Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Fri, 12 August 2022 14:59 UTC
Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA63C14CF05 for <tls@ietfa.amsl.com>; Fri, 12 Aug 2022 07:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.606
X-Spam-Level:
X-Spam-Status: No, score=-9.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=D2lxp1Yw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=aOMBvzsV
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sX0rb_PBgHky for <tls@ietfa.amsl.com>; Fri, 12 Aug 2022 07:59:05 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CA4DC157B3A for <TLS@ietf.org>; Fri, 12 Aug 2022 07:59:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2895; q=dns/txt; s=iport; t=1660316345; x=1661525945; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=fcx79H3j+Xv4Dt9IBhVg5sJKe28zu67R//Gi7PiEHD8=; b=D2lxp1YwDUWqHGGms/D5P1GuZlzxVsUXViUA2/UrLr7Yw8X1WH/Xyk5U JPGkGGnHF29PVJ5TahCL6TU74lE8SlReqhxSsaZCmz+/+N5QeEwH6v8Sf qwSCKnCNKeZmqu6DQuY654qrhOkSlPzzZfaGqsTFIV04rUal17CBwVHp8 k=;
X-IPAS-Result: A0ByAQBcafZimIkNJK1aHgEBCxIMQIFEC4FSUn8CWjpFiBoDhS+FDIMCA4ETmjuBLIElA1QLAQEBDQEBLAsLBAEBgVODNAKEeQIlNAkOAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBCRQHBgwFDhAnhWgNhkIBAQEBAwEBECgGAQESGgwLBAIBCBEBAwEBHxAnCxcGCAIEARIIGoJbAYJtAzIDAQ+cAAGBPwKKH3iBM4EBgggBAQYEBIUQGII4AwaBPYMljCAnHIFJRIEVQ4IwNz6CYgEBgUgahAuCLog1hGSLZzgDRR5CAwtSCAkXEhAQAgQRGgsGAxY9CQIEDgNACA0DEQQDDxgJEggQBAYDMQwlCwMFDwwBBgMGBQMBAxsDFAMFJAcDGQ8jDQ0EGAcdAwMFJQMCAhsHAgIDAgYVBgICGDY5CAQIBCskDwUCBy8FBC8CHgQFBhEIAhYCBgQEBAQVAhAIAggnFwcTMxkBBVkQCSEWBg4aCgYFBhMDIEcmBUUPKDM1PCsfGwqBEioJIhUDBAQDAgYTAwMiAhAuMQMVBikTEi0HK3UJAgMiaQUDAwQoLAMJHgQcBwkiJj0FBV8SHQGYA4EZgTAqU1sgHTQ3L0WSFgOtWIExCoNSoDsWqGaXACCnDwIEAgQFAg4BAQaBYYIVcBU7gmdRGQ+OIAwNCYNQhRSFSnU7AgYLAQEDCYsYAQE
IronPort-PHdr: A9a23:k2JbpRDfam5XnZCigIwqUyQVaBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MlbTuXa1qzUVH0aXCA==
IronPort-Data: A9a23:L3hbzqA2Ftb15hVW/zXjw5YqxClBgxIJ4kV8jS/XYbTApDkq1WBVz TFJCD+CPfqKYDf8fNhwOo219B9UuJGHn9VkOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4WGdIZuJpPljk/F3oLJ9RGQ7onVAOunYAL4EnopH1U8GH570UgLd9MR2+aEv/DoW2thh vuqyyHvEAfNN+lcaz98Bwqr8XuDjdyq0N8qlgVWicNj4Dcyo0Io4Kc3fsldGZdXrr58RYZWT 86bpF2wE/iwEx0FUrtJmZ6jGqEGryK70QWm0hJrt6aebhdqlAkA3pg4FfsmUk4IiTe1j9Bv5 Y1pnMnlIespFvWkdOU1Wh1cFWR1OrdLveOBKnmkusvVxErDG5fu66wxVwdtY8tBoaAuWj4mG f8wcFjhajiYiearwKi2UMFnh98oK4/gO4Z3VnRInGuGXKl8HsufK0nMzcAFwwsCnsJtJ+z5W 9oYQit+byzwZzQabz/7D7pnzLv32RETaQZwlHaujas6/2aVyxZ+uJDsNNPPe9iLWN5Ll0+Cr 0rZ8mD5BVcRM9n39Nae2nuogumKliThVcdOUra57fVtxlaUwwT/FSH6S3OJhMu1tE2fWuhkI hMW+BY+rbYfrGiCG4yVswKDnFaIuRsVWtx1GuI86R2Qxqe83+p/LjVZJtKmQIF73PLaVQDGx XfSxIqwWmIHXKm9DCPDqOjF9FteLABPdQc/iTk4oRzpCjUJiKg3ih/JJjqIOPHo1oSucd0cL szjkcTTr7wXichO3KKh8BWbxTmtvZPOCAUy4207v15JDCskOOZJhKTxtDA3CMqsyq7DETFtW 1Bfw6CjABgmV83lqcB0aLxl8EuVz/iEKibAplVkAoMs8T+gk1b6I94IuWwgfhwzaptaEdMMX KM1kV4BjHO0FCb6BZKbn6rtYyjX5fG6TI+8Bqy8giRmO8EhLmdrAx2ClWbJjzyyzyDAYIk0O IyQdo63HG0GBKF8pAdatM9DuYLHMhsWnDuJLbiilkzP+ePHOBa9FOdUWHPTP7tRxP7V/239r Y0FX+PUkEo3bQELSnSNmWLlBQpUfSFT6FGfg5E/S9Nv1SI5RTh+Ua6NkOxJlk4Mt/09q9okN 0qVAidwoGcTT1WeQelWQhiPsI/SYKs=
