Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Fri, 12 August 2022 19:24 UTC
Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24E3BC157B40 for <tls@ietfa.amsl.com>; Fri, 12 Aug 2022 12:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.907
X-Spam-Level:
X-Spam-Status: No, score=-11.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=cceC7mZ2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=lm1SNFWj
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vETcRmzDM6Po for <tls@ietfa.amsl.com>; Fri, 12 Aug 2022 12:24:12 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 661ABC157B43 for <TLS@ietf.org>; Fri, 12 Aug 2022 12:24:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2752; q=dns/txt; s=iport; t=1660332246; x=1661541846; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=nbs7faGRb+K1mTmbJO/1T8X+6i+Gua4HjGWP0E0aCVs=; b=cceC7mZ2yva+biXwMt1MLp5ay9vByIc8u97b+AJPcqws4ayEZ5w4B8P+ l+zsyNEU+fRgFmnIG1uTxlfSOTNTvd7A9I7DN54YS3FeOTBfLD1ya4MeO aHClgIQwo0wZsX8ec1R+Ca9ZTswIXyCGG/0i3r29ChUYHKvZXzCyj6PF7 E=;
X-IPAS-Result: A0DmAQBvp/ZimIMNJK1aHgEBCxIMQIFEC4FSUn9cOkWEToNMA4UvhQyDAgObToEsgSUDVAsBAQENAQFCBAEBgVODNAIWhGMCJTYHDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkUBwYMBQ4QJ4VoDYZCAQEBAQMSEREMAQESJgsEAgEIEQQBAQMCJgICAjAVCAgCBAESCBqCW4JuAzIDAZwYAYE/AoofeoExgQGCCAEBBgQEhRAYgjgJgREsgyWEX4dBJxyBSUSBFUOCZz6EHBAGFINUN4IumGwcOANFHkIDC1IICRcSEBACBBEaCwYDFj0JAgQOA0AIDQMRBAMPGAkSCBAEBgMxDCULAwUPDAEGAwYFAwEDGwMUAwUkBwMZDyMNDQQYBx0DAwUlAwICGwcCAgMCBhUGAgIYNjkIBAgEKyQPBQIHLwUELwIeBAUGEQgCFgIGBAQEBBUCEAgCCCcXBxMzGQEFWRAJIRYGDhoKBgUGEwMgRyYFRQ8oMgE1PCsfGwqBEioJIhUDBAQDAgYTAwMiAhAuMQMVBikTEi0HK3UJAgMiaQUDAwQoLAMJHgQcBwkiJj0FBV8SKgEEAxuaa4FrFjAwLZYsqzIKg1KgOxaoZpcAIKcPAgQCBAUCDgEBBoFnAYIOcBWDIlEZD44gDA0Jg1CKXnU7AgYBCgEBAwmIUYJHAQE
IronPort-PHdr: A9a23:k78noh1gP3Fmiw9UsmDPr1BlVkEcU/3cMg0U788hjLRDOuSm8o/5N UPSrfNqkBfSXIrd5v4F7oies63pVWEap5rUtncEfc9AUhYfgpAQmAotSMeOFUz8KqvsaCo3V MRPXVNo5Te1K09QTc3/fFbV5Ha16G16Jw==
IronPort-Data: A9a23:2P1z86DzrDxG3xVW/zfjw5YqxClBgxIJ4kV8jS/XYbTApDIq1mFVm mJJWmzVPfiDYGGnc40ja9zk9RhX6JGEnNIwOVdlrnsFo1CmBibm6XV1Cm+qYkt+++WaFBoPA /02M4WGdIZuJpPljk/F3oLJ9RGQ7onVAOunYAL4EnopH1U8GH570UgLd9MR2+aEv/DoW2thh vuqyyHvEAfNN+lcaz98Bwqr8XuDjdyq0N8qlgVWicNj4Dcyo0Io4Kc3fsldGZdXrr58RYZWT 86bpF2wE/iwEx0FUrtJmZ6jGqEGryK70QWm0hJrt6aebhdqmAkO8IcEF/knR2gQom+SnOBsz /t9jMnlIespFvWkdOU1Wh1cFWR1OrdLveaBKnmkusvVxErDG5fu66wxVwdtY8tBoaAuWjgmG f8wcFjhajiYiearwKi2UMFnh98oK4/gO4Z3VnRInGuJVad2HsiSK0nMzflXxS4WodhzJ/LbP M1ESmZOaRXicxIabz/7D7pnzLv32RETaQZwlHaujas6/2aVyxZ+uJD2LNfNetGMA8tchFyVo mbu9H+/HhoWct2SoQdp6VqlguvJ2Cj8Qo9XTfuz9+VhhxuYwWl75AAquUWTn9yFqG+BeNFkB WNT03A1rpgv82Kbd4yoN/Gnm0KsshkZUttWNuQ17gCR16bZizp14EBZE1atj/R76acLqSwWO