Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 23 November 2021 12:55 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC65E3A07BC for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ATg4Jd6p; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=ATg4Jd6p
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EphYlZuoko0D for <saag@ietfa.amsl.com>; Tue, 23 Nov 2021 04:55:15 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2071.outbound.protection.outlook.com [40.107.21.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6D013A07B8 for <saag@ietf.org>; Tue, 23 Nov 2021 04:55:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=ATg4Jd6py7s5djZtl6yuOtLHrM1hfo3DRwaoZ6A0mLhm+91d8t2Ox7sfSm9viQsBA3j4LXM2H1rWF7IJgRrT860BAqfA7o/0hMaFUtKm/i4ocfDtNy80iPf50M0wLlFGNqsPQ1E0EdLfyioaFOBvnW373862m++q9SZ/ESWTYAc=
Received: from AM6P194CA0014.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:90::27) by PAXPR08MB6944.eurprd08.prod.outlook.com (2603:10a6:102:135::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.10; Tue, 23 Nov 2021 12:55:08 +0000
Received: from VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:90:cafe::85) by AM6P194CA0014.outlook.office365.com (2603:10a6:209:90::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.21 via Frontend Transport; Tue, 23 Nov 2021 12:55:08 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT011.mail.protection.outlook.com (10.152.18.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19 via Frontend Transport; Tue, 23 Nov 2021 12:55:08 +0000
Received: ("Tessian outbound 157533e214a9:v110"); Tue, 23 Nov 2021 12:55:07 +0000
X-CR-MTA-TID: 64aa7808
Received: from 8c38ec98ff15.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 437FA937-C854-40B4-B0F4-2C07CB7D00D5.1; Tue, 23 Nov 2021 12:55:01 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8c38ec98ff15.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 23 Nov 2021 12:55:01 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lR1FZiaDiGngNv4XfR0MW0/MXkj22gio7HXn2V+hYz10VWVXAiPF74TX81fPHjup1erar7nI6BUNalJx7A94EGBsv+VXz+WvF3RXjZURY37sCXN9CjKD7yj3WIHu8d8x2sMrp92F9Wh3Z1mOPFnM4s5ka4/fq1liB+ItBLlL4ktsYZ7nOLTwR7RId91/2eUrVAO+b95pw8fuCy5xLzvj/AIe95fqsK0Wh9baiNRuFdRRhJmoSy7wSZx6NUW0rvdYg0nah55N3LSVNQX0TUh570JQKxfhjEPrqbXBVZxkB3VcSf0uxl4U3o+ZLIc+tYr0NdbPBQQ15sj120RDK6GFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=SN2CGBG4mK18wHTOgBdyl7ECkxoc2YSa1fcFimHaGwwfuXrvRp3nUQ68V9vjv36eXL5Yyg6LmiWAgAeK8jVZ9YRbMkyVppI84bJ93Fq9ALB8UDEhIoTkLLbNp0Q7FepT+5pNYULxJ2vJxJu2jgkIKyAeM2s2eiFKVhIr1O5ID79jrhx/SQ2y9HiGcu20VSy41eV2ipg50sq5ydeabmUSUug86utYxuF03niHQ3ncNZOqd2dpOS81r3XdJdrvWgmAhP8JhRxjO4MYI9Hkf3ffgFVpFyMpgIuVFpWLAD3SdtWZka06t2sRSXYXkpNKw//HFfck4T5etNWWxSnWqnlpig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPDEKCJA48Mgvvq3+lvFDVafJ/ngXwg0/FzmqMM/32A=; b=ATg4Jd6py7s5djZtl6yuOtLHrM1hfo3DRwaoZ6A0mLhm+91d8t2Ox7sfSm9viQsBA3j4LXM2H1rWF7IJgRrT860BAqfA7o/0hMaFUtKm/i4ocfDtNy80iPf50M0wLlFGNqsPQ1E0EdLfyioaFOBvnW373862m++q9SZ/ESWTYAc=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DBBPR08MB4792.eurprd08.prod.outlook.com (2603:10a6:10:df::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.20; Tue, 23 Nov 2021 12:54:58 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::df4:1630:4e29:b55%9]) with mapi id 15.20.4713.026; Tue, 23 Nov 2021 12:54:58 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
Thread-Index: AQHX2zGAlmuoDbQj5U6no/pifdCekKwGsdsAgAMzOACABfErAIAAzqYAgAALBQCAAGGEgIAACaYQ
Date: Tue, 23 Nov 2021 12:54:58 +0000
