdle] sntrup761x25519-sha512 Mouse
- Re: [Curdle] sntrup761x25519-sha512 Ron Frederick
- Re: [Curdle] sntrup761x25519-sha512 Jeffrey Hutzelman
- Re: [Curdle] sntrup761x25519-sha512 Loganaden Velvindron