IETF Logo Mail Archive

Re: [Curdle] sntrup761x25519-sha512

John Mattsson <john.mattsson@ericsson.com> Tue, 16 May 2023 09:56 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66BE2C1519A1 for <curdle@ietfa.amsl.com>; Tue, 16 May 2023 02:56:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UgqnvIZ_NDi0 for <curdle@ietfa.amsl.com>; Tue, 16 May 2023 02:56:38 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0616.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::616]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1997EC151719 for <curdle@ietf.org>; Tue, 16 May 2023 02:56:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JL8KYfc3/fPYGCzMPIkA9RCggJaauQZXm61f56g2wqPPFSsZT1oxzKD50LMd9DK2NrcMs0VcLAuxl4aDTc3iXbiwlG/jpUAVOB+hJSpIr9kYCbH2rtLOWPzu7cSrTTV92wrWyfmBVArKtHEN22xa8QqIQzF4CGdvEquhINxJY9OUG/q2nE/W3nQoZpgjxaC7NNrliO2Xp2FWtRfvO1WjSBpSyZIwWPbrhK8U1cX8+2mTanL/LEA7AiiL0vUIj9B6hTCelWhKCGb8Vslb6j8m4mdQV4lFnEzUcUTwHEMEU459nqQuMl6qggQixSrzZSG2qYuPVzDvqERE7iVMD4T59Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jZENbpsctYnAYUiU+5+3cKbJtcPlwxxJv/9cV3RgxKk=; b=DEDHBFTotVwAfKX/5+7YKtabjx2jNKpENrwWw0ciYfNg/yJ9efezkj41iHfV7TLmNXg0jpINl/h7IsfTOoBU4IMozV4Y0v86fLccRRPMkdWWO1qYbMCqDGXWvo/9HVOn9MJ05IT4W3fO2yw3+HW6SJNuOrLPLgEhYYzV6h7LvQuAD5SCxljgm/wxUgtqsLbxgILBhGzALAqM8WJ6qxovh8F9bSVS4cKVRCmOXZiqwugGGKuy9qUW+//n4wp2KjMYyVW4LHrIYQI0T5onnuB2SiSAIhOHJWVOY+tXf3KvYHVKElRcwR2i9Jvx4YTjscUKfMc0gu2hwSX/ixOSNLBDlw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jZENbpsctYnAYUiU+5+3cKbJtcPlwxxJv/9cV3RgxKk=; b=mmmY/wn/o6YG2Z/koQPofc3hHB5jkV34h9Tamxx3bbObEhy2+kwnOZiLcauSCVFYW18JjSdomc+RqMAV8/G1X/EZZYFtRM8btEcXGL5pjoT3pGUvuiZXmL8Vwcel2Ni7N7iy+xHNZqyN/Qk9nqR12fBNlkf4a9t5W8JyViUh4+w=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PAWPR07MB9511.eurprd07.prod.outlook.com (2603:10a6:102:35d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.30; Tue, 16 May 2023 09:56:29 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957%7]) with mapi id 15.20.6387.030; Tue, 16 May 2023 09:56:28 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Niels Möller <nisse@lysator.liu.se>, Simon Josefsson <simon@josefsson.org>
CC: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Mark Baushke (ietf)" <mbaushke@gmail.com>, Simo Sorce <simo@redhat.com>, "curdle@ietf.org" <curdle@ietf.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Thread-Topic: [Curdle] sntrup761x25519-sha512
Thread-Index: AQHZhFZep3PtCp6ot0O7dhxuQm91WK9Vp/6AgAW03gCAAANtAIAAYrWAgAAAYoCAAKmIq4AAPXWLgAAEiE4=
Date: Tue, 16 May 2023 09:56:28 +0000
Message-ID: <GVXPR07MB967854F975F93D3EAD45A39E89799@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <875y8y4ip2.fsf@kaka.sjd.se> <84296E62-5843-4E7A-BD43-430491A5A1F3@akamai.com> <30525ce993ee83050cd8181c15bc84746a002f95.camel@redhat.com> <0E4AB77A-7C09-41C6-9196-74F4BD202579@akamai.com> <B3DC74FC-CF38-426F-969C-B93C4726DB5A@gmail.com> <108FE7B2-0769-4FA1-A8A4-2BD8D48C426B@akamai.com> <877ct8256g.fsf@kaka.sjd.se> <cpf353w1uzg.fsf@shipon.lysator.liu.se>
In-Reply-To: <cpf353w1uzg.fsf@shipon.lysator.liu.se>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PAWPR07MB9511:EE_
