IETF Logo Mail Archive

Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space

David Benjamin <davidben@chromium.org> Thu, 28 March 2024 15:58 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F890C157937 for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 08:58:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.226
X-Spam-Level:
X-Spam-Status: No, score=-9.226 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8ApzzYHQiG6 for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 08:58:20 -0700 (PDT)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4804C1524DC for <tls@ietf.org>; Thu, 28 Mar 2024 08:57:38 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-dcd7c526cc0so1104762276.1 for <tls@ietf.org>; Thu, 28 Mar 2024 08:57:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1711641457; x=1712246257; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jfv0M/I2XZaGidOAVyK5RlGsm+SrXecr9N+3zDf9dx0=; b=J24pHzufGGf+TU6RGu45juzhboWmQT8j9JMRF4wJrbE1J1AKI6Hw4lNey88kFOiAik 0mo12smlNRnVrPwP/vrHJxm4jzgB1StBtQXDZ7n1kX76BO/5PO58MlJec+C6IHeVeenq 0FiUouXJtDrfdaMnxTXlWNNzQvs2JXzKL3FaI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711641457; x=1712246257; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jfv0M/I2XZaGidOAVyK5RlGsm+SrXecr9N+3zDf9dx0=; b=TVtUNBA7NySlQuNl2W307CPZ+PhHdZp8Ii8GSxVg4L81JuDqBwqlmLXb+B4xJnZCmI lqqvpZRWLHNLHZXOd+tdmxS8/1PPmUmNEWEB6Wq9vlxJ7nkXmm0Abc93+cd9uXnO8is+ CvQYzKvl3B+fH8IPU+5Y3PhS8lRLE+C8t3qGnONyQflIFufFxfUfIi1SDgoB3bAJvwtg QUBg+vQOEdvbxIIuUCpTqai+Yp4iHlGprSoyu6mUh0Ic2MrF+7N/rVnnSswTK7VdxUG/ p8pQRxEL2FH+svjfQw3ai4BWmktbE6H0H6+eQvRx/rKzpm0EoCkbOcRxNjTm3Wy1TuBn 0rTQ==
X-Forwarded-Encrypted: i=1; AJvYcCVhcxISTjbgt5HFwOySyR4fMzXYt/zPZBCk5pENEdzVLhpZpThJRXLSuiKz1LSwk1+Wpk8AtnKmVCV1a3Y=
X-Gm-Message-State: AOJu0YyhLwHvVFSNuHmbSLwpxRcWcMNlWrEq3kzrIbVTQwMZDOVGrLst puZ3mc+f9LCi62/WnAFTgq5rMvBy4sNzgfCHmwUVOpH4ATwWJNzhmXrl1dIEbqVck7Br9FOtPyj aaYjU4zuQKv9czhWXrERVhvpxnGd0yjdaJzu3vtP2LbGDbbfO8Po=
X-Google-Smtp-Source: AGHT+IF8fBMd6y0wDpBj3mUEcvSnJoqjHWXuhEvP7gxLWO2JRdiqJbfVyhTCrsaJtlDpA02z0hIXfTB8VqXpMKhT2lY=
X-Received: by 2002:a25:bf86:0:b0:dc6:23ac:9ef2 with SMTP id l6-20020a25bf86000000b00dc623ac9ef2mr3445774ybk.19.1711641457327; Thu, 28 Mar 2024 08:57:37 -0700 (PDT)
MIME-Version: 1.0
References: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com> <GVXPR07MB967839392EC02807DD0EEF12893B2@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB967839392EC02807DD0EEF12893B2@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 28 Mar 2024 11:57:21 -0400
Message-ID: <CAF8qwaBLQr_MSqYGvOcTBiqLkD9jOaT11rTfxKid8skKSYtSYA@mail.gmail.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000c803f0614ba95a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-jYbYd7cXKIzySPp578kAsWZt5c>
Subject: Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 15:58:25 -0000

+1 to removing the "Elliptic curve groups" note. That partition came out of
RFC 7919's (unfortunate
<https://mailarchive.ietf.org/arch/msg/tls/bAOJD281iGc2HuEVq0uUlpYL2Mo/>)
decision to repurpose the existing DHE cipher suites (see RFC 7919, section
4), so we're stuck treating 256-511 as special. But I don't believe we need
to treat the remainder as special.

