[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Peter C <Peter.C@ncsc.gov.uk> Wed, 24 July 2024 16:22 UTC

Return-Path: <Peter.C@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A77BC14F61B for <tls@ietfa.amsl.com>; Wed, 24 Jul 2024 09:22:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.709
X-Spam-Level:
X-Spam-Status: No, score=-7.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.453, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PjQopJV02unF for <tls@ietfa.amsl.com>; Wed, 24 Jul 2024 09:21:58 -0700 (PDT)
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on2074.outbound.protection.outlook.com [40.107.121.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6BE5C14F60D for <tls@ietf.org>; Wed, 24 Jul 2024 09:21:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M6UHhj75n1ED6158bYpQxBZRtHfbwxSQpeBVwYfTa4hWJhx+G6r0wEOGzc7r067eQEzabP5DBC+l0646OlxmI1gf6GRPRF96tJPkGjg7eAQENUZxpe1VzC8sGsrq0p/i0F0ptqKrhjsL1vfrQe78FHt3ZYjzwRReChPaKzYEEr+5oXw3WSY1HYojCg8phu/1xp0BcP6TFRM8Fs0xuYJC4JjS0WN6j4onsl11JdBYllaVAFh7r0UBIIkDqjZMkYKg8RRoesqqMp3g7yIr4J8lD11QEUmxf8v+2qL2rahNMf7moRpsn2G4/weo4FRU7gPqwm9AR4BoLcF7vlNYOu5AGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5HyFXfhdToxW5Haz2rQSJqn2rswSnsvy2kLBAiGrzO4=; b=gBlav7HNoRJZoVDr8Fmoh1q6xyE7+lClUeyYXdy/t9ccJmPWrHDi/lbRUZJLA3hVokWCGQEwKIUx/bGaZjS5jRTFtyUanQL2YI4uSuQ3Pmcm63LaLuvZBTn+3tg5LphLYlvKwzuWK8VCa01YazyDvkbQgxMP2Tilrr7JLNZKGi8K7aymTVWR5prydTnhB1ICHe9O3Jgg67Lq6vBIXvNA3iv3k5NMpCqSQF+16cnh+kkn03Bg6Cf/mOD1f1ZW1cJxG+XsufwRsMcewqgaMLctTcjh2xncX0+1Rck7x4SEuLctE5YtNZ2jLyQW8fqnTXX461dY7fIjMce6Xv6ZKHC0NQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5HyFXfhdToxW5Haz2rQSJqn2rswSnsvy2kLBAiGrzO4=; b=S7pX34O2/cZL+2v4i0dSehU4eW8SbAIzRREFbcmrE40CpA75QJL8envw4fC0nodnV2Q9CIgs7RNe6LbTmn3WtGOY6a5bGZipAQbpVhgEqBZcBaXOwW3SgOZKuIcu9noUuLnAxgczZdgxEMJKG5v0g0MnYEkELoTWhUUG+aY2fXDFtfyxN/3kLWCdH9yJA7K2WL0zxdLFAJejfCd4C7+O/XeocArDr5aWqVdcXzIoyjrKlsz2uQYBLO7qDP+k4BLtzY4HpzSooyyWTW+Hzh1vkbJCsS9P1P8g4HDKBP2oE3eVEhAuAXJZz0slIspPry70XbRBHQl1py5VP9k5Fq9jqg==
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:31d::15) by LO8P123MB8027.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:3d6::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.18; Wed, 24 Jul 2024 16:21:54 +0000
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0]) by LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0%5]) with mapi id 15.20.7784.017; Wed, 24 Jul 2024 16:21:54 +0000
