[TLS] Advancing draft-ietf-tls-hybrid-design

Douglas Stebila <dstebila@gmail.com> Wed, 07 July 2021 01:19 UTC

Return-Path: <dstebila@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 460943A1331 for <tls@ietfa.amsl.com>; Tue, 6 Jul 2021 18:19:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UwCMpnzKY8Xu for <tls@ietfa.amsl.com>; Tue, 6 Jul 2021 18:19:39 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE06E3A1330 for <tls@ietf.org>; Tue, 6 Jul 2021 18:19:38 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id q16so341992qke.10 for <tls@ietf.org>; Tue, 06 Jul 2021 18:19:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=rhGP7x4mlQokMNvcBK7WwitCOiFMwZgx7FqEjzzjFoo=; b=BSlp077wdAQhxMv/TbDF1i8vX+j1Hw85ABmtd5eZAQSFVcoll5CAEVu4PYmtiSWyb6 UQECHpMvKn47WCyazTiPBiC47LGicby7Pmvu6ouE+Ba1MyKl8Rlx0zmAsaQ+xY8wt+7W 5iCBcCkO0j4V7Ft1J/p4qtp3gSu4QW0f9cHssLmyewDgvlsU/PAwzNlOQDOxnn4CL8ep 7IuqABZqmjrN7LnFnPi3G8x+FEzZYwx6tP2JCYomw3svkkaO8w/kPHDyYpSNsu9hPjri cTokKGyAwCwi1pCk4Qrovpy1B6iS5fwE1/Xwgu8dqrT6wncXJUzY5owIdle40+ziuSWj pMdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=rhGP7x4mlQokMNvcBK7WwitCOiFMwZgx7FqEjzzjFoo=; b=J7xrBVlZ7yJlpWw2o7kNnsMCf5fmd8Q12xEuA8hTw08vtRzE3BvB+LlCnHh/GHKcci AXag8Kzufx9l2s0lpGfOAUne/S4XA+UTcYgxEtUN4QJthKtLc6M2I0YNyegswbNCpmuB fstGzF4hh3Uu+ASeire6Bw6zwYyeG2MjHQgGPe0YbCqLihQWyVK1tXZcjUU4IaUARB5G QcZ6N5iiZJDc2I6TaiIk35NBYVVWiHMbGnEH45cKFNSYMqw8Y2+7YFg5cWFBDAUECrac ZWYSnw5gFtCkvUknZHnFGpvuzcKyJHTpKm9DCfOcGho9kzoLpeF195pENaDheUHwHYgL m2Vg==
X-Gm-Message-State: AOAM5318jgeHz4KAXDxofwN0DSEPbzFiHey1C9wVk4K7YSwLWO+h2//1 XkgUIR6ZS33NCa7EkL/eUL8L68NmiWw=
X-Google-Smtp-Source: ABdhPJzHEb5w/zMyMIb86HXoLLqzVfHBL9h3l15tmhTKh7iL3P1Ef7n47DXdzZ0szRo5YrocvEUJqA==
X-Received: by 2002:a05:620a:12b2:: with SMTP id x18mr22566302qki.356.1625620777354; Tue, 06 Jul 2021 18:19:37 -0700 (PDT)
Received: from smtpclient.apple (cpe881fa12cf37b-cma84e3fc93e50.cpe.net.cable.rogers.com. [99.250.203.26]) by smtp.gmail.com with ESMTPSA id a8sm4111505qta.66.2021.07.06.18.19.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Jul 2021 18:19:36 -0700 (PDT)
From: Douglas Stebila <dstebila@gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Message-Id: <1DCCB8D8-F987-4A30-8084-06CE6FBCD507@gmail.com>
Date: Tue, 6 Jul 2021 21:19:35 -0400
Cc: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, Shay Gueron <gueron@amazon.com>
To: tls@ietf.org
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AQkbYoLucHiSxJlY2mK2HRJqizE>
Subject: [TLS] Advancing draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jul 2021 01:19:40 -0000

Dear TLS working group,

We wanted to see if there is any further feedback on our draft "Hybrid key exchange in TLS 1.3" (https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) and what steps are required for it to advance further.  We have not received any new feedback from the working group since we posted our last non-trivial update in October 2020.

The draft as written does not actually specify any post-quantum algorithms nor give identifiers for specific algorithm combinations, only the formats for hybrid key exchange messages and key derivation.  We have received a suggestion that the draft be updated to include identifiers for hybrid key exchange combining elliptic curve groups and the KEMs currently in Round 3 of the NIST PQC standardization process, so that implementations can begin testing interoperability using numbers listed in the draft, rather than relying on ad hoc lists for such purposes.  Is that something the working group would like to see, or would you prefer to leave it as it currently stands, without any specific algorithm identifiers?

Douglas, Scott, and Shay