IETF Logo Mail Archive

Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 02 April 2023 02:55 UTC

Return-Path: <prvs=44563a07cf=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C160DC15152E for <tls@ietfa.amsl.com>; Sat, 1 Apr 2023 19:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gAecdUSQsnWs for <tls@ietfa.amsl.com>; Sat, 1 Apr 2023 19:55:03 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9841C151524 for <tls@ietf.org>; Sat, 1 Apr 2023 19:55:02 -0700 (PDT)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX2.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 3322stYE037016 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 1 Apr 2023 22:54:55 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=WoBmron9xTjBYXwwkm1DDNUVzz1UPh8W3DEUW1HuJ52iy2AY1quiAMElErwpiAShUbHxz/TeDYd6l2h2UodfCAk6XyrZnVS58iHCneMjgeBv0/5jpWTVY515tUAbvWtiMzMdtJpn3k5e46GY3FYl46CqKxfYZ9ohZ21ywqLy2GJ9s1PaIiZJmw+yABtWh+a43Ii6I4AHksQVARWHnr8AELiX0oNRCeWM6C8n5+lElLs0WjRoECp3Pcre3gxmNwZbLYS4FTEZRHUAsh0ZV1De5kE9h0bKE2cqnwIyM0HTLOZlkq67e2jp+F2j3LYe2dY8fst2DA38qDJgvVr2psclVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=esnXrwlorm9LMBMtWZoGF/+nPkg5/MetJsyBO9nU5Ws=; b=rlKc+ASe/tnsVy+WfM+NUPNhV7LYkC3c8dpCermtBp9uc2ig/xzhSHLDNDP0B/5Knuy4TaqHlYeBRapBZNk5AfKm754E1FFHVc2MpCkqcd4w2IHeMJs0gQufRZiDNlqUEHjDj3LlYigQgRpeOHGEiIhhOybtVyErwR3KFV9Mx/lRk/1gU1WJJur7H/JYT82eEnI9DfpCHh508T/ba4znNQ0RAvjhLRytFLCDvlt6odox7wZPXuzI/kIZk2tWJ0KFccelyXlpm/gFzHZ2dNAUlTUxWRxSj2i3fKLRuoJsJ1ZoR75ffvBnB4b/GauMcZPxHTUTR08Iy+GbePQxPSrTug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
Thread-Index: AQHZYeDBSoMA1EiGfEGGwyKmBvcb0q8S2OWAgAK8JICAAAIoAIAAI80AgACBIQCAAR0WAA==
Date: Sun, 02 Apr 2023 02:54:57 +0000
Message-ID: <18169BE8-5854-42CE-908B-33F081770B99@ll.mit.edu>
References: <ZCf/UD3fiQcS4kna@LK-Perkele-VII2.locald>
In-Reply-To: <ZCf/UD3fiQcS4kna@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1532:EE_
x-ms-office365-filtering-correlation-id: 6ae2894b-546d-45c3-695a-08db3325a4ad
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KU1wsa5kBvkRix4F8jHHOMyGXfpZovq4DF7KaIyYT98Uz9hBNjhrTcaCgNxgQs4JsS0jUvw6U2Z1Zh6G3PRPrF5OsPLQtZl/S4KQCaSFpWMJ59IB1yDG/ymQgLoTde+jN0PQ/lju7GDXBh3OlzeFjQmkYvJLFM6ys7OmO3aaj1BB6+jxCcu5KyBgBaQPYOHM1VFY8x4+/Q42GNZuZY1PhOkgF5qK+0C/cWS/FsDc4rKEkG/fXvDSbjUmRnRLRm2ENr8I420VsKoMf8a0KbsQyMxXy9E8lD5Yt2eAyODIMI5XYWNaMyM2sUP9WqUec/gWQQSa0315frZswVO9BcjdltnGF5XYQUwgmCrUuKQZlVnDuksqjWkxoqn/rCoOhKCSC29Iie3Hbkd0uRZxmq0cE3AosOJO44zyYHOc9M7fDZzKQKwX3yQf1RyRy+hXBSoaELvx6/+tuFjD0Vfb5O52YbeS9kX7x/fJzL0ROKefgp+oSiqS0BEJgcq6NJ/P070RLVLynmOoizrGNquY318tbXcfVTPh1/p00U8Q+Vsyz8q+DygaEpVkH5/nqEOV8h5eLmmSfp1AWoEzG4u0bRI63BmsKCUHhZXdeQqqs2jdLrXlJjHN+Ry31cegPrwKosVOsgRUCzHPmkkS2bnyDiFf+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(136003)(39830400003)(396003)(366004)(451199021)(33656002)(75432002)(8676002)(166002)(5660300002)(64756008)(38070700005)(99936003)(66946007)(66446008)(66476007)(66556008)(6916009)(76116006)(86362001)(8936002)(41300700001)(122000001)(4326008)(66574015)(83380400001)(186003)(6512007)(6506007)(53546011)(2906002)(41320700001)(71200400001)(508600001)(966005)(2616005)(6486002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nLfV1rg2TO1LQSLsy3wuLRagqxLLgbXkXMB9mmaFwpjW7dBhfl2JL7YlqxQlqn7q6AjORJF3jb9mtsPM/KqrEyyISSvNrKs7VEUyA8QDd87PbmP1yqjoFEk8SeloqK9aff5dMUWeiiP33pclXiRWvWSOd/ddHlpwim8ae4+tC4r7wMLLH+TqRhQcJe3JhXFlpCR4UrbcmfEe7dXIeiD6b9bgiJ47iTW1uFWhUK8ydjXE+vqXz2giIxHiW/tJMNcSScuIkWhI+eRdGkFI1mYEU2YSOrlQg3PvizqdIC9z4qk0ibPAEzSeYCyes5F/LBdub379a9UgaRQ859w+cJjF9yBXI029AkZV8cfyQfCjpTHvMnT+4uxrW3JPvVYyqG1eALNRj5n28Vc9J18FgtukrW+3tiOMBO/VM0lpRQRqfWwIonLIzmpLuaxXHADXpxX2/+rLR3F9UgwzoC2OOX8PoEJtk280Jb3Oum22g2pNVs1IG0SeY2kNB5QlNxVmbu7zPjmdL/xT3NJEVSia/N7ZNs4f8NpEIovghkEtPdf1Nv6dwM30LpNvYzF41IgLcvU4xhazbMWKaVuDRJ3kqx1aaE0bOowqeSh2KLQ7cBnRXbJTEIt8/BVlSVtZ6msTEtdbqcSmRkIzjEOZ1wxLf5hw4hZw+b0ElkCVP3nGhXyDQ6ZGD2xRWVWsJ8hLlLZf+34cpxHHMnYcvO8iYR8EWbSiiC79gJIVL9cR2NILExh81ZEtiliq3pBno+Lcbrr/0Ef+msRoVMfYnEnfd+IQoCrC4pp/0A7Ul5aLpQqnn3iVnLOTynsqt8PZvrj9ebufIlVoC0fpd/2/RCxochXhnbzQnGpN+EVI0xpa8/IXmMrkWOOsgOgCHOYbO+tYXlpedWjtiihtYgJBHkk3tRfUgVXraGFsNQs9uAkSCpZQ6/H9R16d0XkZGA8rS+FAROm9HycJ29Kz3IOiGy6RZr0yRWVsXxH/cq1KZDF6rGBwdNa4uK5uLQJt0bUrc8WdCx3KLhrKdM//4Tvpf+Z+TYAzBKw6JAiA7hpWr+fUi0efAPwFugQ4gYkOf5uxb1e9f6Z/2yxH6Cj7GWc6CTBmp5mfS1FXz7cRAPQOD7Smy1M406AW5RXkgFxdk59QJZwsLLhM/T8mPWdRFLCuLQJ1AmbbGzsdwe2Q0yBIuH2WuIWmlF6GYBNDz5n5QwnqNBImLZ5Fr14UBTI/mhquFv/qrpgo5n3NpCZHG5YCfFHwhUVh+2bPlJME/oGpUX33ZqzZmx8VINVhk8oSYy3EzDuexEbbHuispk8zRU0yAxGOxjVsGX8W/Qef6Har0PZ8jCdbGrldjM2jHaqhzEx22G7mTYKP89ETdSp5LdN1+vezUkRvC8hyfK8=
Content-Type: multipart/signed; boundary="Apple-Mail-44455A17-3916-472B-90E8-499246F6D91A"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ae2894b-546d-45c3-695a-08db3325a4ad
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2023 02:54:57.2128 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1532
X-Proofpoint-GUID: iRj6YWDfNX_ba4kUG_ov9pobpOa2A4ss
X-Proofpoint-ORIG-GUID: iRj6YWDfNX_ba4kUG_ov9pobpOa2A4ss
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-31_07,2023-03-31_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 bulkscore=0 malwarescore=0 phishscore=0 suspectscore=0 spamscore=0 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304020026
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/V3Tze7wEMThvahyvb4VlTfcd1XU>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Apr 2023 02:55:07 -0000

CNSA-1.0 allows ECC only over P-384, unlike it’s predecessor Suite B that also permitted P-256. P-521 is not included either. See https://media.defense.gov/2021/Sep/27/2002862527/-1/-1/0/CNSS%20WORKSHEET.PDF  (page 1).

CNSA-2.0 allows only Kyber-1024. Not -768. See https://media.defense.gov/2021/Sep/27/2002862527/-1/-1/0/CNSS%20WORKSHEET.PDF (page 4).

So, if somebody would insist on a CNSA-compliant hybrid - there is only one candidate from each group to consider for the MTI. 

It also means that MTI für P-384 with Kyber-768 is likely to be quite useless, as those not bound by CNSA would probably make other choices (not P-384)  anyway, and those required to comply with CNSA will have to settle for what I described. 

Did I make it clear enough? Or do you see a hole in my logic?

Regards,
Uri

> On Apr 1, 2023, at 05:54, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> 
> On Sat, Apr 01, 2023 at 02:12:14AM +0000, Kampanakis, Panos wrote:
>> Hi Bas,
>> 
>> I prefer for the MTI to be P-256+Kyber768 for compliance reasons.
> 
> Uh, I think this thing is too experimental to have any MTI.
> 
>> It would be trivial for servers to add support for both identifiers
>> as they introduce Kyber768, but you are right, the new draft should
>> include an MTI identifier.
> 
> The problem with having both is that it bifurcates the system. While
> being on wrong side is not a hard failure, it is still rather annoying
> perf hit.
> 
> For clients to support either, servers must support both.
> 
> At least with P-384 hybrid, folks are less likely to deploy the thing
> unless needed.
> 
> 
> 
> -Ilari
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email