[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt
Peter C <Peter.C@ncsc.gov.uk> Mon, 12 August 2024 12:03 UTC
Return-Path: <Peter.C@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA26C180B7C for <tls@ietfa.amsl.com>; Mon, 12 Aug 2024 05:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.453, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P88S760LAd9X for <tls@ietfa.amsl.com>; Mon, 12 Aug 2024 05:03:44 -0700 (PDT)
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on2057.outbound.protection.outlook.com [40.107.121.57]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE0E3C1516F3 for <tls@ietf.org>; Mon, 12 Aug 2024 05:03:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Bgfr21BFcnugb6bLr73wCaZR5buWEg2GXFHUhF5NaPSXRv6ZBZjwLdvy5u4oQMu54R+DrU05czKXs0mjEyK7hsEHF5e0YRyO+XdL3Z797JdJxenX7QD15apo1VbOdM6RfiqWi3Gcmuq/Zdv4kpu0/etQnhjuwpn+Uyj54W1nCQGclc2H18aDwaF9/hZaPlYL5MdaVG+IdAu7Etnpc+hz6qNIPdFxg2jr5FLzvtc/k4lmzCzeI1QMR2HtFVF+kdqs5aa1+8ypfrvlCcyoetV8jO7t21QjhRP4o/bIgFynnSqxJrM2gU7tU6r1dnhR5CV1Mn5jU05AcqoYbqH+Y7fiTQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LpstP7wFLkqzkc/Vmk+M9vuieZ9NjxrjFHiH4D4GZEw=; b=gBySkgzPFekXzvT+rxFYJqzhSidCFH6gVwlMq7r2Wz9sh1NeEk2TOh1OfaKXMz9rhZA6W2kVYF2eatP4kx7hhn1blvYizTcm3zddPYJqFZwMh738L/tRSABtvuBU7QZtDoag/QOXwHPvt0d2XS3Ia2YA5jqz1AWog21Dut3hYzhJACsQCbL06IyiWPDqksE0rCAeXdHlGr2UjHlu3c0rmItekvEM9Gkgq2w4O8hjLcpeOpM8zxb1MWC9bIFHtYRsaY4vMPF1llDw2UiqwmJ8icqWM2VX0C7YZ4M7UB6hh0vlYOWES7kFdUq8N7VCuxUd17crYwF4+QVn2ZPrgZhzsA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LpstP7wFLkqzkc/Vmk+M9vuieZ9NjxrjFHiH4D4GZEw=; b=FUEC6FYhk7YlyckumXnEUT2h+8FS1fdJ+jMm+hrvsH89dHkUNjqivw1Etx8gJwqwti7HTHLwp26+dg/Mj+7BP+F2Hnfbd/X77emtFkj3jcikuD4QX8U57uEPnKVay2+sbJ9Fn9biG0knM7VJImxIi7I58nVYEb+OT6fb+5p3VnxSy5p8W5hOxOjlSkyo2s0Ew86Xw6C9qyNbg0VSg/+kzOJMr5L7kZ2o2eJYSov8lzIyYi/DGyRSManZDaRiHuu8NaTUEiC2meQfJsR3TDOvs4C/C46xOfNoJQgS8aB9A1/K3U4oLpJsb4zOfmpzT92s2c6sblzHDq3zA4gZd+f9DA==
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:31d::15) by LO0P123MB4154.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:15c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.20; Mon, 12 Aug 2024 12:03:40 +0000
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0]) by LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0%4]) with mapi id 15.20.7849.019; Mon, 12 Aug 2024 12:03:40 +0000
From: Peter C <Peter.C@ncsc.gov.uk>
To: Felix Günther <mail@felixguenther.info>, Marc Fischlin <marc.fischlin@tu-darmstadt.de>
Thread-Topic: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt
Thread-Index: AQHa41ohZxuLH2hwW0qzAG2ALo1VbrISHvQwgAHToACAD5ia8A==
Date: Mon, 12 Aug 2024 12:03:40 +0000
Message-ID: <LO2P123MB705175FE3FDE2B08DFF8A1DABC852@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM>
References: <c2c0d90e-2cbc-47d5-be85-e266d529c761@tu-darmstadt.de> <LO2P123MB705194B760C522BB24E37DAFBCB22@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM> <fd2e87d8-8376-47d4-af06-27a8ebd64504@felixguenther.info>
In-Reply-To: <fd2e87d8-8376-47d4-af06-27a8ebd64504@felixguenther.info>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO2P123MB7051:EE_|LO0P123MB4154:EE_
x-ms-office365-filtering-correlation-id: 82510309-f7ff-4666-6080-08dcbac6ce51
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|38070700018;
