Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
Colin Perkins <csp@csperkins.org> Tue, 23 November 2021 19:22 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E26113A0891 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 11:22:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=csperkins.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRurteEL1Xh1 for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 11:22:16 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E73E83A088D for <saag@ietf.org>; Tue, 23 Nov 2021 11:22:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=csperkins.org; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=+/fza4PSiVu4qkQjplTFpLeFSiQeSUephyay7NVP2e0=; b=bs7UP2jim1wSz4Sj5xB2sm80QU b3N4kNEtm1JxjVzpBlrPR6ajQOWexNccpVhSgVfJGPACUt2iN65wlQJKxx4L9/UextbKoP1xq4wBk qu689akTwXeqiIffUJYjSUr4UqSgAMrNuG7SB/uQyR7ZyOd3bKTRyRyRi/BuKriX5honb3n/5/W6u YyEXWQuIfh2haDX85PkR1QarBnad6VH7TTk3C58yOgHiJmJFH0JNY05CIU3fiRANUpsC2u9vj1OyE CZK7QiDb+0lgifn6cG+Pf6sbCw9EpPCk5RszE1tjXm/2THE8RgY50kaENDjAsb77Pq49ZIGAyL7D3 Fm5R9VMg==;
Received: from [81.187.2.149] (port=33147 helo=[192.168.0.67]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <csp@csperkins.org>) id 1mpbMm-0005MQ-OX; Tue, 23 Nov 2021 19:22:13 +0000
From: Colin Perkins <csp@csperkins.org>
Message-Id: <6FDCA579-69C1-463A-8E1F-FF88ECF652B2@csperkins.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_718B4B4C-C984-41D3-97DA-8ECE8B822A34"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 23 Nov 2021 19:22:06 +0000
In-Reply-To: <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, IETF SAAG <saag@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-BlackCat-Spam-Score: 14
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/6XZfgz6IL-cpQEqy4__zOB1g0fY>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 19:22:22 -0000
> On 23 Nov 2021, at 12:16, Eric Rescorla <ekr@rtfm.com> wrote: > On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu <mailto:kaduk@mit.edu>> wrote: > On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote: > > On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org <mailto:johan.pascal@linphone.org>> > > wrote: > > > > > Hi, > > > > > > thanks for your suggestions. I know the work on hybrid design is already > > > done in TLS and others . While looking for some documentation on that > > > specific problem I found several protocols addressing it, each of them with > > > specific details related to the protocol and that is mainly what led me to > > > think that a document dedicated to hybrid scheme might make sense: it would > > > save the next person trying to achieve exactly what I'm trying to do for > > > ZRTP the work of reading the different specifications, parting what is > > > protocol related and what is not. But the hybrid mechanism can be described > > > in the PQC-ZRTP I-D itself. > > > > > > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly > > > security related it made more sense to me to post it on Saag. The perfect > > > list to discuss it would be the potential "PQC Agility" WG if it is charted > > > at some point ( > > > https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/ <https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/>). > > > Is there any update on this? > > > > > Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol, we > > generally would not publish this document out of that group. > > Sorry for splitting hairs, but RFC 6189 does have the "represents the > consensus of the IETF community" boilerplate, that would seem to make it > an IETF protocol by at least some definitions. > > Without taking a position on whether this was hair splitting, ZRTP was not > developed by an IETF WG. It was externally developed and then published > as Informational. It was externally developed, but did get some reasonable amount of review in IETF, and was discussed in WG meetings on several occasions. If I remember correctly, this review didn’t change the core security mechanism, but did result in fixes to a number of issues around how ZRTP integrates with RTP and signalling. -- Colin Perkins https://csperkins.org/
- [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Benjamin Kaduk
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Hannes Tschofenig
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Jon Callas
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Jon Callas
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Hannes Tschofenig
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM loic.ferreira