Re: [TLS] TLS Digest, Vol 223, Issue 7
Duke Abbaddon <duke.abbaddon@gmail.com> Thu, 09 February 2023 01:31 UTC
Return-Path: <duke.abbaddon@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E6BC151541 for <tls@ietfa.amsl.com>; Wed, 8 Feb 2023 17:31:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.096
X-Spam-Level:
X-Spam-Status: No, score=-0.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwfSDkeRgNa1 for <tls@ietfa.amsl.com>; Wed, 8 Feb 2023 17:31:00 -0800 (PST)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4833C14CEFE for <tls@ietf.org>; Wed, 8 Feb 2023 17:31:00 -0800 (PST)
Received: by mail-qt1-x829.google.com with SMTP id g7so416935qto.11 for <tls@ietf.org>; Wed, 08 Feb 2023 17:31:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OodzRmojeMLhbb8a6dCEr0ILYmIjuTtgVooiAfSOQ84=; b=aQpDS1GFHBfKof9rY+gxc/jPvlRcRDuqPv9kz/0WTHPxcNq+NAuhKUf4ns/EBeJL4R SULKSrsC8B1kCZrIF5Arp0+Dq67HrJmzRJf0sOT/yK1BkpmP4YTeeXV50SOheiOL+6SH VKMUg+ptLuIox02k0wwVwMX2HPquOn7qb0Vv+aSllCSl8absjmpuT12xOYet97g23EqI QWrNx5EkIc9kiKQ/ouOSH40TbZQa7Q1IkQOrGmrCK7nCvp2ukWVYtLqQwb1ma6gzEdmi Q1XPkBTicMw6rsnqCK2ms5bi95lsEmSkPZiyQ0wz/3mh03f0WyNUIVJS5M2317LNwK34 sOXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OodzRmojeMLhbb8a6dCEr0ILYmIjuTtgVooiAfSOQ84=; b=QwzLMX90yueb2kfIvjQ/tfnSTLH/8uLteBLbtKPlyreTUGyFbedWc/EqNr0IXomow8 i0JoOr0W9gZfaAckfqZHZLMWNbDNZ0Y8EEFWXKX8dUGqgKtx4B0V1ibwMcCf4z5JbWAX mGtf+viOxhkb5Kzst15ucyQLDl4WwmwhkM5b/p/Wu1ecTQCgLIkeFfz9c+wGRittCwqM PBan7P6uvc4frGLoJcSKE9rjVr7k/40aXn2lM8lPMldRORA9q7hnM8/L4ns9oDjM+CDp k1Ruebz88WOc5YUfKaJQKqQtpeOnkBS6FK9GUNw6a6EPdedcnlBcNde9zXdvZ9Cu1Mmz Fejw==
X-Gm-Message-State: AO0yUKVsR1isS2ntaJf06vaQcLpBLCdSc5MPgd1HTg9fPFFczN0XMLC+ 1sUmhFja/aWDFiD/QPlAFakt14JAoH+A6YI8/6iRdd3LLnjSGg==
X-Google-Smtp-Source: AK7set//4sMZG3stkoVwDZZPmJ8NjbNLUQ7N9LbTTJvNTU5Yo2kL/wKvBLwOjw/O2kkgSloKQa75dhSQ+c3h65ayQWs=
X-Received: by 2002:a05:622a:214:b0:3b6:3a22:812c with SMTP id b20-20020a05622a021400b003b63a22812cmr1981529qtx.96.1675906259553; Wed, 08 Feb 2023 17:30:59 -0800 (PST)
MIME-Version: 1.0
References: <mailman.111.1675886404.33753.tls@ietf.org>
In-Reply-To: <mailman.111.1675886404.33753.tls@ietf.org>
From: Duke Abbaddon <duke.abbaddon@gmail.com>
Date: Thu, 09 Feb 2023 01:30:55 +0000
Message-ID: <CAHpNFcOedRibyjaAUTMhkLK0-wqMGvbUG7qyR68On0E3vnexfw@mail.gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IxEjNAboIQ2qxmmTkEJt2H7UZ1w>
Subject: Re: [TLS] TLS Digest, Vol 223, Issue 7
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2023 01:31:05 -0000
Dual Stack Single Load OpenCL for Certificate level TSL Computation & Service (c)RS Header Acceleration further improves security because frequently the header contains information such as compression, To compress & accelerate the header separately I suggest 2 things: The header needs to be done first, group decryption can be done by packet group, The header is there aswell, Firstly the CPU could handle the header; It is small, Secondly the PNE could handle the group and load the header first; After all on loading a Texture the header is an important first load but can be done in the same GPU Thread & on the same CU, For example The [Header] [Compression data set] [The Main Data] Having enough Cache could load the work on a single CU & with OpenCL & a library like : Crypto Libraries https://github.com/miracl/core https://github.com/jedisct1/libsodium I have little explanation of how ARM Crypto Extensions work on that front, But like my work : https://science.n-helix.com/2022/03/ice-ssrtp.html Dual Load ing with nonce; So i can see a PNE loading this in a group data set; Like NVidia Tensor Core loads for AntiVirus, The same concept stack as AV on GPU, Or perhaps not? Serving a dual Stack; Single load object would cost a small data set but considerably improve Cyber Security on HPC Data. (c)Rupert S https://science.n-helix.com/2022/03/ice-ssrtp.html Code Speed https://science.n-helix.com/2022/08/simd.html https://science.n-helix.com/2022/09/ovccans.html Chaos https://science.n-helix.com/2022/02/interrupt-entropy.html