IETF Logo Mail Archive

Re: [saag] sntrup761x25519-sha512

Simon Josefsson <simon@josefsson.org> Tue, 23 May 2023 13:36 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 317FCC151981 for <saag@ietfa.amsl.com>; Tue, 23 May 2023 06:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="GpjZ6/6Y"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="criz1rhR"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwzbbV0YC3BR for <saag@ietfa.amsl.com>; Tue, 23 May 2023 06:36:06 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C254C14CE24 for <saag@ietf.org>; Tue, 23 May 2023 06:36:05 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=zIemWmjR7b1APFiDOBNZZsXyS4MWwOzYJedrb4PDR4k=; t=1684848961; x=1686058561; b=GpjZ6/6YDsKQzqZAHKcWA3O06M9tChPfHXVTT77dq4PThsnFZKV+58aRLAoPFfq6Ak8lfSIjz6X 7ZLTZ25ddAA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=zIemWmjR7b1APFiDOBNZZsXyS4MWwOzYJedrb4PDR4k=; t=1684848961; x=1686058561; b=criz1rhRsZxcwV4klXvoLNihZfVL0mKJzbannoVGJxVU6NAv+e7K5HQL9xwjFgGgnnpQ9glg00M AcAK1TYpqMG+yGUpRNAyePpv+zHH2qnu/Gk8IO/aDC6MDKF07YJXf1t7rfMz/y0C3iOMieVSWxKWC vgIZXdSRi9uITAFeoU5TBxiMoHapRDaTownomMtb1Ia1OsfDYmQwt7XsxZzy60p24U/HJP3ojNG+c KovjKCJRUtf20lRUMfDGYZSw8m0i4+ncSTFD2KQiQnE+5v9/CgHo6DC7mHyaeRuoXxXJD8Poh8deb zYW8q3n33/dAyoz8+B3H46geLXVnSu8T+UqwiC//cVhkIiqsVdklKNnkMH7T8nrvyu49NyOZFI3tu elHJu0yFMrTX8c+Fhn6NTR1WMFT3eEGXmh67KsmBGK25zNIVnwy8NcOiyPLyNOy7xf/x2gc8Z;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=47998 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1q1SBD-00AwTe-Vi; Tue, 23 May 2023 13:36:00 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: saag@ietf.org
References: <875y8y4ip2.fsf@kaka.sjd.se> <84296E62-5843-4E7A-BD43-430491A5A1F3@akamai.com> <874jo8ytgw.fsf@kaka.sjd.se> <f6aa133635084609b0032ab1cfbfb7ce@amazon.com> <87sfbny046.fsf@kaka.sjd.se> <CABcZeBME4CRjd+4kqFCzYOmaOEafUiabsBoUQ0Eqm8A7OD-46A@mail.gmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:230523:simon=40josefsson.org@dmarc.ietf.org::1tLkvN3JPFOq/Ia4:4DhK
X-Hashcash: 1:22:230523:saag@ietf.org::STq61wZS5yJj6BxL:774b
X-Hashcash: 1:22:230523:ekr@rtfm.com::TprKNYZwlml6pg2a:TdGl
Date: Tue, 23 May 2023 15:35:56 +0200
In-Reply-To: <CABcZeBME4CRjd+4kqFCzYOmaOEafUiabsBoUQ0Eqm8A7OD-46A@mail.gmail.com> (Eric Rescorla's message of "Tue, 23 May 2023 06:17:38 -0700")
Message-ID: <87fs7nxj9f.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/UVilPKk5WON-loV4JZflWJpmJ2I>
Subject: Re: [saag] sntrup761x25519-sha512
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 May 2023 13:36:11 -0000

Eric Rescorla <ekr@rtfm.com> writes:

> On Tue, May 23, 2023 at 12:32 AM Simon Josefsson <simon=
> 40josefsson.org@dmarc.ietf.org> wrote:
>
>> "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org> writes:
>>
>> > Hi Simon,
>> >
>> > I have asked this question to the ADs 3-4 years back and reopening
>> > CURDLE was not an option. Introducing PQ algorithms to SSH has also
>> > been discussed in SAAG before and the outcome was that there is no WG
>> > to do this work right now. So, imo AD-sponshorship is your only
>> > option.
>>
>> Paul, Roman, what is your decision on AD-sponsoring
>> draft-josefsson-ntruprime-ssh?
>>
>
> If you are asking for AD sponsorship then this should go through th
> SECDISPATCH process in SFO. That would structure this discussion
> properly.

Thanks for the pointer!  I wasn't aware of secdispatch.

>>From your other message:
>
>> One point of my draft is to give IETF change control.  The process was
>> the same with RFC 8731 when we documented how Curve25519 was used in
>> OpenSSH at the time.  Many implementations (including OpenSSH) now use
>> the RFC 8731 algorithm identifier that is under IETF change control.
>
> So to clarify, if the IETF decided to change the use of SNTRU in some way,
> for instance, by changing the encoding, then the SSH community would expect
> to change over to that code point and use?

In the same way that if the IETF decided to change the details of a
deployed protocol, then the implementor community would change over to
that code point, yes.  Compare SSL, SSH 1.x, (Open)PGP, Kerberos V4,
IPv4 vs IPv6, etc.  I would expect the IETF to use a different name than
what is deployed though, in the same way it usually does.  The IETF
often publish documentation of the deployed protocol as input to the
modified protocol work, and my draft could serve that purpose.  Any
protocol-incompatible work could go into draft-kampanakis-ssh-pq-ke.txt
or some other document.

/Simon

v2.23.0 | Report a Bug | By Email