kyhxIiwXGMx2FGBYTfMqOnL/Gra1T09dzdqWMMScecSDzAPSqkaihbCSL6P+4bq04WsQlkcL 912xRXSap0aicoNkq68512C2nSnp4PCSUg+4QC/soOZAuFROdPNi2+AsAWzARN8wGCxFQDpU J8swJD20Qz2JcvR/BFhuc1UdF1T296LMSfHnXlkFIQ7+jKm9haLJN4OuGgjeh0yaJ5ZJ1cFh XM/XysMtPe/21P3PcdKj36ZV6zGMIC5T42+D6CIBjawSsEoJFXvEN5Sib64hjCxzxdEfVAXM paAesHkFmcBFali11KLqxQ1j9cWKtQF7TqLH/jTlk3/uZLHPSL9YepVYTOmM7FihIvZ8Vq92 4gEbaOilU4AONASlwGKq+b/23hQcyhibX03wuQKHtO+zv1OQTh+VqCAnul8IeSIXc19z4/1w 510YWcAoHKXuJENAVzihqxLAF83YatCkA==
IronPort-HdrOrdr: A9a23:aOuqGq+2JqVD06zK77tuk+Fldb1zdoMgy1knxilNoENuHPBwxv rAoB1E73PJYW4qKQwdcKO7SdW9qBTnhNNICOgqTP2ftWzd2VdAQ7sSlLcKrweQeREWs9Qtr5 uIEJIOROEYb2IK9foSiTPQe71Lrbn3k5xAx92utEuFJjsaD52Imj0JbDpzZXcGIzWua6BJca a0145inX6NaH4XZsO0Cj0uRO7YveDGk5rgfFovGwMnwBPmt0Lm1JfKVzyjmjsOWTJGxrkvtU LflRbi26mlu/anjjfBym7o6YhMkteJ8KoMOCXMsLlVFtzfsHfqWG1TYczBgNnzmpDr1L8eqq iNn/7nBbU215qeRBDznfKn4Xie7N9n0Q6d9bbfuwqknSQ8LwhKU/aoQuliA0LkAgMbzaBB+b MO0GSDu5VNCxTc2Cz7+tjTThlv0lG5uHw4jIco/jViuKYlGchsRLYkjTVoOYZFGDi/5JEsEe FoAs2Z7PFKcUmCZ3ScumV02tSjUnk6Ax/DGyE5y4eo+ikTmGo8w1oTxcQZkHtF/JUhS4Nc7+ CBNqhzjrlBQsIfcKo4DuYcRsm8DHDLXHv3QSqvCEWiELtCN2PGqpbx7rlw7Oa2eIYQxJ93g5 jFWEMwjx9HR6svM7z64HRmyGG/fIzmZ0Wc9ih33ekKhoHB
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.93,233,1654560000"; d="scan'208";a="928098709"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Aug 2022 19:24:05 +0000
Received: from mail.cisco.com (xfe-rtp-002.cisco.com [64.101.210.232]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 27CJO4ld008358 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 12 Aug 2022 19:24:05 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 12 Aug 2022 15:24:04 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 12 Aug 2022 14:24:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dIVF+TmGyUhQfmZ/aAmcYB7lyQAn+2SItzsyMYhN6QzyKdJyMqfKA/Lm+TO3bboFSkz+f4qOiv7fPs4SHcLRtJ6ASHS/VWr0QWmIwiUWRQE8n/NeqMboIFucYvAJdBb7ZReKfnWop5Uu/jiwfdJgwPF53yHz1o+NfjudKmR7eNuSGMzb+VkfAHNXZy6629dRtcNkackUNZCADCxrPzdvwN/OgirnB+LOccVGnnLOgjyO7Vn+TjFAeipkXTPuVoR9W3v1cuA5btJeuuXDprlu6pP2Fs5SPOmSd7cT+rGOa1Jtph+UaO0H4fE3CUVbX4/5zGxjsUS2MvXk1XiaufsRcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nbs7faGRb+K1mTmbJO/1T8X+6i+Gua4HjGWP0E0aCVs=; b=E+twyR3OklA2MUUpM6uCxtv9dITOelgeRsNdvKQGbAO4NSri9+LIR8dwX72ez+1zC1gg1qnyC4BVOg8PXVgCTsrlsP4dYWQW/tGk0R9dZfTYuVc+xTPrhcZRNsiLaoRdDUweU9MLjcp+fFI4vRZdmc5mvEyUZZ4By2JlKH9pz999OZ6IJ+rkaZIOey1J9Ydh/AfMgN7lxDOZOEACBOIA2aqGEnELFTmM30rRR0cRR8UiZZaM/FWwMbN1O+CmQVnQF5vT2SPwStZWOboMQrZbhdLDBOWhsI1mia+36kjjuEKN2BrJNHtQD9efqY81ltOVmYMJ6/WflKBxK++9xm1a9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nbs7faGRb+K1mTmbJO/1T8X+6i+Gua4HjGWP0E0aCVs=; b=lm1SNFWjyVlUUTlJWlck9i6C5Ls+P9ZvKfmcuCCU0rwz2efIDbEO5rudqZKaFEuQpqCnXk0BukYzq1wasb3Gqn2NGs1/mASXZjxv59NZLTa7zrOYTt8aYMrlRtjmQfNa8UW/JawCn4LhAc9gduEMJdHR61kF7yn4IPSCvOfb8rc=