Regarding renaming, I'm torn. "Group" was a truly horrible rename. The
names we pick make their way into APIs and even sometimes UI surfaces for
developers. Every time I've plumbed TLS named groups into another system,
I've been met with confusion about what in the world a "group" is, and I've
had to embarrassingly explain that yes, it is a term of art, short for
"Diffie-Hellman group", no, it doesn't even make sense with PQC, and I'm
truly very sorry that TLS chose such a needlessly confusing name, but it's
the name we've got. Sometimes I just give up on the TLSWG's naming and just
saying "key exchange" or "key agreement", but that gets a little tricky
because that can also mean the left half of a TLS 1.2 cipher suite
(ECDHE_RSA / ECDHE_ECDSA / RSA). At one point, we tried "key exchange
group" to avoid that, but that's also problematic as one needs to explain
to translators that this does not mean "primary trade collection".

This name is bad enough that I needed to make a pre-written explanation for
this, so I can save time and link to it every time it comes up.

At the same time, we've already renamed this once. These names we pick make
their way everywhere, each rename we do is costly. All the old "curve" APIs
had to be doubled up and deprecated in systems, with the old ones forever
stuck around. And then some systems (probably correctly) decided to stick
with the old "curve" name. Renaming again will add a third, and repeat this
costly cycle.

Had we not renamed, I would say we just keep it at "curves". While "curves"
is also wrong for PQC, it is less generic of a name than "group" and, in my
experience, reads more clearly as a random term of art. It's a pity that we
then changed it to one of the most overloaded words in English imaginable.
:-(

David

On Thu, Mar 28, 2024 at 11:32 AM John Mattsson <john.mattsson=
40ericsson.com@dmarc.ietf.org> wrote:

> Hi,
>
>
>
> It would actually be good to change the name of the registry from
> “Supported Groups” as the new PQC key exchange algorithms are not groups.
>
>
>
> Cheers,
>
> John Preuß Mattsson
>
>
>
> *From: *TLS <tls-bounces@ietf.org> on behalf of Sean Turner <
> sean@sn3rd.com>
> *Date: *Thursday, 28 March 2024 at 15:53
> *To: *TLS List <tls@ietf.org>
> *Subject: *[TLS] -draft8447bis: rename Support Group Elliptic curve
> groups space
>
> <author hat>
>
> **WARNING: Potential bikeshed**
>
> -connolly-tls-mlkem-key-agreement has suggested that code points for the
> NIST PQ be registered in the TLS Supported Groups IANA registry [1].
> Currently [2], the registry is carved up into three blocks as follows:
>
> Range: 0-255, 512-65535
> Registration Procedures: Specification Required
> Note: Elliptic curve groups
>
> Range 256-511
> Registration Procedures: Specification Required
> Note: Finite Field Diffie-Hellman groups
>
> Assuming that the proposal in -connolly-tls-mlkem-key-agreement is the
> path for PQ KEM algorithms (and maybe regardless of whether this is the
> path), we should really replace the “Elliptic curve groups” note in the
> 0-255, 512-65535 range row with something else.  I am open to suggestions,
> but would like to propose “unallocated”. I have submitted the following
> issue:
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftlswg%2Frfc8447bis%2Fissues%2F54&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C0a5a0e0174b640b9535508dc4f36c377%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638472343825594155%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FKpJyM8%2BPLS7Wd1zNGlZoqhFFEQuLNNRzY8bsUQxegA%3D&reserved=0
> <https://github.com/tlswg/rfc8447bis/issues/54>
> and this PR:
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftlswg%2Frfc8447bis%2Fpull%2F55&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C0a5a0e0174b640b9535508dc4f36c377%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638472343825602619%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=nMQWHlYdoSNn9yNstiB2wNLQw5IZl%2BfHtf14UvOInd8%3D&reserved=0
> <https://github.com/tlswg/rfc8447bis/pull/55>
> to address this.
>
> spt
>
> [1]
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fassignments%2Ftls-parameters%2Ftls-parameters.xhtml%23tls-parameters-8&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C0a5a0e0174b640b9535508dc4f36c377%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638472343825608404%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=f3oRbu1I2ThwoKYyK%2BlyO1SDPOrsc3mXShCT%2BeBM3ls%3D&reserved=0
> <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>
>
> [2] Originally, RFC 8442 defined the name of the registry as "EC Named
> Curve Registry” and then RFC 7919 re-named it “Supported Groups” and carved
> out the FFDH space.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C0a5a0e0174b640b9535508dc4f36c377%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638472343825613044%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=EPub%2F4QhJkK3loRgrjTRvpvJ%2FHD7V2qMujI%2FUQW5HAo%3D&reserved=0
> <https://www.ietf.org/mailman/listinfo/tls>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email