IronPort-HdrOrdr: A9a23:6ZtSWKoNru30SWOtOGujtCgaV5uWL9V00zEX/kB9WHVpm5Oj+f xGzc516farslossSkb6K290dq7MA/hHPlOkMQs1NaZLUPbUQ6TTb2KgrGSugEIdxeOlNK1kJ 0QCZSWa+eAQWSS7/yKmDVQeuxIqLLsncDY5ts2jU0dNj2CAJsQizuRfzzrdHGeMzM2YqbReq Dsg/Zvln6FQzA6f867Dn4KU6zovNvQjq/rZhYAGloO9BSOpSnA0s+0LzGomjMlFx9fy7Yr9m bI1ybj4L+4jv29whjAk0fO8pVtnsf7wNcrPr3DtiFVEESstu+bXvUjZ1SwhkF2nAhp0idurD D4mWZhAy200QKUQoj6m2qr5+Cq6kdQ15ar8y7nvZKkm72+eNr/YPAx3b6wtXDimhMdVZhHod N29nPcuJxNARzamiPho9DOShFxj0Kx5WEviOgJkhVkIMIjgZJq3PsiFXluYeE9NTO/7JpiHP hlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonNrtWE8y1FdyN0Un38G+p54Q55Y5/ 7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUBzaPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CES19cvX5aQTObNSRP5uw/zvngehTPYd228LAv23FQgMyPeIbW
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.93,233,1654560000"; d="scan'208";a="927972734"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Aug 2022 14:59:04 +0000
Received: from mail.cisco.com (xfe-aln-004.cisco.com [173.37.135.124]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 27CEx4LK026481 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 12 Aug 2022 14:59:04 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 12 Aug 2022 09:59:04 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 12 Aug 2022 09:59:03 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=heQNGWl7O8FknHvKcAfMAG4FF3g5OsP2dmDQPeXto+DsF+lr4n8l1cHpN5kQnisXLsReiImV9AfaGIReCLMY2qm4IQTPaq56KgNTWLFsq+I7gFQXEOzlGXFs1RHIOEMwmft+N/YWpCq/vqjEVab68tgLPHtKo8F8U/GFCK94gRDivKCArCRVGVA2fO7vJtdRMmQ+zobyOmSVqSK34D36sPh8A3iE+JD4Ca8Mqr+EoWLZmkVDdgtBZ55x17n8N632quN2bYBfE2hzdtTLQ+YzdHA87RZskhqlYBLnAXi7o/qMUm3vMGDodDWhg1nOL5+agXuimhC2sc9SgQpkp4hLsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=riSY89o4tKzzGyoFxmm2lxe1jcrU+3QnyPNyE4h/pWE=; b=m5dbnuPZxKdsW1fmqANZLUdmam3VYyxmopOCB9/SyMVV9nrt4vp7WR0Qwv42U3q4qJAkCAiCDm1gOSkoTbzjh9sPP2kO8/Db7Tba7lFEn6iaEyYaFyGFaZVXypr3BzlKEmVsedLOVyICm3QE+l2brWKX5VqkTpmZUQhySMuqWAbD14uwaOzekdOh5UCyz9QbWj96vc5xyn8bZT5biPsKIwnCqtNGFt7Gwv0jkXcVVqyF15hdm43MQh5dOFesPzcNE9/EVvHCtumAcOYwkMeWQvB+QSpEI0IOeQTOQaUw7KOhDnanXKBtZujUjUh1jCYuAhLAwoDJaRDz8ZXH35lKcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=riSY89o4tKzzGyoFxmm2lxe1jcrU+3QnyPNyE4h/pWE=; b=aOMBvzsVVb+P1Rpy+b59grBXCc2oCLCaNfKsImYL/55KA+BgUwwB3tCQc1rnhiLkFHWlg1vfb9FEgqKJYLW65LjMc7VCI1VbGuPg44N4Eq79zoxRZSBomV/2J2+FHGzFu4ioM8XfNw7+MRqAsOb9h6rBhfP+7/kn6JI14FuJ27g=
