IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1272675] Request for Assignment (tls-parameters - draft-kwiatkowski-tls-ecdhe-kyber)

Nick Sullivan <nick@cloudflare.com> Thu, 18 May 2023 14:43 UTC

Return-Path: <nick@cloudflare.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84CB0C151077 for <tls-reg-review@ietfa.amsl.com>; Thu, 18 May 2023 07:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cvz8dGZ7x-O0 for <tls-reg-review@ietfa.amsl.com>; Thu, 18 May 2023 07:43:52 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9E27C14CE2C for <tls-reg-review@ietf.org>; Thu, 18 May 2023 07:43:52 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-3063433fa66so1367158f8f.3 for <tls-reg-review@ietf.org>; Thu, 18 May 2023 07:43:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1684421030; x=1687013030; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pKoKZZH3Swns+ISH5eNzV+F9S/vgAGKppEgyIbClizo=; b=D7ze8XX5sSdFFRjqbPW0Qui2z21W9DdZgXFVChem0AHatY4qsYr5gv65FaFngHjIG4 cf5HQnQOELYysjeeadeNJJ2FPaHmSE4DoInY0hoegaIB9ZQH2SCv18y0YbGcUN6GfU98 2LCB7FPUm1pGnOqG8Z1aq/IRAMFysp3gVoohw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684421030; x=1687013030; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pKoKZZH3Swns+ISH5eNzV+F9S/vgAGKppEgyIbClizo=; b=VOpAf2dOhcXMz0XkhjwOps9VGvd8/h0mbwKizAGZR6PW/uGbg3Lht+rcPTRWmI/nGt YpkRbr0Rob+HGpqk2zGOJ2j+4dPCkRXLuOW1BCOaM9Ysv10HxvLGQ4AU4tTfPBQvMq3K KF0EHD5a6XIuUcQwMMfcTz/lgDRGF9fPRDvE1grzl3rDgJSKiUHww70f5xC8ZfBL7FYN p+RRrSo4QxMf5jnHDUcpemY77w9IJ25bUmPw5UGkM90mkM+vrkAok/Wgjkj8nAqsub6K lo33Ck/Dw4vP4bkG5OOlo7PrTnpQiWRmTSZ9TTX1bCksFe/UsKgQQkm3aJn057SqRm/o 2Rnw==
X-Gm-Message-State: AC+VfDzuQgYif4/shu8ms6NBkqvr24zoppAayMQYcmXGSfMJlX1R4NT5 6Zc2d8E8L8FUCISNjrp5fM+nx9m4i9w8ItnBbMQ6Iw==
X-Google-Smtp-Source: ACHHUZ7InmerNFZv8i42ATxvn4h7QD5+WtfSCJw/TlPFlGt62W5bsp5ZqQq54EmIVdK6dOPI5s5Mm0vUv0wOYZtYC/E=
X-Received: by 2002:a5d:590d:0:b0:307:95d1:d7d0 with SMTP id v13-20020a5d590d000000b0030795d1d7d0mr1616312wrd.39.1684421030312; Thu, 18 May 2023 07:43:50 -0700 (PDT)
MIME-Version: 1.0
References: <RT-Ticket-1272675@icann.org> <3qj33asnp8-1@ppa2.lax.icann.org> <rt-5.0.3-3707082-1684368852-1171.1272675-9-0@icann.org> <C95C6A7C-E754-46CA-ABCB-0733F5114DF7@gmail.com> <21FEA089-0816-4E01-831D-12F8B0B43A28@akamai.com>
In-Reply-To: <21FEA089-0816-4E01-831D-12F8B0B43A28@akamai.com>
From: Nick Sullivan <nick@cloudflare.com>
Date: Thu, 18 May 2023 10:43:34 -0400
Message-ID: <CAFDDyk-Y2Smg1YsSoeBH5T29AHDAmz1_wCjNRABiEURPonSzTw@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Yoav Nir <ynir.ietf@gmail.com>, "iana-prot-param-comment@iana.org" <iana-prot-param-comment@iana.org>, TLS DEs <tls-reg-review@ietf.org>, "kris@amongbytes.com" <kris@amongbytes.com>
Content-Type: multipart/alternative; boundary="0000000000002a7f1605fbf8d5c9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/2X1Jh9pC07C_KsOYXhj8BIVnmsQ>
Subject: Re: [Tls-reg-review] [IANA #1272675] Request for Assignment (tls-parameters - draft-kwiatkowski-tls-ecdhe-kyber)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2023 14:43:56 -0000

Hi All,

I have some thoughts about this allocation. We risk getting into a bit of a
messy state if this hybrid kex numbering continues along this path. The
existing number we have for X25519Kyber768Draft00 is 0x6399 and this
request is for 0x6400, leaving a significant gap. For other sections of
this registry, we've made some explicit choices (such as ffdh starting
with 0x01 and elliptic curves starting with 0x00). This could be a useful
idea to leverage to keep the registry clean when the final hybrid kex's are
decided on.