From: Peter C <Peter.C@ncsc.gov.uk>
To: Deirdre Connolly <durumcrustulum@gmail.com>
Thread-Topic: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt
Thread-Index: AQHa3dbuoe3RYyDQbkm/5215m6BdV7IF+Pkw
Date: Wed, 24 Jul 2024 16:21:54 +0000
Message-ID: <LO2P123MB7051C115020DAFFB74F12C53BCAA2@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM>
References: <171234865099.12734.12883553523407106230@ietfa.amsl.com> <LO2P123MB70511E279A74AD16F80D4302BCAA2@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM> <CAFR824xrx6wcnUTBHX0hTxKR+mqZ1ZqjEGP=CwtY4Rgsz5SscQ@mail.gmail.com>
In-Reply-To: <CAFR824xrx6wcnUTBHX0hTxKR+mqZ1ZqjEGP=CwtY4Rgsz5SscQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO2P123MB7051:EE_|LO8P123MB8027:EE_
x-ms-office365-filtering-correlation-id: 1e57a540-6319-4f70-62b1-08dcabfcbb7e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|4022899009|38070700018;
x-microsoft-antispam-message-info: oafNTKFn+uzFZKIRBNHAA1S3Eox3wPCsGXCpsxoPcvn1yuzIb4s5QXJt/GFbfR9gGdtmTvJDu37D2N/2aLR6DSgl2Mi60+NEHQ7Ga8z5iQwvC/4f+XidpbrxdWFYbZBqgYzDyNQOB7A6YPOGcsADWMyk2SHbcNV6JVPqBrSd5ssQKhWg1/3FuNJA7LbgHsoxxFE20R1F4TccbEzTDFnNqoZMIllVK3Na94i4/8cozlxAf6nR+CONGowtaMuclPed0gijGxevP+Ddq8FXjh3DfWPbmasLYlfaFrqAmIBhA+68dJtVKlBHJ0naiJNTrtul19DnMUAbMF0WMbXzV2t4d2v1cz40odSD+WSavWFhNl+HM1Q1G3/Ff8XvhDWDLl5PaIUdcjsCRD6xnwF2jL4j7Q1vi7gVj8JY0hVcsKg9uEcSnHIXdVLXxzyr1xD/P5VXoQSWEysxMTAdPDUXs78+Lew+1KdSzznjYQNxmucpbjJZHNw2Z+bRFaGTA+BaYqlAVSMFoyo6Vq38e494aVDpRE8+WHjudoMrclVx6AI3phXEwoM8DWAxkOfZ7NQBapqwixzrh6VkQnLV5VsXGbxHpu6zMjFlChIYzunXoo6xhZ+TebcUWiElXhIqShnpamV7HeyJ3+ZP95iUYRJW8t5gnw2XrNOsieeso9mh3C4gbVXRLqb37gjU43ILz6hEQUMr+TwADzouLHGegqdPFuGw84VN0r2I+NKyM6ZJGhQdh7AbbU0cX/gYKXvTNjtzrOKrD/uISlDJCrnkH+eRYF1OZamiMUmvJgf31pZ11C5aX6FlXLoSN1cLozjD3w6n791b0PG8iImWj2AIaBZc4wNViYt0m/1AaYIr0gKMVbmrlfd0TU3brNhie0j+Syfh8iQCwqDMDtppHso8QVRsURu4rkMDHsCLcpQdPSFD6uNWB9ZneJdyePoKGCtkLkl6Nt4M3TS9jLoZUYGHrn1dNRumi10PtE0ITQLG5DuAEjqKUaOcE4mmW0LqairQYv52nJfs+UlyD3Rs9je0XX8+IP59HN2jrSCeudUA4ganKmSVC/6vl2Artqdqumxn4ShJMHDc3HzRp2GF4v5YuCAyKLGPzOOnfizYRUZ0EmQIVlcMw0Wc0CWQXHbm4wquLjqvp3EOsOqJZjmIugOlsbnVPFu+gHJrlFgeOQvxHGQA1eVvHljSO5q1gbOFuHPCLhWua1anK8mFIiysJ/BBJ7D6aJhr1E+JPAZdO6yEggwI07SLmTGNlML1Jc+mzLeTR+WUTRELS8kIyhU/ASa9ETmjzz28UYSzEZ/twHJOKWBdj4EP86OgI5dsUA75x+ibuX+mX0eetnGwzRtSPDIaDYHkDQ0IwQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(4022899009)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Leh