IETF Logo Mail Archive

Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space

Bob Beck <bbe@google.com> Thu, 28 March 2024 22:35 UTC

Return-Path: <bbe@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FC9CC1519B7 for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 15:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.6
X-Spam-Level:
X-Spam-Status: No, score=-22.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZohgEl0c8rdW for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 15:35:13 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 252EAC13AE2C for <tls@ietf.org>; Thu, 28 Mar 2024 15:35:13 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-431347c6c99so47131cf.0 for <tls@ietf.org>; Thu, 28 Mar 2024 15:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1711665312; x=1712270112; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=KfQKosFbyhbT4nOPrB/a/089Wro5unYQY5D5DnE/B4M=; b=C7Hgb15Qm/J6vzsDaTdGmk1c4Ogmg9C9rB6M8Xut9k1dakui2TYAXB+LEinRiZoNeM 5OWliq8jmO4DUprUFwJTkXoUXoL/KrtAEQIeyr3GNoQ+I0NGsbCWpl93dBaBoKBX4EAu Z9iWYfUhbRVg9ZxSlncsfkej19D8CKjsGGDAvuRjfHwixbuBeLnkBKxxVKPLrktrsoHq NvOuG7uhG7N2nlyTcM8M7HjPh+0dhyJ6muQWUxeJQnlVam1yrbmXw+xqPdr83RWFhSsp PH1RFfq2t0EtIe1yfX8RH9t1O6i4hhg3u1XZWTEFt7/wu0/dYhPLO11roWH/Hj6v/LP7 6V2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711665312; x=1712270112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KfQKosFbyhbT4nOPrB/a/089Wro5unYQY5D5DnE/B4M=; b=c4wyei5Cta5lFEqSU2O8x7mwBwW3t9pYfzNtwlwAZCi+T6jeUut+joH1YWQmZgUbRN yQh/y1tsmmC9a8Uur3zS2TTPHxiprYSUoi3SPImS8FD5fYcqBqzUCiXm4vJzY8Hle0Gd Ckvfu5bcNllBTlCVzV1EIQ7z9Er165dHdvV7A/2140a50Za2oIW+3DcaPzy5sP8ulCWu LVGzXyo2j1dhXRw2/OYI2li/RtLSEMIpXwi840Qb6UWFBbTfCQ/hz7KLrVhV1crDzjso mydW/LySZAMTFj3wpN/pNdNi5ICUWFPNgvwamv5iAFtSk5MgDsVHe/eyyH9Ps9/jKSn/ 0HIA==
X-Forwarded-Encrypted: i=1; AJvYcCXRExXmDW03k6FRc5j0dE/rUnaPDAqcSSr5FSJnwDoneTFfNAgKrm9R/aw4q1jziJe1PrDihdoAwiUkgaw=
X-Gm-Message-State: AOJu0YxWgOJUe4liVWjDsPlWQMtJWmJcTxRnWrSH2TkX3aQwr3tGMXwK ibHae7IH0mNI5yygNnQhtagkYMSwVY8zKw0hjYHxeXsKdWTEHcyphdI5HYuBuq83Sw+Um4Oll57 +mXxZZ7PPTr24ZUGv2TkRt34eE8ZZTZjGLN2s5BrulsH0TFLH+gsB
X-Google-Smtp-Source: AGHT+IGNyQ7Pl8uaMiDhvzO3m9qPKU7T/44QrwH+a2iQkyTWIFK3/hp9aocSi03dhoHipvbpMoC2YvIYv1paDzv2PM4=
X-Received: by 2002:a05:622a:124e:b0:431:8176:e4e5 with SMTP id z14-20020a05622a124e00b004318176e4e5mr44446qtx.13.1711665311705; Thu, 28 Mar 2024 15:35:11 -0700 (PDT)
MIME-Version: 1.0
References: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com> <GVXPR07MB967839392EC02807DD0EEF12893B2@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAF8qwaBLQr_MSqYGvOcTBiqLkD9jOaT11rTfxKid8skKSYtSYA@mail.gmail.com>
In-Reply-To: <CAF8qwaBLQr_MSqYGvOcTBiqLkD9jOaT11rTfxKid8skKSYtSYA@mail.gmail.com>
From: Bob Beck <bbe@google.com>
Date: Fri, 29 Mar 2024 09:34:59 +1100
Message-ID: <CALA6n3HsG1aYaGOrmtzkP4Zq-2nmYqQXtnuqJMPRTadchci5QA@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KPNPWNMhQMfNaBfP3P3GY5Ei0Bo>
Subject: Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 22:35:17 -0000

On Fri, Mar 29, 2024 at 2:59 AM David Benjamin <davidben@chromium.org> wrote:

> Regarding renaming, I'm torn. "Group" was a truly horrible rename. The names we pick make their way into APIs and even sometimes UI surfaces for developers. Every time I've plumbed TLS named groups into another system, I've been met with confusion about what in the world a "group" is, and I've had to embarrassingly explain that yes, it is a term of art, short for "Diffie-Hellman group", no, it doesn't even make sense with PQC, and I'm truly very sorry that TLS chose such a needlessly confusing name, but it's the name we've got. Sometimes I just give up on the TLSWG's naming and just saying "key exchange" or "key agreement", but that gets a little tricky because that can also mean the left half of a TLS 1.2 cipher suite (ECDHE_RSA / ECDHE_ECDSA / RSA). At one point, we tried "key exchange group" to avoid that, but that's also problematic as one needs to explain to translators that this does not mean "primary trade collection".
>
> This name is bad enough that I needed to make a pre-written explanation for this, so I can save time and link to it every time it comes up.
>
> At the same time, we've already renamed this once. These names we pick make their way everywhere, each rename we do is costly. All the old "curve" APIs had to be doubled up and deprecated in systems, with the old ones forever stuck around. And then some systems (probably correctly) decided to stick with the old "curve" name. Renaming again will add a third, and repeat this costly cycle.

This would be why in spite of the fact that I dislike the "group"
name, I would lean more to the "no do not rename" - We already deal
with "group" and "curve" for this and the names are scattered through
API and implementations, and we already have to deal with explaining
it's not really a group, and not really a curve, and it was renamed.
IMO Renaming this a third time will simply add more such confusion to
this area and make the "explaining" david alludes to above even longer
to add a third case to make people aware of the rough equivalency of
the third name in the saga, since the old names will not go away soon
or easily.

> Had we not renamed, I would say we just keep it at "curves". While "curves" is also wrong for PQC, it is less generic of a name than "group" and, in my experience, reads more clearly as a random term of art. It's a pity that we then changed it to one of the most overloaded words in English imaginable. :-(

v2.23.0 | Report a Bug | By Email