[TLS] Re: draft-ietf-tls-hybrid-design-14 ietf last call Opsdir review
Douglas Stebila <dstebila@gmail.com> Wed, 13 August 2025 22:30 UTC
Return-Path: <dstebila@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5AB6353C4476; Wed, 13 Aug 2025 15:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzcTxzW00pFm; Wed, 13 Aug 2025 15:30:18 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DBDFB53C4471; Wed, 13 Aug 2025 15:30:18 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-4b109c59dc9so5502591cf.3; Wed, 13 Aug 2025 15:30:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1755124218; x=1755729018; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hbGBDIzFsE/RH8F7SaOuekuEWahCpRwprkqgJME/LBo=; b=N2H2S2HKIfXEfV09Rt6tA/wDb32Diuo5Wa1jpJA3/s0w3o/ZGDFFiTBi9PSkwKMi+7 wGiTUD2H6tXuS9pd9bI0Kw6GfgDBu2BrvQsJn3HCVRTuZ/Wt77isKA7RYh+KHXNu9TM8 ymlqTcyYj2lenMCFnKFVv2ImX3PbN15rTeFRL2h0D63jYLpsRF/a6J9UZlPk8WF3DFNA dOg9KoPxFtv7CJjED7+gPkjgio6tTsSxVFBbMi7pFVI3Ys5QgRixmFMRtfe7lHMdPr/z CriOzeSXCyzt4F+Pz0BEFP0+v5PEayYthx4EepDJHoIBCFVwdyml8t6nFl1NWrZY+6jq 1meg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755124218; x=1755729018; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hbGBDIzFsE/RH8F7SaOuekuEWahCpRwprkqgJME/LBo=; b=ojLz2ARsbCJDJo+HVJ5YeLfj/IwlAl2gL1vnXreiyhk2nuZJX+R3AJngtNg+0fVm3o NN3MVwvLZfJEAFviyXgurYxFcEcQj2U/calnwv9DRY9Di9XJNBOs3J2vb0Zw9DOx37eJ jvr7ow8/8dJrz8VY8TpHsCryz9/P0Qi/5Biz8JgBJQkmuwyx/CQHEQkjv9VF+a17NAlX uUdABI6kE3ZBif9IUdji9nhLgenP2dAn1vAQmxA6SQeOW44b5QYhsov2N6GUrGBUWLfZ jLbclgo3rC4WjRG00pJ1fPSqy/DRC4qiWwqqeBUC1fWwliBYb6tz4vVhR8rxpVX+oUe2 qNkQ==
X-Forwarded-Encrypted: i=1; AJvYcCVJNGCQgJBBxNVuVnnXFftmedhVzbLfXRiJlffioV+bjEQKaXMmPWwCBGPaAF3yO7R7C3OeHMJ9al49Gen63yeM/1qEIXukwGJz97/fIdjXNw==@ietf.org, AJvYcCVe00wQgF7/kVuWYvGhD9qtbF1O9jtYy3aqirrXjNJ4NO5UK60V9gR4b8eBfENsNUPB5XzN@ietf.org, AJvYcCWEbh8dk53INM1pMIr1SDzgn0k34MnhPuebwZa7CE8A5s5+ioLGDKvuTSn2ZovrBPbQm5N5Zc7t/3qy@ietf.org
X-Gm-Message-State: AOJu0Ywpsrd9gdH3Xc+o25Bs0JiGiwRrz9ej9lVwHK/H4lj4MFa2PYso In4zBW8Kl7jt/0GF8P6nzQ84OTEQTk2gNNVlANCpNTx39F8QOhxqLkoTW6GQ7BaH
X-Gm-Gg: ASbGnctDSeAl2LxC+jijK1LETmwVTy8CX7issA3wR1bpKBo2ImCx/g4pcDk/HOEn+4H hqYyxZM0U2lRXgM2K0witzEK6wRjJEOupC4tqpHyHjIYirDuzNzCXmGPGKS3uVharCPUebz4ykV 9jPXURL+9GuYrPFRO0lcE82BzJwpylrBUuTX9jdzPngo5MQi9LHhu4f1qBlJGu+JMISbUmJNu8U B7AUfKw5D8TLYjEZr4rC7mCTKvVA5R3ap8iKCBffXbERQ32Y7DvNz5binOQ6UJgX5xzM/4mliBr 5kWajC+XRww/fOhpnnnBdLYpQ9JBdLLhU64TCjNrZKrlIwHrmE8Z8ta6h+f+HXUoQPFnFxfjoHI q4yNEXJ0+ALcND4EBFIlp4Tr4Je0mZaKcxZWmK3yczidxbMsB
X-Google-Smtp-Source: AGHT+IFLU5CPEot/OgrF1mi4hopubbGSulzUUX4XOACU7msapbNOdj+XcJT88jew6E9N+aeKUMgeOA==
X-Received: by 2002:a05:622a:1347:b0:4af:1d9a:e7dd with SMTP id d75a77b69052e-4b10a9199c5mr15296281cf.10.1755124218215; Wed, 13 Aug 2025 15:30:18 -0700 (PDT)
Received: from smtpclient.apple ([2001:56b:3ffd:590b:7c9b:c413:136b:b4e9]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4b06c93c03csm141730741cf.22.2025.08.13.15.30.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Aug 2025 15:30:17 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
From: Douglas Stebila <dstebila@gmail.com>
In-Reply-To: <175508979373.758796.9422080430668340306@dt-datatracker-6f95f9d9c-8g9j6>