https://science.n-helix.com/2022/02/rdseed.html https://science.n-helix.com/2020/06/cryptoseed.html sRTP Chaos Nonce: Certificate transactions; TLS & OCSP Security Protocols https://datatracker.ietf.org/doc/rfc8954/ RSA-PSS RSASSA-PSS is a probabilistic signature scheme (PSS) with appendix RSAES-OAEP (Optimal Asymmetric Encryption Padding) https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html https://www.rfc-editor.org/rfc/rfc8017 https://www.rfc-editor.org/rfc/rfc5756 PSK: Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode https://datatracker.ietf.org/doc/rfc5487/ https://datatracker.ietf.org/doc/rfc8442/ https://datatracker.ietf.org/doc/rfc9258/ Nonce & Plaintext, Token & SequenceID (Bearing in mind that ICE-SSRTP Nonce is compatible) https://www.ietf.org/id/draft-howard-gssapi-aead-01.txt AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption https://datatracker.ietf.org/doc/rfc8452/ Adding the nonce to GMAC makes GMAC's unique : ICE-ssRTP https://www.zerotier.com/2019/09/04/aes-gmac-ctr-siv/ https://www.rfc-editor.org/rfc/rfc5297#page-15 AES-GCM SRTP https://datatracker.ietf.org/doc/rfc7714/ AES-CCM https://datatracker.ietf.org/doc/rfc6655/ Lightweight Cryptography https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf https://www.scitepress.org/papers/2014/49006/49006.pdf Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight Cryptography Requirements https://scholarworks.calstate.edu/downloads/k0698968b TLS 1.3 on Lightweight Crypto https://eprint.iacr.org/2023/095.pdf Computation of Hilbert class polynomials and modular polynomials from super-singular elliptic curves https://eprint.iacr.org/2023/064.pdf Super-singular Elliptic Curves for ECDHE EEC PQC - Deuring for the People - Supersingular Elliptic Curves with Prescribed Endomorphism Ring in General Characteristic - 2023-106 https://eprint.iacr.org/2023/106.pdf The Security of ChaCha20-Poly1305 in the Multi-user Setting https://eprint.iacr.org/2023/085.pdf Verification ECDHE ECDHE Grotto, framework & C++ library for space- & time-efficient -party piecewise polynomial 'i.e, spline' evaluation on secrets additively shared over, Grotto improves on the state-of-the-art approaches of DCF 2023-108 https://eprint.iacr.org/2023/108.pdf AES-NI Compatible Ciphers : AES, ARIA, CLEFIA https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-cipher-catalog-01#page-3 CLEFIA : Large size table, Pure function https://datatracker.ietf.org/doc/html/rfc6114 ARIA : Random is a big+ to anonymity bit 128Bit's of data https://datatracker.ietf.org/doc/html/rfc5794 ARIA is conformant https://datatracker.ietf.org/doc/html/rfc6209 ARIA SRTP https://datatracker.ietf.org/doc/html/rfc8269#page-14 Post Quantum: Verification of Correctness and Security Properties for CRYSTALS-KYBER https://eprint.iacr.org/2023/087.pdf Verification of the (1–δ)-Correctness Proof of CRYSTALS-KYBER with Number Theoretic Transform https://eprint.iacr.org/2023/027.pdf A Practical Template Attack on CRYSTALS-Dilithium https://eprint.iacr.org/2023/050.pdf NTRU, Kyber Hardware Acceleration - Gate-Level Masking of Streamlined NTRU Prime Decapsulation in Hardware 2023-105 https://eprint.iacr.org/2023/105.pdf Compact TLS 1.3 https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/ DTLS 2023 https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ TLS 1.2 https://datatracker.ietf.org/doc/rfc5246/ https://datatracker.ietf.org/group/tls/about/ https://blog.cloudflare.com/post-quantum-for-all/ Network Time Protocol Version 4: Protocol and Algorithms Specification https://datatracker.ietf.org/doc/rfc5905/ https://science.n-helix.com/2022/01/ntp.html Securing TLS https://is.gd/SecurityHSM https://is.gd/WebPKI Crypto Libraries https://github.com/miracl/core https://github.com/jedisct1/libsodium About Circl library https://github.com/cloudflare/circl https://blog.cloudflare.com/inside-geo-key-manager-v2/ FPGA & ASIC Libraries https://si2.org/open-cell-library/ Model & Create S-Box (AES & ARIA & CLEFIA S-Box Modeling) AES & ARIA & CLEFIA S-Box