[TLS] Mail regarding draft-ietf-tls-mldsa - Small Editorial items
"Appel, Ryan" <ryan.appel@bofa.com> Fri, 23 May 2025 21:45 UTC
Return-Path: <ryan.appel@bofa.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 23FA82C71E2D for <tls@mail2.ietf.org>; Fri, 23 May 2025 14:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.133
X-Spam-Level:
X-Spam-Status: No, score=-4.133 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=bofa.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IDQOGzXfS1TN for <tls@mail2.ietf.org>; Fri, 23 May 2025 14:45:34 -0700 (PDT)
Received: from bankofamerica.com (rchemail.bankofamerica.com [171.159.227.167]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4EB4E2C71E26 for <tls@ietf.org>; Fri, 23 May 2025 14:45:34 -0700 (PDT)
Received: from vadmzmailmx07.bankofamerica.com ([171.182.203.234]) by lrcha0mzxepmx02.bankofamerica.com (8.17.1/8.17.1) with ESMTPS id 54NLjXvP041319 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <tls@ietf.org>; Fri, 23 May 2025 21:45:33 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bofa.com; s=corp2202; t=1748036733; bh=oPKmeZSWZYfqoRScozQl2kcBIen8bLmMUi9aQ3ApAvo=; h=Date:From:Subject:To; b=SVTQDCa7SWL9wUi/FN+Rh8mmJv6OQ4XS0exWZp2wXsGSFPm6Y/kDADJM5MwusLOhs tsbwB1GuABywXxgoYQlsdcUx+kW33YfO1BrhIhwSHhpYBd4aKkTBsqSr9tewMtLCHS QfKg7xDrB7VmTedEsFD41Yqepg6j85DFnINfJYXIcjhwWgsfYTFqAG1XnRg3qTpSh4 wnQhE+vJmLNFAkmKR/0iEG+z648ZNrZBGYn9ak3RPAVN9jiUsI8wfw/1KpD5Cvskp2 bjIiC6YjhNOu4vzb/x3RNsueK5gyW+F59ArK38XGCYUQHExIo+ghzkk4Be/isBankh Vg50dmJBepStw==
Received: from ltwppra01.sdi.corp.bankofamerica.com (ltwppra01.sdi.corp.bankofamerica.com [30.102.120.35]) by vadmzmailmx07.bankofamerica.com (8.17.1/8.17.1) with ESMTPS id 54NLjXd5020247 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO) for <tls@ietf.org>; Fri, 23 May 2025 21:45:33 GMT
Received: from pps.filterd (ltwppra01.sdi.corp.bankofamerica.com [127.0.0.1]) by ltwppra01.sdi.corp.bankofamerica.com (8.18.1.2/8.18.1.2) with ESMTP id 54NKP0uq027257 for <tls@ietf.org>; Fri, 23 May 2025 21:45:33 GMT
Received: from ahp-cmta-rdn-01.sdi.corp.bankofamerica.com (ahp-cmta-rdn-01.sdi.corp.bankofamerica.com [30.28.248.18]) by ltwppra01.sdi.corp.bankofamerica.com (PPS) with ESMTPS id 46rx6tgx0d-21 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <tls@ietf.org>; Fri, 23 May 2025 21:45:33 +0000
Date: Fri, 23 May 2025 21:45:32 +0000
From: "Appel, Ryan" <ryan.appel@bofa.com>
X-Originating-IP: [30.176.133.37]
To: "tls@ietf.org" <tls@ietf.org>
Message-id: <9dd756034dd942abaaf302ef594d493d@bofa.com>
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_QFO6WkJVKOii8TfxpnI9mX)"
Content-language: en-US
X-MS-Has-Attach:
Accept-Language: en-US
Thread-topic: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
Thread-index: AdvMKLTOAIvoMHEDTBq0qghkieKSxw==
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0Jhbmsgb2YgQW1lcmljYSIsImlkIjoiZGVkYTVjZmYtNDdkYS00ZDM2LThjMzMtOTQ4MWRjM2Q2ZTBhIiwicHJvcHMiOlt7Im4iOiJDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiUHVibGljIn1dfSx7Im4iOiJFbmNyeXB0aW9uWWVzIiwidmFscyI6W119LHsibiI6IkVuY3J5cHRpb25ObyIsInZhbHMiOltdfSx7Im4iOiJDb25maWRlbnRpYWxUeXBlIiwidmFscyI6W119XX0sIlN1YmplY3RMYWJlbHMiOltdLCJUTUNWZXJzaW9uIjoiMTguOC4xOTQ4LjIiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMnBnemc4RVl3MWoyQVc4NjBlRWVRQVlPMzlrdXliUzFQMmlYbVwvcE9WOTFYKzloVXc5Q2dwZ1NrVnV5VURHVngifQ==
x-bac-client-sensitivity: X2
x-tm-snts-smtp: E28328ED3B9E7359EE860211ACC7381A6CB165ADAF088F43F489E98796B3AFA72000:8
X-Proofpoint-GUID: PeUbA-fulCljBOmsxU0upuDitsXxe3By
