[TLS] Re: Fwd: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt
Alicja Kario <hkario@redhat.com> Mon, 18 November 2024 15:14 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24409C151527 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2024 07:14:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7gPfyVV0H9j0 for <tls@ietfa.amsl.com>; Mon, 18 Nov 2024 07:14:33 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38C4FC151066 for <tls@ietf.org>; Mon, 18 Nov 2024 07:14:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1731942871; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3lr62hOfyVci9N9353wwu4Mf2Wzoprm1Itbg0OlP+5Q=; b=EcBbrOKTOUYIUbhLoSVCK4Ugei0egV48fDNYk97Wifl0crimkhTyCfHrBNVtrH6NGdEN5L 94sCH6p9m/OhhakNDgaXCbu67elXEDVekcAjEAj0PBX9iqtDCLtfUj3mmXFcuSljwbR3v+ l5vuXwsHrhBTOqijzQ8agc9rcfR+adY=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-686-Z4LX8cSvOVKFZimeIsgU3w-1; Mon, 18 Nov 2024 10:14:30 -0500
X-MC-Unique: Z4LX8cSvOVKFZimeIsgU3w-1
X-Mimecast-MFC-AGG-ID: Z4LX8cSvOVKFZimeIsgU3w
Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-381d07c377cso1544191f8f.1 for <tls@ietf.org>; Mon, 18 Nov 2024 07:14:30 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731942869; x=1732547669; h=content-transfer-encoding:user-agent:organization:references :in-reply-to:message-id:mime-version:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JalIQe3h9oL++u9B1JCdW+C1TtfCxw4+U2Q1hCpYpmA=; b=OWkp62OXDiF+pGfjV+ea6Nb5VLLfrqfaOVvHZjE00hLC6MVtKsX6VvunMS9cSNFRoU vIEy5UjtBP9GKLSyy3Wh3Ll4oeizemK0YrpCkp8BlVa4VxrAHKnP1rtpea2lx0SqGwDE 7JjLHINqNL/tc63o+kjADHwc3tG0jycvc82LAJWvCPTJKmKrAr3sMl5k8T3XZJ/5ztLW zjYqxTZ9EwDiq/EhMmL42AWrxMKVRdWJfIdTNhlQ0x6decqnfFojLgZ/STPuBi0zPRzZ ZTpgu+tYHp613d41Gt06WlRR+Rzd/P43HaihFwZwQRpCUtbGh5s2wjt1RyNgwKt9NInO fERA==
X-Gm-Message-State: AOJu0Yx/HOgqLi3iPn7p0obVtmvw6wGpin8Qm0uRla5ukkWGtftJ3/Jy tVyEC+lT3UbD74mdHmdPIHWr5evhp4KXz64VI5Ki1iS8UFe4k05+VSQZJiqy5TZNgQLWYMZVJvY 9RqFoNkUPa7XZNF9zg+6wRglV321CpUVXsCUtedPDftdYMo5t
X-Received: by 2002:a05:6000:1543:b0:382:2f62:bd46 with SMTP id ffacd0b85a97d-3822f62c00amr9865319f8f.6.1731942869057; Mon, 18 Nov 2024 07:14:29 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFhmJgMY/7MpZJPnGs4/cpVZn9aCTDKRc4oz3FvkBu2BPFB06DxLsByNaWwHRTM6pmch+DVYg==
X-Received: by 2002:a05:6000:1543:b0:382:2f62:bd46 with SMTP id ffacd0b85a97d-3822f62c00amr9865299f8f.6.1731942868697; Mon, 18 Nov 2024 07:14:28 -0800 (PST)
Received: from localhost (ip-94-112-13-93.bb.vodafone.cz. [94.112.13.93]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3823e2d8fc5sm6049432f8f.33.2024.11.18.07.14.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Nov 2024 07:14:28 -0800 (PST)
From: Alicja Kario <hkario@redhat.com>
To: tirumal reddy <kondtir@gmail.com>
Date: Mon, 18 Nov 2024 16:14:27 +0100
MIME-Version: 1.0
Message-ID: <63ae3170-fe68-4f28-a19b-63c4f17a6740@redhat.com>
In-Reply-To: <CAFpG3gcjtwNnKMKxaGNQvVUYgUZSr0JF3BqRqVOUYazwo6H2+g@mail.gmail.com>
References: <173158352910.1151051.1311275574279677136@dt-datatracker-5f77bcf4bd-4q5pd> <CAFpG3gcjtwNnKMKxaGNQvVUYgUZSr0JF3BqRqVOUYazwo6H2+g@mail.gmail.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.14; xcb; Linux; Fedora release 39 (Thirty Nine)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: BAh9Ms4iWNsudaOJaLd0RbasyeUKvt7fhzp4_jccYgI_1731942869
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: N2KABNWB5KFHBMEFPDDKUCI3VPEIPUDM
X-Message-ID-Hash: N2KABNWB5KFHBMEFPDDKUCI3VPEIPUDM
X-MailFrom: hkario@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Fwd: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7AhVQCaL7q7R-hXCVRVqmm4iYJY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Thanks for the work on this document, it's highly appreciated!