Message-ID: <DBBPR08MB5915BA7BF9B7D3E115B974DBFA609@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <0c359a65-386e-8c09-4c8f-9cefb066cffc@linphone.org> <CABcZeBPME1Eos8SFQdmAGRP5smn=bfAdPVOTrxF10nU3wkEbeA@mail.gmail.com> <B8A00186-3F5E-4075-8244-B4B9F069BD5B@csperkins.org> <f0aaeb33-0bf7-c5e0-5df3-d251a4c24b9f@linphone.org> <CABcZeBNb4qEJscEHb44PjrHEQKs08R6vCZfFM0HWk67OLMZykA@mail.gmail.com> <20211123062712.GB93060@kduck.mit.edu> <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
In-Reply-To: <CABcZeBNaiQuod2hsm0-Lm68zTiOvZnK+f8FygNuN9_KEPCZvhA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 4FA75D31FBB6264686970C23E0C80E84.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: bba4cbd2-1e66-4fea-2f40-08d9ae807a65
x-ms-traffictypediagnostic: DBBPR08MB4792:|PAXPR08MB6944:
X-Microsoft-Antispam-PRVS: <PAXPR08MB6944AD87B88F66E652EF48BFFA609@PAXPR08MB6944.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: IgTl8ykztE/L10kCYH9WWLvrmwO8Ox2I1lSCnrRJjGeZt5k/34sner+Ys9Yp/UKcIRgO6u6ISkODCXEV2qh5FPATbJfuFeTHcehx2ybzTYBcSPE0FcMg4ch9a+DWibV7N6Jokor0QhhdrhdM5Y4tMuYAxs6AGNXzbCDdbC/jdJD72gUZ/PXfKZdjZcOKm1x45ZRDau4M4+Vz2T/mve4NWZuBqu/e15vqXMNWBWaet8kTkdWwjGvgRx7itktjWmrHCERLvxsiUAT2YuGCvusjcw3bRPaZbiDlRyqJAgCfdb2g/mXLjFk8wbO2AGCx4izp+fcRvH99HgCjtHLhKepaLggTlCHJkH/uFQZLXMi89j5XRAzIt1n96FQbyV3NIaztFFn3YhNVJyctj7HzPXjPx0OM1frb5R3C6o9b2CvDxEA5z6W2/HCAhLAzWmPJ9jGTiic7nVgMRWYlB/KkwBGr57NhwGG9+6tOFEpSGBD4Q06mFv0KTlVaZMMT+xH+ZykumS61e/uZAVhyDUVXWnNdPGFCrqyA9udRubhM3r84pyZQSEJafo0HHMSQuoByjyGq3FyNmS4vVAbhKKd5A2trPVTpeW969JIJ2YXvNGmjFkDJfz9M+KtCh8cDUzk5/vIzeQwUIJqymCuPoIF9kZ7PIBNcLH/l7XG6HvriwQMMSbNShInShI+Pa3HDaqa2dCRvRnqxNZXh4jYS8oIua/IbEPd0HWaGxY20PunNWlXL8pNVy6Qz8ZwZPx6Vl5jGR6/WLuAlDSH/FmSQN/FNJfAJdYbG+XTPRbfgetp80sn7GN4=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(8676002)(71200400001)(316002)(7696005)(186003)(4326008)(33656002)(76116006)(66946007)(64756008)(66446008)(110136005)(5660300002)(26005)(2906002)(6506007)(53546011)(52536014)(66556008)(66476007)(508600001)(9686003)(966005)(8936002)(38100700002)(86362001)(83380400001)(122000001)(55016003)(166002)(38070700005); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_DBBPR08MB5915BA7BF9B7D3E115B974DBFA609DBBPR08MB5915eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4792
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: c0cfa2b4-60b2-431a-533d-08d9ae8074a9
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: CWORfNgW9q/8X/MmnxJwBVbDX/JMfqd0kebZUXFfctkqMnEdOvfrZlkJyQVHv9xXeGbESe5cb3ubf4ntyOSzBYE9BBYjbMPBnlbGT6XS8a2d9pQDZG68lhCda+tlbneMkeca5Fw8meaLgrxitFWAWT1Vmzh7B8CcpzPy9pUTS6JrGkyjlVsCCBxjsgQvkIltD9J0gm8gGtBXtgFVn8leX4WPK03tMNSDJIPxaDBrVvFlvmSM3YKlkJaHrno5zcdHoujyFc5p9vUrLNyV1auLRLIzQpAEbGgYIQQsmyPC6puLLFjAxnnsLmK/M2tEDiu3A+kEKEAeLdJacpSwFv2UhxQrXl7c0+gpsS+8o0n9CUhbU46Qz7s3goU4kO4YQIj2bXmg/lCwhcVBZijhSTVB+RIyiudCrsI4ieiC6jhLod0+7d3wAOCelEwPTGstoSHjIgIpEAD5kMriGRHLvk70v+m2ReiiMwicYLWK2NLCMAziFgiLcHDh08eVOVJ/UmWi6zupZXWPTuIfsGJMRKMhTpl0CLQesgqn7ELjgnVhG76fEHThqNmOGRVP63mkXhoiKBj/kOhqk0ONvYyfI4vlJxYdKamZba5kAgJHQHn7fk7j68dnV1uM/IJUxTjPcUmnbJSEQ/2Xh4szA3WE1LfqwYJ/6YZ+xqUbBUi16VmAZZZX7/xoJNlMuD0zcT+jk+YR3Xo3fUtrDXoEHELbzSUtVUis7b4Aqwy8EssCEadCMn9c6sIn0xEiNhtiGtd+BJ9mVcyb1EQ4NF4+eGV5uHND2v5QhCMNkfSCCQySlW8OhBE=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(26005)(8936002)(2906002)(33964004)(47076005)(186003)(8676002)(86362001)(7696005)(110136005)(53546011)(82310400004)(166002)(4326008)(6506007)(316002)(5660300002)(52536014)(81166007)(83380400001)(966005)(9686003)(508600001)(33656002)(70586007)(356005)(70206006)(336012)(36860700001)(55016003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Nov 2021 12:55:08.0704 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bba4cbd2-1e66-4fea-2f40-08d9ae807a65