X-Proofpoint-ORIG-GUID: PeUbA-fulCljBOmsxU0upuDitsXxe3By
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTIzMDE5OSBTYWx0ZWRfX4vguBlFJyCKt iCtjwqT0Zm/aeTbFWO3B+alcEMFBjOExfjA5QvI6Sred9Z8VaEPKD3JPoxscpyHYDzVF1JVelxy gJXE2vXu4r160TQvv6ELweIrKfyBvcZmHei9x7I3BlNLqwLuUrWKxseL3HCGeM/d9Lsns8SIfCh xd6ku0dQHMJ8L9oRVPTi6qPt9D2ijerPS9bzckmQUPr2zjIrb2VVmdyK34bnibgHlIq5DIV0QfD Lw/1eFbk40IsGQAgwM/fZR7rZau4si+twTrVa8SIdd7zwKklU0Cg==
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-23_07,2025-05-22_01,2025-03-28_01
Message-ID-Hash: AHHZOTYCPHUXFA7ZLKWPGTYRS5BXWFB5
X-Message-ID-Hash: AHHZOTYCPHUXFA7ZLKWPGTYRS5BXWFB5
X-MailFrom: ryan.appel@bofa.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Mail regarding draft-ietf-tls-mldsa - Small Editorial items
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ixzu3S6S5zNkBHNBQYYyVKaBv50>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hello all, Apologies if there's any emails that have already gone out for these editorial items or if you all already had plans to fix them. I was going through the draft today and didn't see any of these suggested edits in the mail archive. ----------- In section 1. Introduction it states "module-lattice based" NIST defines it in FIPS 204 with a "-" in-between both module and lattice and lattice and based so this should probably be: "module-lattice-based" In addition in this section, it says "algorothm" which should be corrected to "algorithm". ------------- In section 3. The paragraph beginning "These correspond to..." has the text "variantsadefined" which looks to be a mistyped "a" where a space should be. This should be corrected to "variants defined" In the paragraph beginning "The schemes defined in this document..." should probably say that these algorithms must not be used in a TLS version earlier than TLS 1.3. Right now it only precludes version 1.2. Throughout RFC 8446, this is referenced as "TLS 1.2 or below". So the proposed language is to change the first sentence (and others like it) to: "The schemes defined in this document MUST NOT be used in TLS 1.2 or below." And "A peer that receives ServerKeyExchange or CertificateVerify message in a TLS 1.2 or below connection" ------------- I realize that there are many considerations that need to be put into place in the "Security Considerations" and it has been left as a TODO. There's probably some worth in taking some of the info in 8446 appendix C, D, and E, and discussing them in terms of using PQC for authentication vs non-PQC. As well as the decision to NOT allow the hash-ml-dsa variants and other such security considerations like what's discussed in FIPS 204 section 3 Thank you, Ryan Appel ---------------------------------------------------------------------- This message, and any attachment(s), is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/electronic-disclaimer. If you are not the intended recipient, please delete this message. For more information about how Bank of America protects your privacy, including specific rights that may apply, please visit the following pages: https://business.bofa.com/en-us/content/global-privacy-notices.html (which includes global privacy notices) and https://www.bankofamerica.com/security-center/privacy-overview/ (which includes US State specific privacy notices such as the http://www.bankofamerica.com/ccpa-notice)
- [TLS] Mail regarding draft-ietf-tls-mldsa - Small… Appel, Ryan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Bas Westerbaan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Appel, Ryan