x-microsoft-antispam-message-info: JTWVuJcCtwp3OXe4n69NRYKRfqLGHq5O7bV/6lz6QP/lLNvW/g3H0CD1NP7L5WsTNkFUpEN0PRoEbBcU4YTEcL+0nhMpH39HbHEpHvtHfnrt2PuKrzUhJT3q04RG5cd8EYdYSz3PTpKwZQrsPJmd96E+0g2YDRlkM9hcp7v2e0J188gs90mXpZvKnf1KNG3SxBjIXj8efCzedN8jc5JKVX5pP92ENEM51mNfP3ivcgi/7FcjAST/RIZ7HXgNY0M+0GmqXLa8XIMdchY9+i69WjFOwWR8ypUDh3ikSq5pYFzDT0BI7aoCss/vVCKtx6RolKLr5NNeBqW7iijIANL/QaldzkfoHz2fwkpaV0dV5tPelHI9nYqVTBCqzLgktfIqpKKt3uOj+CbA4Ad6jH3h38U9fsfg/SHNWtUDltBVfH8ZLT3HRjdnghe96VQnqrVzLORwqbRGueh5hWNsbvXlQDKiQXYdMiZ9Yj5gexJJ/nSD8xQLjk8xAXG1jm5+dtDJ9fJKQNbiPIM2LWsDYOOwHFsZh0sDOdgqyDVtK7959qX76DUdzNTtBS0vdrGyMKy1XalZrEd/OnUk88ye/UWTincPzdWCQOm+g4gsjcZXzGuPjQA8XH2Ty4w7ap4RJahC0c8C9NQfE598DwD6bVGEuEe397xSxDAmIGC0jzE0IJzpA3f+zkvCuX00UazOine6ZSiN+YbnVj4i3Li/wRp+5uN4diV/ooM7lP01VM8H6yj31PH8UKn9J1N9xZA+l/6D0spDmy66Ae57dQL40EYKWz281K/I8z1JFgpEx8njVw9BPHBWXUhpmX34vQvwCWJBJK1Qqpev7K9Cy7rzuxFqR/3T7fsYXeH9Oh9QBCTceVKs4OtaWRv1bq8QrQjL0YKk8pxlX5TSYF9ekLq+PirveyRQXMzzyAmsLHKOwxKehAKQplFQcg9pgm+AP3MRWOuGUleOfzQrhwCvC8qPNBPWI3DPlgS8oyG57TTJD5i/CS/UK7hh3D6qtYjVHu6KEJoOoWDo85HkbhN4DeIVhuykBoXY48z9KnBVaaUixge9JWUHJLANk/AKenUrEKCx8T96CowZK9yf4DtMszOFtrBMYGD5lqJQyzjBjOm09JpC+GA6Uy3SdVj+P4FS1EP8OMtMFw8tAam8aklNeEIRpeJ2ZpscrbvQZUlx606Wkq7t2dTsUhlXz4I1LxBPsAeF0nwEZ2xpctyPkEMf+zO45LJVJbYlEnX5aZDD5cseqImQJtK+yxWWP5xoNu+SPKkKDiInffUTwGg3jlvaDHvtunWM0XEcTP/K7sc7C/06DZjibnOJGgYTQes1JLVoQn/Zoc14Jrc8DFOMe6U4c3mrDAUwBIqzto9e87PC6J2BrsIDcVg=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: N2pl1g+UTj/ylC5PuiuozMfhFA3D1H2i8w7BCekFzqm0DFDsIBaU1+Q5jWB2EN+6c1QqNDJl/4w066zBI2iMyZu/omK4hN3prN6yReKBi6OOncYMqvV/mnapHxiwhjch/MXwhq5askg+/ardQdgn9Zn1d83y76f+NT4Mz4A6aT0CCKTA2eZ+wXIuW8JLxZ64G1FbtMIeeYlOumOcFlIkmq6J2hy34LSP2tL9SxHGOezlsx8jYu2nXHnHlfTewRnAdkIrvP5BySJ4I4a4YsLV3XuJtNYFN5eMrkH0aqS0gvqccIo1ijaowO8C1wzSrkKEcU0+09l4cykQzcbHGGYIlmNIKQb9B55RkRVktN4xQJXNNumANZ5cqd2FzZV4KhMg6JBcXQEfgwuubJo+wrKrmat12q6pgesCTXkHdYOl3ZBXv56ve5YRY1g79yG1IGehk8L50cJNmiaO5sNLFkMvfavB4xIrsTKPso42+oYS6Tge2mnxhGszohzKVrDJ6TfScqEfDmb3+NdKuhq2iwb+iDdtk5bKAY1y6C5OIg2tjglLfxMbQsZ22j2upezxeSLqS9T46bbrGjP4GtflK2eXG3cNW4HD9sJbTKxG7FAo9+MJ04WpgeB1gto/MMU6F9WXgt8iLDy/ED9W4bGYiSdEZmF5ASJ76XrdcEkThVmwz04j/8mQVwQ1xI+C2t8fFtm3mJVwxYlyGUefMpg82dc2PE3OmMU/Vx0ffNViX+C02D1xk/r4SBjOxocy2mGqyRZ59LnX8MuSp1l39kMM2/+NmeihBnmktRAFjJw5NHIb6z435VpoltW3+Brs890SW/ghR7qLOAVhyIFxnel7W+KHNxinpQsVuEMIReIN6ZDCftA3NU3/Xf4/JRnBJcH9LcZ70BPEc4Wxs82sccWKX5TC8dRSpip1Cw0wafG7nBh3zO2Nrb2JNFwuwmijpG0DIFeeQxhjr7Si8r1bQ0EBFIXirnx+pVko0l+E9q78exFMGm0dec19HuZC5HtHIhG1Q4cMza4tx1mzEPR3DC7OSrQfCH3AW+TECf81C/7Op3/3BhyQehFnuslfrpaUYpkDi794L7V+4Krw5LXNBdrLkfIgir+MLAi7Q+aiDCk4dMgHByYsCsK2lgaQJ+EGAQhcSDHLBh1cX6azzzY3s8KH0sDBeTuhNVxRiR0fZk1jQsTydCAgUVzmLgzj6Gg6uaXcoJcpenEcBFhmtn/JCdlUb0+xmwZHvStuFtNxsquxrBrkO+VIEn21Nr71naImJMseL+FCaN6qCsP60sVIp8P7YNFpYZlBMGBGY/EaYKKrTPNIV6Aox0gOZL+drCJRTI3Tf7/RiUrHWf66ftBrbvr+suE5yUjbtatDd+XgbY0Ykoep8TUxfg6Ofz6QxnHa9FINx1QmgHtf/Z/OGrO8U0dLKqLauE8el4CUgXEqocRaCDQiFmwHwaPG+LGiKqxoyF00KmrjRdlTETHTtihhiJeiLN4SSrpDBJKEQZe0/c/tIczyoXz0AjTBXMEg8WPLrBok2WfkY59LidfPVv7eqn1mqqEgEfnMX93QLlWtLaF69TDSUvaSw/m7WZlkdI7gXpBohIx/
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 82510309-f7ff-4666-6080-08dcbac6ce51
