IETF Logo Mail Archive

Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

"Kampanakis, Panos" <kpanos@amazon.com> Sat, 01 April 2023 02:12 UTC

Return-Path: <prvs=448cdc632=kpanos@amazon.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E731C14F74A for <tls@ietfa.amsl.com>; Fri, 31 Mar 2023 19:12:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4kCaDQoYauc3 for <tls@ietfa.amsl.com>; Fri, 31 Mar 2023 19:12:22 -0700 (PDT)
Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BD66C14F748 for <TLS@ietf.org>; Fri, 31 Mar 2023 19:12:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1680315142; x=1711851142; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=5E1Oph6CA90A6wKYnUx1yhb7bSaVkt8Mxaia4DzmJjs=; b=eMObdMfLBEY/+EjF0CpgFm4Q2gODGHvSCAybe0sw43O/GGaIVBJjxj5c j8yPc2u7NweahFjHvsB4VbjUh/byUqyHJBkZKBefG0Y5+W8QmH/aKLwYI WLZcEUlv2+KdwKoNjNX4Mf4ci/hQXGKcjIM0B0Y34j+WSa/vUNeZlK12H w=;
X-IronPort-AV: E=Sophos;i="5.98,308,1673913600"; d="scan'208,217";a="324966271"
Thread-Topic: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-617e30c2.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-9102.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2023 02:12:17 +0000
Received: from EX19MTAUWB002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1a-m6i4x-617e30c2.us-east-1.amazon.com (Postfix) with ESMTPS id D857F6165C; Sat, 1 Apr 2023 02:12:15 +0000 (UTC)
Received: from EX19D001ANA002.ant.amazon.com (10.37.240.136) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Sat, 1 Apr 2023 02:12:15 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA002.ant.amazon.com (10.37.240.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.26; Sat, 1 Apr 2023 02:12:14 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.026; Sat, 1 Apr 2023 02:12:14 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
CC: "TLS@ietf.org" <TLS@ietf.org>
Thread-Index: AQHZYs5/7OCQ4dbfik+hWmoMpaoar68Vky6AgAACKACAACGbwA==
Date: Sat, 01 Apr 2023 02:12:14 +0000
Message-ID: <f5a908760487460c8901c1d037bfbcdc@amazon.com>
References: <FBE87FDA-A407-4DC8-A2E8-F39AB475C87B@heapingbits.net> <ZCUn1XDExUwMz0YC@LK-Perkele-VII2.locald> <CAMjbhoUGDUbUdZ3yNB6mEn0Ztm9-TLW21WUPrn=g2Mw_bz_Row@mail.gmail.com> <CAMjbhoXL7-QUE20w+OMJAuEJw=Bdz2Ubf9m6vQxxtkTzSRGEdA@mail.gmail.com>
In-Reply-To: <CAMjbhoXL7-QUE20w+OMJAuEJw=Bdz2Ubf9m6vQxxtkTzSRGEdA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.106.239.32]
Content-Type: multipart/alternative; boundary="_000_f5a908760487460c8901c1d037bfbcdcamazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EJWOpQR4dZu2jumPSmJvSkj19uc>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Apr 2023 02:12:26 -0000

Hi Bas,

I prefer for the MTI to be P-256+Kyber768 for compliance reasons.

It would be trivial for servers to add support for both identifiers as they introduce Kyber768, but you are right, the new draft should include an MTI identifier.


From: TLS <tls-bounces@ietf.org> On Behalf Of Bas Westerbaan
Sent: Friday, March 31, 2023 8:04 PM
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: TLS@ietf.org
Subject: RE: [EXTERNAL][TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Regarding additional key agreements.

For the (public) web it would be best if we can agree on a default key agreement. If one half uses P-256+Kyber768 and the other X25519+Kyber768, then clients will either HRR half the time or need to send both. Neither are ideal.

Obviously this point is moot for internal networks. So I do not oppose specifying additional preliminary key agreements, but I do not like to actively support it. What about specifying further preliminary key agreements in yet again a separate draft?

Best,

 Bas

On Sat, Apr 1, 2023 at 1:56 AM Bas Westerbaan <bas@cloudflare.com<mailto:bas@cloudflare.com>> wrote:
The draft draft-tls-westerbaan-xyber768d00-00 references
draft-cfrg-schwabe-kyber-01, which has a number of annoying mistakes,
since fixed in editor's copy.

And then, the correct reference for X25519 is probably RFC7748 instead
of RFC8037...


Really quick and dirty way to fix this would be to publish editor's
copy as draft-cfrg-schwabe-kyber-02 (or if CFRG adapts quickly, the
RG-00), and then publish draft-tls-westerbaan-xyber768d00-01, fixing
the references.

Thanks, done. Posted -02 of both the Kyber and Xyber drafts.

Best,

 Bas

v2.23.0 | Report a Bug | By Email