Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt

Mirja Kühlewind <> Tue, 17 October 2017 14:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 065FD132F76 for <>; Tue, 17 Oct 2017 07:43:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); domainkeys=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6bYnjUOsrP4d for <>; Tue, 17 Oct 2017 07:43:30 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EC757134184 for <>; Tue, 17 Oct 2017 07:43:29 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default;; b=HTcv6jlR7anh9zYoVGOsr+ussHFmQoFo50jDESRD/HrQatbQIOmToSQXXTVnEeWdFF6fXuYevAWDMeI8PQ2VYF4/2z/0WuUgsP+4WEmOBfB4raiS3NAKVhM/jlE8L15L6o5MZlUc+qD39RQ6PdFYlDMAcO6XCE7lIFiEKiElJvA=; h=Received:Received:Subject:To:Cc:References:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Language:Content-Transfer-Encoding:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 23618 invoked from network); 17 Oct 2017 16:43:27 +0200
Received: from (HELO ? ( by with ESMTPSA (DHE-RSA-AES128-SHA encrypted, authenticated); 17 Oct 2017 16:43:27 +0200
To: Kyle Rose <>, David Mazieres expires 2018-01-14 PST <>, "Black, David" <>
Cc: tcpinc <>, Gregorio Guidi <>, ianG <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
From: =?UTF-8?Q?Mirja_K=c3=bchlewind?= <>
Message-ID: <>
Date: Tue, 17 Oct 2017 16:43:27 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-PPP-Message-ID: <>
Archived-At: <>
Subject: Re: [tcpinc] Making ECDHE-Curve25519 the only MTI for tcpcrypt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Working group mailing list for TCP Increased Security \(tcpinc\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Oct 2017 14:43:32 -0000

Hi David, hi Kyle, hi all,

On 17.10.2017 16:13, Kyle Rose wrote:
 >     Question two, if no one object to this change and some people want to
 >     see it, is whether it is now too late to make this change without
 >     jeopardizing the RFC.  Can we still make such a change in last call?
 >     It's obviously not a lot of text to change, but a fairly big semantic
 >     change.  We'd appreciate guidance on this question from people with more
 >     IETF experience.
 > Mirja and David Black: can you provide guidance here?

Yes, if the change is the right thing to do, you should do it. If there is 
agreement in the working group to make this change, I don't think we need 
another working group last call (but that's actually in the judgment of the 
chairs). So the only question would be, do we need another IETF last call for 
this? However, the IETF last call is still running. Therefore I would like to 
ask you to bring attention about this change to the mail list, 
meaning one of the authors could reply to the IETF last call email and 
explain that and why this change is planned. And then we can probably handle 
this basically like a last call comment and just update the draft 
respectively. In this case it would also be good if the authors could submit 
the updated version right at the end of the IETF last call, so this Friday, 
such that the ADs could review the updated version for the telechat next 
week. Would that be possible?