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2024 12:03:40.7399 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9mWPFwd8pE6sT3of1PciVBK/Mk343HSEzrT5FVGA6HGELjYuY30rLONqKhYoaiuJX5lVegw07y22m+hoTytdLg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO0P123MB4154
Message-ID-Hash: TS75VKT7XP7V3WJODLZH5PPLV4S3WKWW
X-Message-ID-Hash: TS75VKT7XP7V3WJODLZH5PPLV4S3WKWW
X-MailFrom: Peter.C@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8yPGkPVKhLDU1cIc2h8Xl3kbdWQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Felix, I'm not completely sure I understand what you are suggesting, but I think it might not be quite as straightforward as that. In general, if the PQ KEM is not secure then the HS can fail to be indistinguishable from random: fixing the ECDH components of the hybrid key shares and choosing distinct PQ KEM component ciphertexts that encapsulate the same PQ shared secret will give the same HS. As an example, consider ML-KEM where the re-encryption check is skipped and malformed ciphertexts are never (implicitly) rejected. In that case, it is trivial to modify ciphertexts without changing the encapsulated shared secret, but I suspect it would be hard to reliably detect equivalent ciphertexts without having access to the ML-KEM private key. My guess is that this can be avoided if you assume that the PQ KEM satisfies something along the lines of ciphertext second preimage resistance from the X-Wing paper (https://ia.cr/2024/039) It is also entirely possible that I'm missing something obvious and a different part of the proof rules this out. Best, Peter > -----Original Message----- > From: Felix Günther <mail@felixguenther.info> > Sent: Friday, August 2, 2024 2:05 PM > To: Peter C <Peter.C@ncsc.gov.uk>; Marc Fischlin <marc.fischlin@tu- > darmstadt.de> > Cc: tls@ietf.org > Subject: Re: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt > > [You don't often get email from mail@felixguenther.info. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > Hi Peter, > > If your question is about what assumption the PQ KEM you still need to > make in case it's not IND-CCA secure anymore and you want to fall back > to [DOWLING] for the (EC)DH result, I think the answer is: none. > (Beyond ensuring unambiguous encoding of KDF inputs, as the draft > mandates through fixed-length shared secrets etc.) > > You would then be treating HKDF.Extract as a random oracle (which for > PRF-ODH security is the take-away from [ > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fia.cr%252 > F2017%2F517&data=05%7C02%7CPeter.C%40ncsc.gov.uk%7C56886bf3e45f4c > 711da808dcb2f3c83a%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0% > 7C638582007420625450%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7 > C%7C&sdata=%2BRlEU5oghUgBNo4lKyP5qIjVaARVHCq69n2P%2B50ZDMo%3 > D&reserved=0 ]), > where the IKM input is augmented with the (possibly > adversary-controlled) KEM shared secret. But the encoding would ensure > that the argument wrt. ECDH would still apply. > > Cheers, > Felix > > > PS: Sorry for the prior double posting; we were under the impression > that Marc's first email didn't get delivered to the list. > > On 2024-08-01 11:38 +0200, Peter C <Peter.C@ncsc.gov.uk> wrote: > > Marc and Felix, > > > > Thank you both for your replies. > > > > I can see how this will work for NIST P-256 and X25519 - it is > > straightforward to detect