Received: from CH0PR11MB5444.namprd11.prod.outlook.com (2603:10b6:610:d3::13) by BN6PR11MB1427.namprd11.prod.outlook.com (2603:10b6:405:8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.10; Fri, 12 Aug 2022 14:59:02 +0000
Received: from CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::ec97:3894:f9f9:ff0a]) by CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::ec97:3894:f9f9:ff0a%3]) with mapi id 15.20.5504.025; Fri, 12 Aug 2022 14:59:02 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: [TLS] WGLC for draft-ietf-tls-hybrid-design
Thread-Index: AQHYWkuBuMztUErONkCS/S1i+5V10q0HnNsAgACRXACAo88BEA==
Date: Fri, 12 Aug 2022 14:59:02 +0000
Message-ID: <CH0PR11MB54445EEF2C611D47575715BDC1679@CH0PR11MB5444.namprd11.prod.outlook.com>
References: <27E9945C-6A0A-46DD-89F0-22BE59188216@heapingbits.net> <e43fc649-3fc6-333b-c44d-55de0627c710@cs.tcd.ie> <Ymz7yncQAnzmp/eL@LK-Perkele-VII2.locald>
In-Reply-To: <Ymz7yncQAnzmp/eL@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6e0221ad-b2c8-4d12-6e0c-08da7c7331c8
x-ms-traffictypediagnostic: BN6PR11MB1427:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZuypsEcV/taaYPX45hZzxnf3RxsXuIzfk2QyxwCIsELqEpfJMywuKZk1z0/qgsz7xBqTO4hw/qGYCxPeSzNMLced0pC7hPd6DyPq/6JQC2ggCj9IzvdoYM+AxwspyWYj8rvkbF71pMH2w0vz/swj7NsIB4jOUTWJofwaIsQ7VGiHRH2oXnfiWIuZk8jL6UPdOy3S82X9YcvcIihXWx+J/3D7p4a6WokTslQfN8GlW/RBi08SSHNRXdlEU8oGJbrd5BbNLvlo5ljAvkxv7ozcbbjvnIhgsbxzANXKzYnM2aDID9EJwdjA6ZJ9gwegWHh2ucijqujRv54043OtJFqGnDddL+afwMMITYxxCK4wupNyIivOCX1cM/B30rDgCMSxpO3MS7PsiiFztjasVggsz/G1LoY/XfeGls2lDHQgZBsSEDG3340mvqnAc5Q8WoDv9Xy82wZoOY4EwhnYZu76jCF/WXrIVjbh3xuxJg8QMVzE6UGY3ImGc9jlReOjSUhFG8Wg9hn1zekku2CvJJfvbnR8NOy/UQSUEP9wGIQcixJpKMQs9NwG7H/5LW+wIm3FMLfF0S6G3GTj9j93suHyIcliU85Lquz/lYGMy7EtAfcTsknnOGd8sJmtA9QFo6rFG9mhrz/4RKHKGoCC0g8GUlXPnl5bpAj+j75QgSpMPzZ7VRkv20yhsYKUaQTTVKsWAvjtLezNJvIJ4tUrlOHjsP489yBk0f10mIB/4zj2/Jxu4nxjQeC1xHL92tcA9dgt1HFrkIuI3yJzBfFp1QqrhCTbZQ9E7UwUdem3B3E4Q5KZ51S7du4APepFqyRNdYzyR6xkeGxDLTDlpBfTBy4AkQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5444.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(376002)(366004)(396003)(136003)(346002)(5660300002)(7696005)(6506007)(53546011)(41300700001)(52536014)(9686003)(26005)(8936002)(86362001)(66946007)(110136005)(71200400001)(478600001)(66476007)(64756008)(966005)(38070700005)(66556008)(66446008)(8676002)(316002)(2906002)(76116006)(55016003)(186003)(122000001)(33656002)(83380400001)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2MeFC9t/4Y/ZCDDv9psnwDdHD3WNdEY1g09rZS7kTlnKJlcPSIRO3xJzNnqaMhgNN7xymxob9CTzYO+5VjkEcx0WenTugeZnXgb+wcrEomSBqbQ3oWuKe0l6nczIzEahF4+IokZt8ncnXGsMQP3QDhtlWRhSVUhmoY0IJrAsKDTmyNOAvOLmgAMLMmx7djzHdQXGQ58JAh74dDsMzGVSciLEasTsYvggah+Kn7Y+Gbbz/iGDgQaSpguynMxBEaPI03zjSrQbZ83SLDRqHR0MjXb2ARwKfySnh1WXWMVThAJxsXZDLBLMqnZsXaY3b9kk78QINPaKDElmOV4RJRK3H4QBwqi+NqBupiLg18Vm49XuC0xtRvKuRwgGgFa32UOJpPwebQE1KRMKTTkbFr/wEve5Dq6Ljz2rZ7wcNoriZjTjbW7Z0vIYUEBE40bVM0TwheN5eCqfONrokUWzecJdPtaL8/ahUndYs6Fs86JjHBznj53ME9BFpJaeIXNtyunrXouAJ7agr4S3nVJJVAlsGJpBTT+kJdIIpI+3wlW+1GWBrzBbJ4jR1qgVhaHRb5D98CO+OeQsBB6kq4sZddDYAV8D9QJ9nxufeOfsCcbmf2AkZi/H5mN43qfX2H5X83oTPWJBSQZk/BIwwpEPPkB2XbhA8la6ph1p+IUd5uF7pOqildQ9kTXKp917PCqHBr7L/a1c1OzB1VAu/19v56n2GU1RWy2NTsrkTxMtcgj/OC0FFqknsXOYBDXx8nPRRDY2h3vj4SBuOg9iFRE0iaWVv/3TPr+5Yren4EOh9GZVXlWxA9yeEsShG6AQHoCi+R8z8eN2unoK3Ot1GcnifYwJ+/vM4wjNSfccACJr800DpC3TJJCFnuTQwsVTJ6iM2KLs2i5f5YqmuPSuL4iarSXRbe/uBfNgQQVap61dR4Xmid5xh2b1oTRBUYGlxOevtWX2HPmnxb4dTsMUCLyJCieJVW0jOJ0yWmgR8OtBQ++sfBdVElQafzSwl8XW5NeyVId+8Is/UNK1BewvvGyAHYpI+nK+ADGMn/CFOtt0POg2zl0JE0KItclyZ3cNrkgLe6DPOcTo3dVrtY5JH13SrbieebBirkV5Y/Zao0DMZk4NGQlG/Mf7dpFjvG99f+BSbkDpaOGzBUYZLOrJjcf3jaVnTyWiFlm/5SkpcvKyw0J38SF63olt1BmtT2P0zZkSadbl2/HYdH0Ov3fejLx8gce4trx3qG5U4X1WysfvEeU+FZZlrYERyIbMNO5FESWE8Sr1KT1uNK17UA2xs7o1Utd+DLsirw4bB1wzmoni1ZwCxN18OozXa/y3qU6yKZCLxCTNbAIVH+amryvnS4f1ezzL/GbmuyX3HueTxCH7bb1GBUiXSs3Z0H+yjET7CSoiLnkFMvrUNHcWFAS0cNNY8zR+tb5ijeFi5Sltft6Dp5hazJ2U650yniVunwUVIvn72Vg818X5NsPneHJ/Ub4XsXRmHNPfbIGvDX7TCeHYoQpVWAyPO/Rb7i2HMNS7aGd+s1ScjlNDWiZUQoaq6WtahNkNbps26DHE9t1YQE/4T9bwtqFo1c7ZfnT5Rix6x9gKLANW
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5444.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e0221ad-b2c8-4d12-6e0c-08da7c7331c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2022 14:59:02.4180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6emUCtH0evriHnG2ZOF9f4tkbMCbcm/crUImZgH+fAwSuWjMGcJIcEWmiykZrTh66k2djJ0d5DwgctjnQE/NBg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1427
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.124, xfe-aln-004.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/60-0Z6Sxm9mvA_Oz9qAfGke4vmw>
Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 14:59:09 -0000
Sorry for the late response; I was going through old emails and came across this; I thought it warranted a response > -----Original Message----- > From: TLS <tls-bounces@ietf.org> On Behalf Of Ilari Liusvaara > Sent: Saturday, April 30, 2022 5:05 AM > To: TLS@ietf.org > Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design > > I don't think compression method like ECH uses would work here. > > However, I did come up with compression method: > > 1) Sub-shares in CH may be be just replaced by a group id (two octets). > The replacements can be deduced from length of the whole share. > 2) First sub-share copies from first