x-ms-office365-filtering-correlation-id: 20be9059-2092-4db8-61ea-08db55f3d1a7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FFZRGIi0lnacn0c36tKQpOFZbflXEsdVt/LOHYQE6t9GkG+gvov/70kG01tNvLpKqZOqkG7jkxRtAFgQbEguqVuHazz0mmxdBkvxU66z/g93EhLrm3ISyAbz6jXuvd6V5eHVFO7F7H4ul3csn09x18AEI2BcqHdj0ZeHHYBdShuVmMJqxSebn7O0Snsz+Pp8kY+BHsmk4cIUdOLc1FRRpN5TCpXJ7Fo9Iayl4mg7NHtFhoMzaAovh0e6qA6MKyfuXEb/2SyTcEskVkw3p8ePI7zUc7Sgz6BI/lDbSWLbOMcSCqvKp4Ltp2cI0b0TOiIzC1rUkMAQhNbkXcUChLzC0FPQ75e9wOCIFCPsMUVaZEa4JeKxUzyEck4WOi7vyBw9kQ7ptUrACtGi9/CFBI29/2UK2pPm8DMhbugp8s97RGS9M1aqgm4E895Eyq08LN0ABnpB35PfPKDNcugPTBJnyRpqmtl9xpZDxdRw0ICIjp0Yy7crrjwB2TBvTnX/IkR1ZSIfIb157fehE+YDZHC36Rr5TebY0zC9RODn5MfJWVZY6vaxxEZO7rs1+QNn2w7MrYsB16+NrZDswnCn5FQuP0coJXq+aUWQHYocYbqHIsk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(366004)(376002)(39860400002)(136003)(346002)(451199021)(86362001)(110136005)(54906003)(478600001)(966005)(55016003)(9686003)(186003)(53546011)(6506007)(26005)(7696005)(71200400001)(33656002)(82960400001)(4326008)(8676002)(66574015)(66946007)(66476007)(66446008)(64756008)(66556008)(76116006)(83380400001)(8936002)(38070700005)(41300700001)(296002)(122000001)(38100700002)(44832011)(52536014)(316002)(5660300002)(2906002)(166002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: svqsRkesKGywb3PU5SriM5YEMjeNDLDkNHXUfPYIgMkzeEg040f4hlLbSu+6h5GGfQBNHXA3le+0N/twek13WcPTWqdO+kxIuh8g9L9T3PQdC84A2Pnh32VPB9YGizDcJNPEclCS02v7a+w3TQW93ltgMWUQYw922ly+5nPxso9dphcte7sDmpe8jJuXKNX2XSCVb7jNZDXmmqjAL1rQGthrF7aS5eyG5CEXRra053fBEBn1ifq1AIz2+G/4NTrLChT+fOnPkMfWklym0FHypcAhKwubNSE9hYFQc96kQcSD7DVtS+cRo5oFUaTFscXnep1Qy2qMubuwOtOEGQYbgpY2CuVdk9sYqcxXuQM73+89r20Q6oLzJa4Hg1SAWgu5KkZfml0T68GixzAAdJIBv83B4S2VdlwiUsJZfDNvkz0GAYi375BLP2b3R8UT3KvkdanasMrVW/D5S13cHs+vgRRZPmyXA//1reqrSLfjo0fgPpjBhNW6wgSmP2803KKC+13PocU1rpCValkCpckmBl5oO38XTF2ZGLrro2Co6ut6j/zLYyq/L/kE1d4qwFGvRazm2zDnkQLjnDjCprFdtbo4R0JI0Du2FiQIwapbgQdEujeD4wDtKDkMZNBgZE5QBosX4+lxBm9vWbWCtYZNsWfuYpsfJ3Ek/yykohLxluKihQWyRTCVzkFOSxPdg3fDvmwAfXdlzPDUbmr2feHKAxq+bN1GHBlcAk6JIUOOCKWOZLcJTerEdKRToKfJcK23qxNPLPy42EVa7TSQjLiwyQRvUcauACxYexzjaSdX4Vab8qIZXr3z2NaUYOodbtlGxGP9BuJH1GDFQ8p/JZy+tLQKZJHf8262NcERHrkj5jWwI6szIeCMsiJtFzTzMg+mgwFByH+2V2v/mbbtMAU3oTVsanicjBVdlpFEmcUTIZj8SqWdVg3K3Jx8Ui0/KxB412SW6hKOwoPjSTWYDMdQNi4+gtSAW+V7L6zvTfI/m3QNTiS+ZjceuRBwTAX35b91Zt3twA+ocYvYU18tlbot20OjEwmkE6/kcYBCTC5GXaU5FRC0j0AqnbRWrGR9Wy510zSPSjgs8c6qLwxDP9MMIU4hSxFd7Et/YtyBJ8E+Cn0CYrxGv467+1k6oCDLvz/k6ui0foYnpKdZgrt7ieDW4kpyELkURnlikl1QRODGF8y6HtbvNQs2kqhSwqqaWjWxxlaLkpVwRTIJk4kSCclQAhzoMFppteg4OFZaJkObeegHaZ9Stpwu2pRjI7MPf3Hd0LjzY9C1GvqeBC232WPZwqhttgUDS3pAFvtJgROGfj9rG+EwBUn7PVdFRYCOV8XKZHGhwF52DsW3h+8v3G6FKsVn0rbnuiRNBVbwKw7oYWbzI9qeJGl9dO8p3RXuWHgJekKtf4X+0xdbsoZdbbsHmU1QEx1EwG73vJegliYESQLw5nizmlLHd+DGQQCcKlLkN66VCJg2qc/0a47o1B0HlQ4y3829aL5sgarkq6MyuoU2ysCdxCexZ4VmPrlfzGPxc96TMn2Ik13FlBAZZVmBvwvx8AFBeTbI6LEVIPHmg95XaNT+3xJW24RJm9tFO7opylwLLGsjHY6jGQ9x56QTImdyLOebybPrRQefuBe4nDk=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB967854F975F93D3EAD45A39E89799GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 20be9059-2092-4db8-61ea-08db55f3d1a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2023 09:56:28.5876 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qQe8HkKkfrkwRCi+TfM55GvbtqbjavXoqMs5zs6KNyg8OY8FjyQyphVlzPUQ0Ik27QgkM2zzYOxjNXb3brVanRCxhvzzNGfAhVPEgaVhc/w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB9511
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/UelVuCMwHxiM7RAQVC4YmRIXYho>
Subject: Re: [Curdle] sntrup761x25519-sha512
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2023 09:56:42 -0000