the equivalent public and adjust the > > output of the simulator accordingly - and I also agree that it is > > not a significant change to the PRF-ODH assumption. > > > > Have you thought how this transfers across to the hybrid key > > exchange in draft-ietf-tls-hybrid-design? Do you know what > > assumption, if any, you need to make on the PQ KEM to be > > able to reuse the argument in [DOWLING]? > > > > Thanks, > > > > Peter > > > >> -----Original Message----- > >> From: Marc Fischlin <marc.fischlin@tu-darmstadt.de> > >> Sent: Monday, July 29, 2024 4:40 PM > >> To: tls@ietf.org > >> Subject: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt > >> > >> [You don't often get email from marc.fischlin@tu-darmstadt.de. Learn why > >> this is important at https://aka.ms/LearnAboutSenderIdentification ] > >> > >> Dear all, > >> > >> Douglas and the other "TLS co-authors" discussed this briefly, but I > >> think that Douglas is offline for the next couple of days and asked me > >> if I could answer on behalf of the authors. > >> > >> It is indeed true that the PRF-ODH assumption, as stated, wouldn't be > >> comaptible with the usage of the x-coordinate. One needs to be a little > >> bit more careful in this case, disallowing the adversary to flip signs > >> of curve points. This has been done for example in a paper about the > >> security of Bluetooth which I co-authored, where the x-coordinate is > >> also used to derive keys. There we adapted the definition accordingly > >> (Section 4.1 in > https://eprint.i/ > acr.org%2F2021%2F1597.pdf&data=05%7C02%7CPeter.C%40ncsc.gov.uk%7C5 > 6886bf3e45f4c711da808dcb2f3c83a%7C14aa5744ece1474ea2d734f46dda64a > 1%7C0%7C0%7C638582007420635222%7CUnknown%7CTWFpbGZsb3d8eyJ > WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7 > C60000%7C%7C%7C&sdata=JMYMT3Tf5UyBBAFiV9fIQB3KKfMbmtBlubkPItW > YTZY%3D&reserved=0 of this Asiacrypt > >> 2021 paper). I don't think that this makes the assumption less > >> plausible, only more annoying to deal with in the proofs. > >> > >> We have also checked that with the modifcation above the TLS proofs goes > >> through as before, one only needs to repeat the extracted key in > >> executions which have the same x-coordinate (instead of the same DH > >> values as so far). > >> > >> Hope this helps to clarify. Let me know if you need more details. > >> > >> Marc Fischlin > >> > >> _______________________________________________ > >> TLS mailing list -- tls@ietf.org > >> To unsubscribe send an email to tls-leave@ietf.org
- [TLS] I-D Action: draft-ietf-tls-hybrid-design-10… internet-drafts
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Deirdre Connolly
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Douglas Stebila
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Deirdre Connolly
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Marc Fischlin
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Douglas Stebila
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Felix Günther
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Felix Günther
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Felix Günther
- [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design… Peter C
- [TLS] Re: [TLS]Re: I-D Action: draft-ietf-tls-hyb… Felix Günther