octets of share for the designated > group. > 3) Second sub-share copies from last octets of share for the designated > group. > > This can be decoded regardless of if the sever knows what the referenced > groups are. The compression can also never run into loop, as recursive > references are not allowed. > > > So for example, if one wants to send x25519, p256, x25519+saber and > p256+saber, one can do that as: > > - x25519: <x25519 share> (32+4 octets) > - p256: <p256 share> (65+4 octets) > - x25519+saber: <x25519 id><saber share> (2+992+4 octets) > - p256+saber: <p256 id><x25519+saber id> (2+2+4 octets) > > Total overhead is 22 octets. 16 for 4 groups, and 6 for the compression itself. That sort of thing is possible. However, it was my understanding that the working group wanted a simple proposal; one with minimal changes to the TLS architecture. The current draft, which treats the hybrid as a single atomic group, meets that. This compression protocol would require something on the server side to parse through the compressed key shares to extract the desired shares (and, of course, handle it if the shares were not present). We'd also need something to distinguish between exactly one key share was presented (that is, the current protocol) and when multiple key shares were given. And, for consistency, we'd have the server use the same TLV format for its hybrid keyshares if it selects a hybrid group. So, the advantage of this compressed design is if the client's proposal was close (e.g. it wanted to negotiate either P256+Kyber or x25519+Kyber), it wouldn't have to guess - it could include all the alternatives, and as long as the server accepted either one, the negotiation would proceed; with the current draft design, the client would have to guess (and if it guessed wrong, we'd take an additional round trip for the HRR). The disadvantage of this design is a bit of additional complexity. Does the working group have a strong opinion about this? > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Nimrod Aviram
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design David Benjamin
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Nimrod Aviram
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Douglas Stebila
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Russ Housley
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Florence D
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Jonathan Hammell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kampanakis, Panos
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kampanakis, Panos
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design SofĂa Celi
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara