IETF Logo Mail Archive

Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space

David Benjamin <davidben@chromium.org> Thu, 28 March 2024 22:04 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2DE2C16941B for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 15:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.327
X-Spam-Level:
X-Spam-Status: No, score=-14.327 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZXxmaa_PoDyA for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 15:04:33 -0700 (PDT)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97B03C16941A for <tls@ietf.org>; Thu, 28 Mar 2024 15:04:33 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-dc6d8bd612dso1529241276.1 for <tls@ietf.org>; Thu, 28 Mar 2024 15:04:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1711663472; x=1712268272; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=35h70cSKuSwiToNCgB5iaEwTEHCSIcgiqkHj/DUgDME=; b=nqfxbWrEtXKv1a3Y4jnnWue3aBAhsvE/s+TZrBg9se3mazWFrimMfCRKBLCoJChqTZ +KKHKTIeb0aYih3pNcWDn3v4zuvhPHhrSaGQbtU5O+oaVUt3T861GOZKZHiySYyWmSnv VKlpB57tzioCBl0dc0Pdf1ABgLJzylSI6wkNk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711663472; x=1712268272; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=35h70cSKuSwiToNCgB5iaEwTEHCSIcgiqkHj/DUgDME=; b=aupnH9BahdNmHea20eU578DkU/nkMBdahItyT4ThFfoqWIUX8Yeg4/DqguckoDYjBc IE+cYYajGtjNADBVHvGGmcIpLevbV5W0my3mfPv2prFxZHcvUFSH1Y9jSByuxa0kVtRZ ZqrBJ3ST33QarqoKPvTauLnPJsMunyHneUY8rc//suT3g+5NNf5adqd/e0Kd/hJeFVpi t9kNQLTLdWBsfR6a133v4VsuIrEa1j4+MzytHBJwaKIU6sQpimDx3cUykfKkDTZenrIS swH+Qz+d69mctqFKkqh29eLzs8BaunINlvcmX+t1tNVbuSGDrEDntKivjxCBuY9qESC7 IaZQ==
X-Forwarded-Encrypted: i=1; AJvYcCXV6tmjtwQ/5laicMuwV9nUKQuip4Q8WwzTbCi2xzlWUcWgUpY7+pkCwU6WyN/89Sku05xnECX9pWjinRQ=
X-Gm-Message-State: AOJu0Yw4LaQBVyw6tzWWbUI07sOaNBBGnsKfduMgyyMY5ZqiG+xmDB7F FeAc5V8qKNinetLO+EAN6+L/zq8zbfku+qlit7lT4nDddb2Yfcgy8aQgyzjVBezHjVOS+WLvJ4H tf5KNnjPwfYCc1AWMX4vfEwKmrgFL5XWJoc/zC7otWAL/+rOl
X-Google-Smtp-Source: AGHT+IGevjMiJSR7i1aAVlYYSmPdBWujkFOqRbXxao05uxZ56AViX2cpCp8tO/aKQC6chpA9op+iowNbwCDzJqw9qZ0=
X-Received: by 2002:a5b:94c:0:b0:dcd:3338:a3c5 with SMTP id x12-20020a5b094c000000b00dcd3338a3c5mr605625ybq.33.1711663472236; Thu, 28 Mar 2024 15:04:32 -0700 (PDT)
MIME-Version: 1.0
References: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com> <0BC652C3-9BBF-4E18-97D1-4036EA16C9E4@vigilsec.com>
In-Reply-To: <0BC652C3-9BBF-4E18-97D1-4036EA16C9E4@vigilsec.com>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 28 Mar 2024 18:04:14 -0400
Message-ID: <CAF8qwaCSNQaB13OgMU3DZyiWk27inExnNpORfZgMq6H-Vhr=xw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Sean Turner <sean@sn3rd.com>, IETF TLS <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003d478e0614bfb5bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0VCfuDKfkWRMtD03_uUzvhPNfQs>
Subject: Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 22:04:38 -0000

I don't believe we need a separate range, just to unmark the elliptic
curve range. TLS does not usually ascribe meaning to ranges of codepoints
because TLS implementations do not need to categorize codepoints they don't
understand.

The only reason supported groups was partitioned was because of a goofy
thing RFC 7919 did for FFDH. That goofy thing also was what made RFC 7919
undeployable anyway, so it didn't work out. :-)

On Thu, Mar 28, 2024 at 5:08 PM Russ Housley <housley@vigilsec.com> wrote:

> Sean:
>
> I observe that ML-KEM is not a Elliptic curve group or a Finite Field
> Diffie-Hellman group.  I really think we want to include sepport for KEMs.
> but a separate range is needed.  I assume it will be carved out of the
> Elliptic curve group range.
>
> KEMs are not "key agreement" algorithms as suggested by this draft name.
> In a key agreement algorithm, both parties contribute to the shared
> secret.  With a KEM, only one party generates the the shared secreat value.
>
> Russ
>
> > On Mar 28, 2024, at 10:52 AM, Sean Turner <sean@sn3rd.com> wrote:
> >
> > <author hat>
> >
> > **WARNING: Potential bikeshed**
> >
> > -connolly-tls-mlkem-key-agreement has suggested that code points for the
> NIST PQ be registered in the TLS Supported Groups IANA registry [1].
> Currently [2], the registry is carved up into three blocks as follows:
> >
> > Range: 0-255, 512-65535
> > Registration Procedures: Specification Required
> > Note: Elliptic curve groups
> >
> > Range 256-511
> > Registration Procedures: Specification Required
> > Note: Finite Field Diffie-Hellman groups
> >
> > Assuming that the proposal in -connolly-tls-mlkem-key-agreement is the
> path for PQ KEM algorithms (and maybe regardless of whether this is the
> path), we should really replace the “Elliptic curve groups” note in the
> 0-255, 512-65535 range row with something else.  I am open to suggestions,
> but would like to propose “unallocated”. I have submitted the following
> issue:
> > https://github.com/tlswg/rfc8447bis/issues/54
> > and this PR:
> > https://github.com/tlswg/rfc8447bis/pull/55
> > to address this.
> >
> > spt
> >
> > [1]
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
> >
> > [2] Originally, RFC 8442 defined the name of the registry as "EC Named
> Curve Registry” and then RFC 7919 re-named it “Supported Groups” and carved
> out the FFDH space.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email