IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-hybrid-design

Martin Thomson <mt@lowentropy.net> Tue, 23 August 2022 00:40 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12519C157B59 for <tls@ietfa.amsl.com>; Mon, 22 Aug 2022 17:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gnimsMDl; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=v2H2k6Gn
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bAyPClr9ehh for <tls@ietfa.amsl.com>; Mon, 22 Aug 2022 17:40:13 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 565E5C14CF00 for <tls@ietf.org>; Mon, 22 Aug 2022 17:40:12 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id C45DF5C00DF for <tls@ietf.org>; Mon, 22 Aug 2022 20:40:11 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Mon, 22 Aug 2022 20:40:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1661215211; x=1661301611; bh=X3TZCXFZY+ LZVM1w/dWJqMBjno3zz+jG/RlsgQs0HVo=; b=gnimsMDl0HVe8psPgFgMLb076k Nzv49y7c6MKGN95T+9z693zJOmEfMSe3aKWiDbBLl1dkN4Pu9rkPQwIQSrAa3mgp 0Us0afObcd/8XtoM6FAoDhyt47/3jPzTr/mCETTL6XG+zjRj6UQTU7HTpuIn/L/0 0z8ulDo0s68eoBPQh/GyMG3KN7d3Fq+x7pcxvNpVY6S8rMJ2582BX/jDQ7hsh8kt lHrBDs4AkasYjyqjbwbpK8Z1d33K+UU+74aXulkrPgBkkZBzrOsMmFWVzc4+9jiH XT1wjNB5pa0LZLIb3mnnTKjG8sWdZi5b/DfzkhW/FjZSS+cJ23Y8eJvYr9Uw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1661215211; x=1661301611; bh=X3TZCXFZY+LZVM1w/dWJqMBjno3z z+jG/RlsgQs0HVo=; b=v2H2k6GnHpy2CtV9b2vVoLFcQBrC6gz3N9epyWysCrhl uWJ7/axFT/KCyIJZKD+YpIEdBJNWxO6Bxzya4U+HcIaRUqvpTkAeQuhzQvSh8G1n voa3Oe8dinNelLSjFDfMVZThehDQJhIUwHycb1LemwcjJJAXIYD2q3tf2aUKxllO lOfYP3qFR4rVmguTDiInYS5G2XJdeZebhZ0Hc/4/ZYRqtZ6kDic0xkGnTzzMmg5q 6kBoKKfnCB1dN9GFh3wOSwiUF3EDkf4DFwfuggYwryYdvz5ph27fRStWA0pUD+qZ TkFn0Vvr+rYxmHWj9Ds2AMsyUpDYMzBvR+uVbMtL0A==
X-ME-Sender: <xms:6yEEYw1UxPrbfdZSgeX7iKsqSE7RnuvE_sMIHQrG76U7yUthXYMuwg> <xme:6yEEY7GTDTMh3Jk88eaauWGlKIlz_gbUpPvwp3utPmZcVe8NFYvsui5Y3ao2vMQzC Xv7tLXRcGVb9nc7CrA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeikedgfeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:6yEEY45ABYyxVkCHZFS8S6MgTspCF6bf6HC7dCjKfBHjqfZpqvHRbA> <xmx:6yEEY518B0KX-QgQ6IJh7ztmKD1vTzmnDYSyIaORfwMYfTZMpro3iA> <xmx:6yEEYzHhJBpcrd7HEbXDgxCS7-cl2qYTWfCKRKZcr3GeHib66CDMfQ> <xmx:6yEEY3RTtAg5zmVOamm1D_8wNeMcuf08Inkj1xzAPjsezxBIYY7J9g>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 660B4234007B; Mon, 22 Aug 2022 20:40:11 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-841-g7899e99a45-fm-20220811.002-g7899e99a
Mime-Version: 1.0
Message-Id: <31cf9ef9-14df-40d1-aa61-1ff366b1f40b@beta.fastmail.com>
In-Reply-To: <9f513169-7b45-2be0-13fd-b8aa2d2a2280@amongbytes.com>
References: <27E9945C-6A0A-46DD-89F0-22BE59188216@heapingbits.net> <e43fc649-3fc6-333b-c44d-55de0627c710@cs.tcd.ie> <Ymz7yncQAnzmp/eL@LK-Perkele-VII2.locald> <38de10e6-ab3c-6ea1-44b7-57057c97e7aa@cs.tcd.ie> <CH0PR11MB5444D7D4F32F195FFB189C10C1679@CH0PR11MB5444.namprd11.prod.outlook.com> <320bb3ca-890b-45c9-b55f-f0d65bdce7be@beta.fastmail.com> <CAMjbhoXMb93+hy3jjHS=BnMekyoksSejEjJwpPHN967RAH_acA@mail.gmail.com> <9f513169-7b45-2be0-13fd-b8aa2d2a2280@amongbytes.com>
Date: Tue, 23 Aug 2022 10:39:51 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9ngh57mYc03ThhuC3XFbrBIpWug>
Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2022 00:40:18 -0000

On Tue, Aug 23, 2022, at 00:11, Kris Kwiatkowski wrote:
> As X25519 is not FIPS-approved, the lab won't be able to test it, 

OK, hypothetical question, but maybe an important one.

Why would a certification lab care?  We compose secrets with non-secrets all the time, so even if X25519 were replaced with a public value, as long as Kyber is approved, can they not proceed to certify on the basis of the strength of the Kyber algorithm and its implementation?

Or, more realistically, maybe the composition method can be approved, just as composing a secret with "chickenchickenchicken" can be rendered safe.  That way, composing with an arbitrary primitive might be considered safe if the composition method is approved.

v2.23.0 | Report a Bug | By Email