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT011.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6944
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/P3bg3Ng3MNv6Xf51vxT9usNAsD8>
Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 12:55:21 -0000
Ben, this shows that even IETF experts have a hard time differentiating IETF consensus documents from those who aren’t. I wonder how often people believed that ZRTP was the product of an IETF working group. A few years have passed since the publication of ZRTP and attacker capabilities have changed. I am wondering whether the security model of ZRTP is still meaningful today. Ciao Hannes From: saag <saag-bounces@ietf.org> On Behalf Of Eric Rescorla Sent: Tuesday, November 23, 2021 1:16 PM To: Benjamin Kaduk <kaduk@mit.edu> Cc: IETF SAAG <saag@ietf.org> Subject: Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM On Mon, Nov 22, 2021 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu<mailto:kaduk@mit.edu>> wrote: On Mon, Nov 22, 2021 at 09:47:46PM -0800, Eric Rescorla wrote: > On Mon, Nov 22, 2021 at 9:28 AM Johan Pascal <johan.pascal@linphone.org<mailto:johan.pascal@linphone.org>> > wrote: > > > Hi, > > > > thanks for your suggestions. I know the work on hybrid design is already > > done in TLS and others . While looking for some documentation on that > > specific problem I found several protocols addressing it, each of them with > > specific details related to the protocol and that is mainly what led me to > > think that a document dedicated to hybrid scheme might make sense: it would > > save the next person trying to achieve exactly what I'm trying to do for > > ZRTP the work of reading the different specifications, parting what is > > protocol related and what is not. But the hybrid mechanism can be described > > in the PQC-ZRTP I-D itself. > > > > Colin, as the problem of updating ZRTP to a PQ-KEM scheme is mostly > > security related it made more sense to me to post it on Saag. The perfect > > list to discuss it would be the potential "PQC Agility" WG if it is charted > > at some point ( > > https://mailarchive.ietf.org/arch/msg/saag/5uV72m80X9PTGFWFyDY5VrNyK-c/). > > Is there any update on this? > > > Well, discuss it, perhaps, but given that ZRTP is not an IETF protocol, we > generally would not publish this document out of that group. Sorry for splitting hairs, but RFC 6189 does have the "represents the consensus of the IETF community" boilerplate, that would seem to make it an IETF protocol by at least some definitions. Without taking a position on whether this was hair splitting, ZRTP was not developed by an IETF WG. It was externally developed and then published as Informational. -Ekr IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Benjamin Kaduk
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Hannes Tschofenig
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Eric Rescorla
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Colin Perkins
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Jon Callas
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Johan Pascal
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Jon Callas
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM Hannes Tschofenig
- Re: [saag] PQC in ZRTP (RFC6189) and hybrid KEM loic.ferreira