Re: [TLS] New Version Notification for draft-whyte-qsh-tls13-01.txt

Douglas Stebila <stebila@qut.edu.au> Tue, 22 September 2015 08:15 UTC

Return-Path: <stebila@qut.edu.au>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8A11A036C for <tls@ietfa.amsl.com>; Tue, 22 Sep 2015 01:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVOxHXQKqUNN for <tls@ietfa.amsl.com>; Tue, 22 Sep 2015 01:15:03 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0662.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:662]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29EF31A0363 for <tls@ietf.org>; Tue, 22 Sep 2015 01:15:02 -0700 (PDT)
Received: from BN3PR0101MB1139.prod.exchangelabs.com (10.161.219.15) by BN3PR0101MB1139.prod.exchangelabs.com (10.161.219.15) with Microsoft SMTP Server (TLS) id 15.1.274.16; Tue, 22 Sep 2015 08:14:45 +0000
Received: from BN3PR0101MB1139.prod.exchangelabs.com ([10.161.219.15]) by BN3PR0101MB1139.prod.exchangelabs.com ([10.161.219.15]) with mapi id 15.01.0274.009; Tue, 22 Sep 2015 08:14:45 +0000
From: Douglas Stebila <stebila@qut.edu.au>
To: Hubert Kario <hkario@redhat.com>
Thread-Topic: [TLS] New Version Notification for draft-whyte-qsh-tls13-01.txt
Thread-Index: AQHQ9Q69le8xVqeFiECCLoIWcY+SRA==
Date: Tue, 22 Sep 2015 08:14:45 +0000
Message-ID: <6B9A5772-C2C9-4924-9009-94177B2CFDA5@qut.edu.au>
References: <20150921023216.17159.38513.idtracker@ietfa.amsl.com> <3946674.BM8ZEerjNL@pintsize.usersys.redhat.com> <201509211504.18135.davemgarrett@gmail.com> <37975416.25dCCaMG5S@pintsize.usersys.redhat.com>
In-Reply-To: <37975416.25dCCaMG5S@pintsize.usersys.redhat.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.2104)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stebila@qut.edu.au;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [130.83.239.7]
x-microsoft-exchange-diagnostics: 1; BN3PR0101MB1139; 5:UehJgBRMRgqdJZjPvwt11+uS1mR0H1hANKm9s6taPQhPJihudaHdM75OeSvJwy7kk9HMHaXPB6muWQqmaNyZcX2hLQ7awKNS5U7/3kani4oe+2hjwRVZgHgqHYLg2GLNkP78tj7Xcw2HZ6I4niVuaA==; 24:8hXAjJH3jMsuRhxFeIJtLOAc3B7iIxFoT2kjowcxxsUL+bL3JuS7qNpmDdcSHrlhxlKEo6l/EQZM5Pl7t64YjV4i+BciZTAsH9x2F8VRMxM=; 20:dYEn6kLZqJMCq5THa9+cNOQzURO4opCeSNrPCpty//XCWmFHayAEizaMgEl2VzdD9j7H060z6u8MDmM/pLgTjA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0101MB1139;
x-microsoft-antispam-prvs: <BN3PR0101MB11396CF8B7CE126E777E33D88E450@BN3PR0101MB1139.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BN3PR0101MB1139; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0101MB1139;
x-forefront-prvs: 0707248B64
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(377454003)(199003)(24454002)(189002)(64706001)(86362001)(10400500002)(33656002)(50226001)(106116001)(19580395003)(106356001)(5004730100002)(19580405001)(83716003)(5007970100001)(82746002)(92566002)(105586002)(66066001)(57306001)(74826001)(11100500001)(74482002)(46102003)(5001860100001)(62966003)(5001960100002)(4001540100001)(230783001)(101416001)(189998001)(110136002)(93886004)(5001830100001)(68736005)(87936001)(40100003)(15975445007)(97736004)(81156007)(77156002)(36756003)(122556002)(77096005)(76176999)(102836002)(5002640100001)(2900100001)(2950100001)(50986999)(88552001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN3PR0101MB1139; H:BN3PR0101MB1139.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: qut.edu.au does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <E0BFAA4481DADE4E81F1E2D5548AEE87@prod.exchangelabs.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: qut.edu.au
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2015 08:14:45.0707 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: dc0b52a3-68c5-44f7-881d-9383d8850b96
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0101MB1139
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RPQiT7oBC51d66lvBddI_FsNdH0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] New Version Notification for draft-whyte-qsh-tls13-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 08:15:06 -0000

On Sep 21, 2015, at 10:43 PM, Hubert Kario <hkario@redhat.com> wrote:
> 
>> I doubt anyone would really want to use any keys in the megabyte range
>> anyway. Post-quantum crypto research/experimentation for TLS & other
>> network protocols should really focus on systems with smaller keys.
>> Even if a giant-key scheme was ideal, you'll have a very hard time
>> convincing people to actually use it, no matter how much they might
>> need it. :/
> 
> true, that being said, I can see 64KiB total being limiting for 
> different stuff in the future
> 
> and while sending 2MiB packets as "just a hello" is unlikely, I can see 
> us sending 64KiB or 128KiB packets...

Bernstein et al. needed 64 KiB public keys for McBits [http://binary.cr.yp.to/mcbits-20130616.pdf].  We needed 4 KiB public keys for ring learning with errors [https://eprint.iacr.org/2014/599]; a switch to learning with errors would make the keys much bigger, but I can't say how much bigger at this point.  It is too soon to rule out 64 KiB or larger public keys, although getting smaller key sizes is a very important goal for post-quantum crypto research.

Douglas