3eQS7/At+rQCUuewvpFdhQZeRrxwt8utWIVxkG14MFZYSTs2SjfVocKadfFHLA2lhad8XsM95RXGyHkMQylJ6f8GmC7my7pVL+y4PhvN6oZbzdIo/1a2eyNHXmp4k7BAS1sSRaRXbbH0zM7ZiuYCJrqSrzrHi7o6R5xDzGUbr/H+tcZ1A+LCS1CXGpFox68lcZQhhH9lXlHQxlmOK8PMjOTBwQgPb192gpDT1pYSyjas57CeJ88IbUJJfHo5dbAdLtMir2qe5NVHhHi7GDYDbL4w4gTeDm3Ij60yxsOa3bwl6ADDb69Dnb4ji4b41HmnKRB4OUejFagOeQETJTyh+bsWHX5jfrXBuMMmx5GHG11LWPf2cwA7IgF3GuMkmvr+43vZFy/24Jem1PC26dnRz6X68rvOyWukLgJJWIXA+4bPJ71GTLoLEkrynEd79xD8FTowVmEzE+oHdNH8IHYTUepUjKXDBp4X/DiGCVvwD8x2M3nZmGkTE7S509AiWNRbL/IDCdBeO5uAFsYosQuEwBkGA94QVz3yOZEUkv3MZ+U2l/0IbTs4dL1S3+yqsRaT4wi6Wlsl28DMlyNClx5ge3vlf/wI3yXPW8/RXruuBjaVVkdaUJCxFLr190Mp20Arns3U3s2k49DwAc7MWSMJe3c+2O+lGk8vH6ARSD4+MjziOkSNgRih/Y2nByNP7/9v4zBfll0oFpP1aszAEaT/MsfBAfqOfD4B7gUGb3JhAZsjTrG4FkIhHfQ6/FUljCSNdhVHUES6LK9vgD1CdojA1Jr146V04x7fUeQhecCduQVHon9DspKS4wi7jnojR94s9aDbQZuKrdOZyxw9mBXoeH2FDsZP+Y9gQK2I7FTWhiGIMPkJpAFWvsGq5P+SVEYFN9T1s4YFLhjH9Bih+hfKh+Id6hLB3MYlru7TY7cC+ypB6lVM5O+nzEiZ2xdicgmrWVz/Vn/Or1C2uKTSFecrjHvM4eXaPp1CQtXyi2klydCQh5MbYFnuyu5gCql0YeWP0LV9l+U9w7eEfNbFlvhr2KY760wVlSbSe9qzy3Q3auWLcqJqT5VV/gM7P6unPC/p+rHaxRdkT7T4IZAQiiUlc4+BYEZ5juEKYwK+sD1z6Dj4ZVHajLOKvV2hJ+lcEpxtRXmJvl6vRbz3hgRFvVMq10Ou0tNl6Ae851KpwwXFAxUj7FsYc90sueG4CF1/6U5C5bPBK0ns09riOIIYhviQwvFhqnpDjmn0gkXjB56X+S3RiD6+ZScP/BX3tRveG5lMq97TRfLZva64eYV1QSJxtDg2l+aSG8zTWeuzr62onDo/IOTrYmVlkY4Bqn3oU0CfPS/ju9PPDlopIRSv3YbqTIScFMNt7R88GQMZFmzSCuRmLrvxISXbkyhKGt1zJRJr8kOwX3kHaUTUXgkpRO+9QznJcvX97B5qzVNvg8zXXS3TTPT2SiGEj6JK08rQKOcdvBBCwUL9iq1a9ZxhfK/jaoPodRIE/6hKht5unJJXbmk/yj7uGBMXIjM9HDI6g+/b5q7G+MW6A+PUZWDnyJ4LtWB7TPljjOUKhfxVBoLe/CmJUC78lVqVuQ8caazFA
Content-Type: multipart/alternative; boundary="_000_LO2P123MB7051C115020DAFFB74F12C53BCAA2LO2P123MB7051GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e57a540-6319-4f70-62b1-08dcabfcbb7e
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2024 16:21:54.5452 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Wls3f4biUfFJYxyU4rB/n25mTs+uTQOBNN8K0WYpakKdApxJNjr42+607XtYbmf2VoITkO1W0p3TIeR6ensjFQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO8P123MB8027
Message-ID-Hash: DOIGDMCG5WFEDEFU7I4ZFH7B52FQZYUH
X-Message-ID-Hash: DOIGDMCG5WFEDEFU7I4ZFH7B52FQZYUH
X-MailFrom: Peter.C@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Douglas Stebila <dstebila@uwaterloo.ca>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/RXghRCXhjl7RvQJBSRBsIwVhkno>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Deirdre,