I think it is problematic that the registration procedure for "Key Exchange Method Names" is "IETF Review". Most of the registries are strings so there is no limit to the number of code points. It would have been good if draft-josefsson-ntruprime-ssh could have made the registration.

- I don't think IETF should reopen CURDLE for registering NTRU Prime.
- I do think IETF should reopen CURDLE for registering the standardized NIST algorithms.
- I think IETF should change the registration policies for the SSH registries.

>It doesn't work -- sntrup761 is used widely on the Internet today and
>will continue to be used.  What decision could NIST make that would
>affect anything for sntrup761x25519-sha512?  The algorithm has been
>stable since 2017.  Deferring publication of protocol specifications
>until some external organization has made some unrelated decision is an
>active decision that is harmful to Internet security, in my opinion.
>Organization will continue to harvest data that will be decrypted in the
>future, and this is contrary to the goals of the IETF.  It is similar to
>say that we shouldn't have published Curve25519 because it wasn't
>published by NIST.  Or ChaCha20.  Or TLS 1.3.  Or OpenPGP.  Or just
>about anything that the IETF has ever published.

I think SSH in the future should move to the final NIST standards. This is not similar to Curve25519 and ChaCha20. They were both published by CFRG. There is a huge difference between an academic paper describing a new algorithms and interoperable specifications like the ones produced by CFRG.

Cheers,
John

From: Curdle <curdle-bounces@ietf.org> on behalf of Niels Möller <nisse@lysator.liu.se>
Date: Tuesday, 16 May 2023 at 11:33
To: Simon Josefsson <simon@josefsson.org>
Cc: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>, Mark Baushke (ietf) <mbaushke@gmail.com>, Simo Sorce <simo@redhat.com>, curdle@ietf.org <curdle@ietf.org>, ietf-ssh@netbsd.org <ietf-ssh@netbsd.org>
Subject: Re: [Curdle] sntrup761x25519-sha512
Simon Josefsson <simon@josefsson.org> writes:

> "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org> writes:
>
>> Nice to hear from you Mark!
>>
>>> I personally believe that using the @openssh.com extension is
>> sufficient until final NIST candidate parameters are published.
>>
>> Okay, if that works, then that makes sense :)
>
> It doesn't work -- sntrup761 is used widely on the Internet today and
> will continue to be used.

I'm not sure who's quoting who here.

But to me, documenting the way it's currently used in openssh (and
possible other implementations) seems like a great thing.

Then if the algorithm id for it is in the @openssh.org namespace, or
@josefsson.org, or an alias is defined in the iana namespace (no @...
suffix) is a detail of a lot less importance. I'd expect the currently
deployed stuff use an @openssh.org name?

Regards,
/Niels

--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.

_______________________________________________
Curdle mailing list
Curdle@ietf.org
https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email