It may be more elegant to renumber these codepoints such that both octets
convey meaning about the cipher used. For example,
0x63 could indicate that Kyber768 is used, and the second octet could
identify the elliptic curve.
In this case, X25519Kyber768Draft00 would be 0x631D and the new draft
0x6417.

On the other hand, with Kyber versions being upgradable, this may prove
less than ideal if there are more iterations of Kyber. As these codepoints
currently being used for experimentation, it may just be preferable to keep
them in a strict ordering as they are requested.

My recommendation is therefore to use *0x639A*, the next available reserved
field, for this allocation.


Another note: the name for this codepoint is secp256r1_kyber768_d00
(underscore case), while the previously allocated point
is X25519Kyber768Draft00 (snake case). This should likely be consistent.

Nick

On Thu, May 18, 2023 at 10:19 AM Salz, Rich <rsalz=
40akamai.com@dmarc.ietf.org> wrote:

> Me too.
>
> On 5/18/23, 9:53 AM, "Yoav Nir" <ynir.ietf@gmail.com <mailto:
> ynir.ietf@gmail.com>> wrote:
>
>
> Seems fine. I approve
>
>
> Yoav
>
>
> > On 18 May 2023, at 3:14, Amanda Baber via RT <
> iana-prot-param-comment@iana.org <mailto:iana-prot-param-comment@iana.org>>
> wrote:
> >
> > Hi Rich, Yoav, Nick (cc: Kris),
> >
> > Can you review this new TLS Supported Groups request for us by the 31st?
> >
> > thanks,
> > Amanda
> >
> >> Contact Name:
> >> Kris Kwiatkowski
> >>
> >> Contact Email:
> >> kris@amongbytes.com <mailto:kris@amongbytes.com>
> >>
> >> Type of Assignment:
> >> Transport Layer Security (TLS) Parameters
> >>
> >>
> >> Registry:
> >> TLS Supported Groups
> >>
> >>
> >>
> >>
> >> Description:
> >> Following registration of TLS v1.3 codepoint for Post-Quantum hybrid
> key exchange composed of X25519+Kyber768 (codepoint 25497), we would like
> to request another TLS v1.3 codepoint for ECDHE/P256+Kyber768. The code
> point will make it easier to:
> >> * Experiment with flows in which FIPS-approved curves are used
> >> * Reuse in experimentation, the HW-based implementation of ECDH/P-256
> on resource constrained devices
> >>
> >> The post-quantum, hybrid key agreement for TLS v1.3, that we refer to,
> is described in IETF draft:
> >>
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-WnS95QY$
> <
> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-WnS95QY$>
>
> >>
> >> Additional Info:
> >> We have created IETF draft that provides details on construction that
> will use the codepoint.
> >>
> https://urldefense.com/v3/__https://www.ietf.org/id/draft-kwiatkowski-tls-ecdhe-kyber-00.html__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-XdcXBYA$
> <
> https://urldefense.com/v3/__https://www.ietf.org/id/draft-kwiatkowski-tls-ecdhe-kyber-00.html__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-XdcXBYA$>
>
> >
> >
> > _______________________________________________
> > tls-reg-review mailing list
> > tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
> >
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-cjugpAo$
> <
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-cjugpAo$>
>
>
>
> _______________________________________________
> tls-reg-review mailing list
> tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
>
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-cjugpAo$
> <
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!R1N5_LR5owtUtnBawvy-JIRAAWeUE12VjgaFSfvFjzvac7dSxsA8MnlCFtPmBZkd0YFCU3o-cjugpAo$>
>
>
>
>
> _______________________________________________
> tls-reg-review mailing list
> tls-reg-review@ietf.org
> https://www.ietf.org/mailman/listinfo/tls-reg-review
>

v2.23.0 | Report a Bug | By Email