Modeling - Advanced Crypto Algorithms - Modeling for Large S-boxes Oriented to Differential Probabilities and Linear Correlations (Long Paper) 2023-109 https://eprint.iacr.org/2023/109.pdf ***** ((network server)Effectively Improves Phone & network SSL Connectivity & thus +security) (good for telecommunications networks) (TLS) My files are all verified by virustotal & are signed anyway! https://is.gd/SecurityHSM https://is.gd/WebPKI TLS Optimised https://drive.google.com/file/d/10XL19eGjxdCGj0tK8MULKlgWhHa9_5v9/view?usp=share_link Ethernet Security https://drive.google.com/file/d/18LNDcRSbqN7ubEzaO0pCsWaJHX68xCxf/view?usp=share_link On Wed, Feb 8, 2023 at 8:02 PM <tls-request@ietf.org> wrote: > > Send TLS mailing list submissions to > tls@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/tls > or, via email, send a message with subject or body 'help' to > tls-request@ietf.org > > You can reach the person managing the list at > tls-owner@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of TLS digest..." > > > Today's Topics: > > 1. Packet number encryption negotiation (Boris Pismenny) > 2. tls@ietf116 (Sean Turner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 8 Feb 2023 09:25:07 +0100 > From: Boris Pismenny <borispismenny@gmail.com> > To: quic@ietf.org, tls@ietf.org > Subject: [TLS] Packet number encryption negotiation > Message-ID: > <CAKJMo+ttNyyTOhKg99k9HEgFCCZfR-yY_GeQ-ot6_09U1T3LPw@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello, > > I work on NIC hardware acceleration for NVIDIA, and we are looking into > QUIC and DTLS1.3 acceleration. QUIC and DTLS employ packet number > encryption (PNE) which increases security. At the same time, PNE > significantly encumbers hardware acceleration as I?ll explain next. > > For hardware to encrypt the packet numbers, there are two options: > > 1. > > Feed the header back into the encryption machine after data has been > encrypted. This means storing and forwarding data, higher implementation > complexity, and greater bandwidth requirements on the single encryption > machine. > 2. > > Adding an additional unique pipeline stage dedicated for header > encryption. > > As you may already know, this is not hardware friendly and for this reason > many vendors will likely refuse to pay the cost of supporting this. But > suppose a vendor does implement this feature, one problem still remains. > PNE will still cause noticeable latency and performance degradation for > high speed networks (think >400Gbps). > > Now, in certain use-cases, such as high performance computing, cloud > computing, or data-center clusters?the security benefits of encrypting > headers are marginal compared to the latency imposed by PNE. Would it be > possible to consider letting these users negotiate to disable PNE and by > doing so benefit (more) from encryption acceleration? > > Best regards, > > Boris > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <https://mailarchive.ietf.org/arch/browse/tls/attachments/20230208/97b7b824/attachment.htm> > > ------------------------------ > > Message: 2 > Date: Wed, 8 Feb 2023 13:24:53 -0500 > From: Sean Turner <sean@sn3rd.com> > To: TLS List <tls@ietf.org> > Subject: [TLS] tls@ietf116 > Message-ID: <CE338376-0377-4441-8B61-1BCF59868179@sn3rd.com> > Content-Type: text/plain; charset=us-ascii > > The TLS WG will meet at IETF 116. A 2 hour slot has been requested, but not yet scheduled. The chairs would like to solicit input from the WG for agenda topics. Please send your agenda topics request and an estimate for how much time you will need to tls-chairs@ietf.org. Please note that we will prioritize existing WG items. Please also review the guidance for TLS WG presenters that can be found at [1]. > > Cheers, > Chris, Joe, and Sean > > [1] https://github.com/tlswg/tlswg-wiki/blob/master/FAQ.md > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > ------------------------------ > > End of TLS Digest, Vol 223, Issue 7 > ***********************************
- Re: [TLS] TLS Digest, Vol 223, Issue 7 Duke Abbaddon