Date: Wed, 13 Aug 2025 18:29:20 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <ECD5C672-CE6B-4DB0-9005-6A95E16A3569@gmail.com>
References: <175508979373.758796.9422080430668340306@dt-datatracker-6f95f9d9c-8g9j6>
To: Tim Chown <tim.chown@jisc.ac.uk>
X-Mailer: Apple Mail (2.3826.700.81)
Message-ID-Hash: IUAL2F25AAHI2FTTF264IDCIBF5NA532
X-Message-ID-Hash: IUAL2F25AAHI2FTTF264IDCIBF5NA532
X-MailFrom: dstebila@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ops-dir@ietf.org, draft-ietf-tls-hybrid-design.all@ietf.org, last-call@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: draft-ietf-tls-hybrid-design-14 ietf last call Opsdir review
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1Gl_XGehn2LzaEurzSgMsnUwW-4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Thanks for the feedback. Responses inline below: > 1) I am a little puzzled that it is Informational, yet uses a lot of 2119 > language, in particular several MUSTs. While I believe Informational documents > can do this, I think it's relatively rare to see. Perhaps the status should be > reconsidered, or the use of such language. This document is meant to be a framework for subsequent documents that will instantiate hybrid key exchange with specific algorithms, such as draft-ietf-tls-ecdhe-mlkem, which will need 2119 language. That was my reasoning for including it here. However, not being an expert on IETF document design, I defer to the TLS chairs and others as to whether this should be revised. > 2) I also note the document states that the term 'hybrid' is used in other > contexts, and could potentially cause confusion here. I would agree that > 'composite' would be a better term to use, but a rewrite to change that would > take time and effort. The usage of the term "hybrid" in this document is consistent with how RFC 9794 uses the term hybrid, and the language in the PQ crypto adoption community also uses hybrid frequently in this sense already. If you think additional text should be added to warn the reader about the different uses of the word hybrid, I can do so, but I don't think a rewrite to globally replace "hybrid" with "composite" is desirable. > 3) The discussion around performance and latency tradeoffs of the additional > algorithms being blended is appropriate. The document could note more clearly > that the tolerance for lower performance / increased latency will depend on the > context and use case of the systems and the network involved. I've added some text to this effect in https://github.com/dstebila/draft-ietf-tls-hybrid-design/pull/48 > 4) In the backwards compatibility section, is it also possible that a client or > server may not be hybrid-aware, but two 'next generation' algorithms be in use, > with no traditional algorithm, or by definition does a 'widely deployed' > traditional algorithm have to be included? That's a good point. I've revised the text here to refer to "non-hybrid" instead of "traditional"; see https://github.com/dstebila/draft-ietf-tls-hybrid-design/pull/48 Douglas
- [TLS] draft-ietf-tls-hybrid-design-14 ietf last c… Tim Chown via Datatracker
- [TLS] Re: draft-ietf-tls-hybrid-design-14 ietf la… Douglas Stebila