Received: from CH0PR11MB5444.namprd11.prod.outlook.com (2603:10b6:610:d3::13) by SA1PR11MB7038.namprd11.prod.outlook.com (2603:10b6:806:2b3::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.23; Fri, 12 Aug 2022 19:23:58 +0000
Received: from CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::ec97:3894:f9f9:ff0a]) by CH0PR11MB5444.namprd11.prod.outlook.com ([fe80::ec97:3894:f9f9:ff0a%3]) with mapi id 15.20.5504.025; Fri, 12 Aug 2022 19:23:58 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: [TLS] WGLC for draft-ietf-tls-hybrid-design
Thread-Index: AQHYWkuBuMztUErONkCS/S1i+5V10q0HnNsAgKSkftA=
Date: Fri, 12 Aug 2022 19:23:57 +0000
Message-ID: <CH0PR11MB54440FD736A9F3BCF09F2272C1679@CH0PR11MB5444.namprd11.prod.outlook.com>
References: <27E9945C-6A0A-46DD-89F0-22BE59188216@heapingbits.net> <e43fc649-3fc6-333b-c44d-55de0627c710@cs.tcd.ie>
In-Reply-To: <e43fc649-3fc6-333b-c44d-55de0627c710@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fe4ba7ef-8f8c-4d5c-ea3c-08da7c983447
x-ms-traffictypediagnostic: SA1PR11MB7038:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NxLb7I0bzWedval+cWmBjAyX9KovI1HVUrbKAYWyvQZa+knYx/OwHDlItifv2lqypJsv0vlnGp5V5KatYbrgMytCrQw3ofEuy3NdWtG/dnQLUHOzARZMdO+Qqbr6PFCQ8SMt9y5v1MBOEDWYF8w4AamUnwt4F3CulgoltcsWY4uKT1lBcZHR6/2ReWMbrjdYEx7hvY24vkLBVZ4aE/fM0DmfNBzfkLPMcVEitgCmiSgeM4tdP+qJtN/GEhQs+5ywddyqXnUHmRMYyapARbRnOd9D92OW/vZz/ZR4d9LHefXH23BbuUlxh1rth4o6WIw3GfyBnBCBIJcgGxI0hqimpauVq4L7sVhAFnFg023zt+usa/64OrdDnGINS2yIncoQn8WTHDAZXqFbSJ4mZuJqSzUTD6UkZne0zBfzimDnDH15YUjHWkEFevLrAn2lbcONs62ov17Bsph4sx7c/s4KLR+H+ZJdENSgf+M2mnvjzv67qSpXRgbSWcHnadG0NzYmtOkYRmJzWf8cOEhudXsO8zWxO5ur3Tz8nHCExya47ZsXvqrKS6D3AtBzAzJDHmh8w6/5ow4EV11m1UXIyryArjXFnzuMMM4jwbQxCOB3pWxXikdYcvGZpk1mO/veCgPft/Ps5lE5oMJD3Wip/TMnAqqf6HdlxsCXLlDzHqkNf2oo2CUabbl+NZGvm/DH2U45v/wQK+hz5v8qcpCv+LAoF+v1gLHbAvtd806vb9dXfgSzqgszxdFRPGXQaA9uFhaPenLU+gLzh6NeNVimKtkwHUxkGv5OYelA0JCRAElTw4W0Q+Fv27ma7lmRLebQEu2r
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5444.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(346002)(376002)(39860400002)(366004)(136003)(71200400001)(9686003)(41300700001)(186003)(2906002)(110136005)(33656002)(26005)(66476007)(66556008)(8676002)(66446008)(64756008)(38100700002)(66946007)(296002)(316002)(86362001)(122000001)(6506007)(83380400001)(53546011)(7696005)(478600001)(5660300002)(55016003)(8936002)(38070700005)(52536014)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yNStq5HTnEh8WKUafrTG5FLbl/vrSEGEKby9YtSrGxHBHFKRCRNok++Bts8ylIRPKnGJPy/7KQdtsvRGmk4knEl3g5dtUcLsgSB3ij7m0pRpSY7mvURfaX1OLD0ZhNJwiA9GxyoU8aYjrtGFMsVQ94MJrCh7Izn1V7FGRFdeTwvKXUiC7wBuk5qcKqNeDd+M9OJqP584kizfBg3bYRHtlYx901UizDdgDq/NfZjrfbbVUNDwTPSc0JH+uVaiotVZ7dPe7rjBK1pil+u3Fw+GQPDjR7I0Qhel9yrdY8jPsUn2XtHa+fzMkQKXWhpKjZNhGZAEjPUU2+mBx0qnQyhnn3J3RRuZCJ13n20XsUWMbmtxs/ozCqv7wqvngAwPp9tDvbLIozKJTgaBJP1LNPBQaqcKf3xJ6Ttm6iYqPVYIXZQ24USFYjTc0NVRllX7DZ7aZJdHiN5iQxRRKC+25VEmZYR6C8eitjl8+LvY1J9J4MpW8jWTxYe2LxmhawGy1OVU6wDT2/qwFwHa/2dq/WDggfNzkPIcRkxzltjCXCBzq48Lo9i6rxXhUu7rZg6GGs24iE3LCk1wg/rCFxIvngy1avAruTj6R+ccmkhLCo0xEDwfBVNVpSPTykXlRZBAc77KIGXfycdE54ez/uA+e1qZe5fOfX8v5X4k54AOCDOyC2pIvXUNNrdhErsPTM9TFVai4PCR97E+0RmRk6NnHPd9C9cWa1Lt76FqkNnzt3AJLAIHRurVsNStSOqVEegbZOp5UUQz1NhRRPm8sduFtoGFwMoLdgK9i1cHYkyqDIsJgES9b2mTR8p1iV4nF1/lpGPzTSBy79qOp089SHJtPGp6hyXUL2ycJVVsiR8Tb0UEc7FgB/68ozg+mV5uah5x0a5Gj2IBRToOAd0dtaB0gJxd99c1r90E8+rwwA1WM37+/9G/ZO80ZOFzynhTi+qpKvX9ykyQcttwqwLQTRcaC/HYXUU4EaTGtE1R0r1q4yXcg3yCSOJOie+3qZcar6k+JPwfNpXJ4veTg06+1HfsPnKW1C6JjcAvgU7bAX3qnIZzmObWUpufg+1sgVvnP4tdW6zFLbngG+W6cSz8Sr0HRK23LvNd8h6UOnvEx4f6sv/Eb0WU91tNMxNKxuS+3pmrhm1TtsbW2yh0/RsnbjQdLGR+7vSeC7gGueZKxxSvxYxI3ZQJxvgxCJNOdrQ6s8dndYLuRvLfhlw/fnWRLfu3PWdCy+pbnrfMq+tepvlOWpCrhkw1uq8q/58F0wfsyk1M/B8WaRayHs18JDkXv4oslH2Xr4sFbCJRR91t3Naxr1NfBAZXfPeuxHY+edyjwP/VyBwBxwjRqxedWNJ0IxanADFcaRo/dm/l9iWsimu9CvdqITojWOpJojx7pB4x1mTGa1ctcDf/Q0I7L4O8pmBjHm6N/u6yTxxhBrfS83gXJOI1Kqd6EvhyyjoP0wq5H0THaM+cMQtH566c6a+RCdM+vFIxo8v2aaU3NX4+SWVPPQYxF5lTGN3PJM8H/omx1+7c0HhToe/wz7P6Es/v7BCuCTVIVipNmFp1mNZlXrg+msytNV3dkI3//WEWSmOA6YV/c3bM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5444.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fe4ba7ef-8f8c-4d5c-ea3c-08da7c983447
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Aug 2022 19:23:58.0191 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Dcby4UJojW38XHkRMlqYMl9zK/5Xmwvq3Z62Rbu5r/pIHMP+blt1JQPeFqkiVDMxvGV7GaPYCOCca5VzD75Vdg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB7038
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.232, xfe-rtp-002.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/A7-_ZoKDF9g90KJ5d6wiBJJ_MbM>
Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 19:24:17 -0000
Again, responding to old emails... > -----Original Message----- > From: TLS <tls-bounces@ietf.org> On Behalf Of Stephen Farrell > Sent: Friday, April 29, 2022 8:25 PM > To: TLS@ietf.org > Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design > > - section 2: if "classic" DH were broken, and we then depend on a PQ-KEM, > doesn't that re-introduce all the problems seen with duplicating RSA private > keys in middleboxes? If not, why not? If so, I don't recall that discussion in > the WG (and we had many mega-threads on