Few comments:
- If we allow for pkcs#1v1.5 sig schemes in signatures_algorithms_cert but
not in signatures_algorithms I think we should, at the very least,
ask IANA to add a column to the SignatureScheme namespace that
includes that information
- while the descriptive text does say PKCS#1v1.5 schemes shouldn't be in
signature_algorithms, it doesn't specify peer behaviour if the other
side of the connection misbehaves ("MAY abort connection with
illegal_parameter if it's included in Client Hello or Certificate
Request signature_algorithms extension" and "MUST abort the connection
with an illegal_parameter alert if it's used in Certificate Verify
message"?)
- while the mapping for Schemes to OIDs in
draft-ietf-lamps-pq-composite-sigs
for ECDSA and EdDSA is clear and 1-to-1, that's not the case for RSA.
The draft-ietf-lamps-pq-composite-sigs specifies RSA with specific key
sizes, and for example we have both id-HashMLDSA65-RSA3072-PSS-SHA512
and id-HashMLDSA65-RSA4096-PSS-SHA512... which one should be used with
mldsa65_rsa_pss_pss_sha384?
- same for the hash function, the draft-ietf-lamps-pq-composite-sigs uses
SHA-512 for the combinations with ML-DSA65, while this draft specifies
SHA-384... I think they should be aligned and identical: the
draft-ietf-lamps-pq-composite-sigs schemes should be considered atomic,
with a key of id-HashMLDSA65-RSA3072-PSS-SHA512 able to perform
signatures
only with that scheme, not with arbitrary hash functions...
On Saturday, 16 November 2024 06:57:17 CET, tirumal reddy wrote:
> Hi all,
>
> The updated draft
> https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/,
> incorporates feedback received from the WG. It outlines how
> ML-DSA in combination with traditional algorithms can be
> utilized for authentication in TLS 1.3.
>
> Further, comments and suggestions are welcome.
>
> Best Regards,
> -Tiru
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org>
> Date: Thu, 14 Nov 2024 at 16:55
> Subject: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt
> To: Tirumaleswar Reddy.K <kondtir@gmail.com>, John Gray
> <john.gray@entrust.com>, Scott Fluhrer <sfluhrer@cisco.com>,
> Timothy Hollebeek <tim.hollebeek@digicert.com>
>
>
> A new version of Internet-Draft draft-reddy-tls-composite-mldsa-00.txt has
> been successfully submitted by Tirumaleswar Reddy and posted to the
> IETF repository.
>
> Name: draft-reddy-tls-composite-mldsa
> Revision: 00
> Title: Use of Composite ML-DSA in TLS 1.3
> Date: 2024-11-14
> Group: Individual Submission
> Pages: 8
> URL:
> https://www.ietf.org/archive/id/draft-reddy-tls-composite-mldsa-00.txt
> Status: https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/
> HTML:
> https://www.ietf.org/archive/id/draft-reddy-tls-composite-mldsa-00.html
> HTMLized:
> https://datatracker.ietf.org/doc/html/draft-reddy-tls-composite-mldsa
>
>
> Abstract:
>
> This document specifies how the post-quantum signature scheme ML-DSA
> [FIPS204], in combination with traditional algorithms RSA-
> PKCS#1v1.5,RSA-PSS, ECDSA, Ed25519, and Ed448 can be used for
> authentication in TLS 1.3. The composite ML-DSA approach is
> beneficial in deployments where operators seek additional protection
> against potential breaks or catastrophic bugs in ML-DSA.
>
>
>
> The IETF Secretariat
>
>
>
--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
- [TLS] Fwd: New Version Notification for draft-red… tirumal reddy
- [TLS] Re: Fwd: New Version Notification for draft… Alicja Kario
- [TLS] Re: Fwd: New Version Notification for draft… tirumal reddy
- [TLS] Re: Fwd: New Version Notification for draft… Ilari Liusvaara
- [TLS] Re: Fwd: New Version Notification for draft… tirumal reddy