I’m not familiar with the PQ3 protocol, but I think PRF-ODH can fail in practice due to the way that ECDH is usually instantiated.

For NIST P-256, the input to the KDF is usually the x-coordinate of the ECDH shared secret rather than the full point.  Given a challenge (C, label), setting C’ = -C and querying the oracle with (C’, label) should give the same KDF output.

For X25519, the private keys are clamped and there are usually no checks on the public keys.  Given a challenge (C, label), setting C’ = C + P for a point P of small order and querying the oracle with (C’, label) should give the same KDF output.

Note that in both cases we are deviating from the idealised PRF-ODH setting so this does not contradict the proof that StDH implies PRF-ODH (https://ia.cr/2017/517)

Peter

From: Deirdre Connolly <durumcrustulum@gmail.com>
Sent: Wednesday, July 24, 2024 3:34 PM
To: Peter C <Peter.C@ncsc.gov.uk>
Cc: Douglas Stebila <dstebila@uwaterloo.ca>; TLS List <tls@ietf.org>
Subject: Re: [TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt


Not a direct reference for TLS 1.3, but recent related work from the document author, Douglas's analysis of PQ3 iMessage¹, has a hybrid encrypted session setup with commonalities with the TLS 1.3 key schedule, especially the layers of calls to HKDF.Expand and HKDF.extract, albeit in a different order than TLS. These proofs rely on PRF-ODH for the curves and that HKDF.Expand/Extract are PRFs in their first argument and more PRF assumptions of the ~equivalent of the large key schedule that it is also a PRF in two arguments (any chaining key material and the public session information, including the ephemeral public keys) to achieve session key indistinguishability.

¹https://security.apple.com/assets/files/Security_analysis_of_the_iMessage_PQ3_protocol_Stebila.pdf

Maybe Douglas will be able to answer directly on TLS 1.3 but hopefully this is also useful ✨



On Wed, Jul 24, 2024, 6:41 AM Peter C <Peter.C=40ncsc.gov.uk@dmarc.ietf.org<mailto:40ncsc.gov.uk@dmarc.ietf.org>> wrote:
Douglas,

The agenda for the TLS session is looking packed, and this is a very in-the-weeds comment, so I hope you don't mind me posting it to the list.  Happy to take any discussion off-list, if you'd prefer.

The draft-ietf-tls-hybrid-design security considerations currently say:

    The shared secrets computed in the hybrid key exchange should be
    computed in a way that achieves the "hybrid" property: the resulting
    secret is secure as long as at least one of the component key
    exchange algorithms is unbroken. See [GIACON] and [BINDEL] for an
    investigation of these issues.

If you assume the PQ KEM is IND-CCA2 secure, then I agree that [GIACON] and [BINDEL] imply that the derived traffic secrets will be indistinguishable from random and from each other.  The same is true if the KEM is only OW-CCA2 secure by Petcher-Campagna (https://ia.cr/2023/972)

If you assume the PQ KEM is broken, however, then [GIACON] and [BINDEL] do not apply since ECDH-as-a-KEM is not IND-CCA2 secure.  Similarly, Petcher-Campagna does not apply because ECDH is not OW-CCA2 secure.  Nor do I think it's possible to fall back on [DOWLING] since X25519 and NIST P-256 (as they are used in RFC 8446) do not satisfy the dual-snPRF-ODH assumption for any choice of KDF.  In this case, I don't believe the derived traffic secrets are guaranteed to be indistinguishable from random.

Flo raised similar points a couple of years ago which I don't think were fully addressed at the time.  I suspect this is just a security proof issue - the inclusion of the ciphertexts in the transcript hash should still protect against any actual attacks - and it's entirely possible that I've missed more recent results covering all of this.  If not, one easy solution might be to adopt the X-Wing approach and use

    concatenated_ss = pqkem_ss || ecdh_ss || ecdh_ct || ecdh_pk,

although this currently only works with ML-KEM.

Best,

Peter


> -----Original Message-----
> From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> On Behalf Of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
> Sent: Friday, April 5, 2024 9:24 PM
> To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
> Cc: tls@ietf.org<mailto:tls@ietf.org>
> Subject: [TLS] I-D Action: draft-ietf-tls-hybrid-design-10.txt
>
> Internet-Draft draft-ietf-tls-hybrid-design-10.txt is now available. It is a
> work item of the Transport Layer Security (TLS) WG of the IETF.
>
>    Title:   Hybrid key exchange in TLS 1.3
>    Authors: Douglas Stebila
>             Scott Fluhrer
>             Shay Gueron
>    Name:    draft-ietf-tls-hybrid-design-10.txt
>    Pages:   24
>    Dates:   2024-04-05
>
> Abstract:
>
>    Hybrid key exchange refers to using multiple key exchange algorithms
>    simultaneously and combining the result with the goal of providing
>    security even if all but one of the component algorithms is broken.
>    It is motivated by transition to post-quantum cryptography.  This
>    document provides a construction for hybrid key exchange in the
>    Transport Layer Security (TLS) protocol version 1.3.
>
>    Discussion of this work is encouraged to happen on the TLS IETF
>    mailing list tls@ietf.org<mailto:tls@ietf.org> or on the GitHub repository which contains
>    the draft:
> https://github/.
> com%2Fdstebila%2Fdraft-ietf-tls-hybrid-
> design&data=05%7C02%7CPeter.C%40ncsc.gov.uk<http://40ncsc.gov.uk/>%7Cec161933c97947c8a7e0
> 08dc55ae8cd7%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C6384
> 79455373796379%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL
> CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata
> =qNBE50aYk4woYCLUj6Rq1wMeFur63hP1MnHXDGihg80%3D&reserved=0.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatra/
> cker.ietf.org<http://cker.ietf.org/>%2Fdoc%2Fdraft-ietf-tls-hybrid-
> design%2F&data=05%7C02%7CPeter.C%40ncsc.gov.uk<http://40ncsc.gov.uk/>%7Cec161933c97947c8
> a7e008dc55ae8cd7%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C
> 638479455373796379%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
> DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&s
> data=kVBR6kDc19NDTnC1fRgVqJmTnZOQggzmWk7wHHcVKbI%3D&reserved=
> 0
>
> There is also an HTML version available at:
> https://www.ie/
> tf.org<http://tf.org/>%2Farchive%2Fid%2Fdraft-ietf-tls-hybrid-design-
> 10.html&data=05%7C02%7CPeter.C%40ncsc.gov.uk<http://40ncsc.gov.uk/>%7Cec161933c97947c8a7e
> 008dc55ae8cd7%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C638
> 479455373796379%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi
> LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdat
> a=dcjY38cicBXU6ab7hnMalN1WTWqtQdhblMYu7xdzVT8%3D&reserved=0
>
> A diff from the previous version is available at:
> https://author/
> -tools.ietf.org<http://tools.ietf.org/>%2Fiddiff%3Furl2%3Ddraft-ietf-tls-hybrid-design-
> 10&data=05%7C02%7CPeter.C%40ncsc.gov.uk<http://40ncsc.gov.uk/>%7Cec161933c97947c8a7e008d
> c55ae8cd7%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C6384794
> 55373952646%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ
> IjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ll
> ZNYcqaixqUpU%2BhzzNOigFmuDlrA6CxCrIvyiG5HI%3D&reserved=0
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org<mailto:TLS@ietf.org>
> https://www.ie/
> tf.org<http://tf.org/>%2Fmailman%2Flistinfo%2Ftls&data=05%7C02%7CPeter.C%40ncsc.gov.u
> k%7Cec161933c97947c8a7e008dc55ae8cd7%7C14aa5744ece1474ea2d734f46
> dda64a1%7C0%7C0%7C638479455373952646%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%
> 3D%7C0%7C%7C%7C&sdata=rFzF%2BExBIX03adggpWV4uxzcgfHR6Z0zCLamc
> GZIX9o%3D&reserved=0

_______________________________________________
TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>
To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>