RSA as abused by MITM folks so > there has to be stuff to be said;-) Actually, unless the client uses a PQ-KEM private key permanently, no one can do a MITM. It is similar to Diffie-Hellman; the client picks a key share; the server picks a response key share; the both derive the same shared secret. The draft allows (but does not encourage) the reuse of KEM private values (and while it must limit the reuse to what the specification of the KEM allows, in practice, that's not a restriction). Should we modify the draft to forbid reuse? Kyber public/private key generation is fast enough to make this practical. Looking through the TLS 1.3 RFC, I don’t see any text addressing the reuse of ECDHE private values; is that implicit by the definition of DHE? I do see in the text "If fresh (EC)DHE keys are used for each connection, then the output keys are forward secret."; that wording would imply the possibility of not using a fresh (EC)DHE key for each exchange... > > - similar to the above: if PQ KEM public values are like RSA public keys, how > does the client know what value to use in the initial, basic 1-RTT ClientHello? > (sorry if that's a dim question:-) If the answer is to use something like a ticket > (for a 2nd connection) then that should be defined here I'd say, if it were to > use yet another SVCB field that also ought be defined (or at least hinted at:-) Actually, it's the client that selects the KEM public key.
- [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Nimrod Aviram
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design David Benjamin
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Nimrod Aviram
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Douglas Stebila
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Russ Housley
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Florence D
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Jonathan Hammell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kampanakis, Panos
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kampanakis, Panos
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Scott Fluhrer (sfluhrer)
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Christopher Wood
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Salz, Rich
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Stephen Farrell
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Sofía Celi
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Martin Thomson
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Kris Kwiatkowski
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Bas Westerbaan
- Re: [TLS] WGLC for draft-ietf-tls-hybrid-design Ilari Liusvaara