[TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt
Peter C <Peter.C@ncsc.gov.uk> Mon, 04 November 2024 20:07 UTC
Return-Path: <Peter.C@ncsc.gov.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C21C1DA2CC for <tls@ietfa.amsl.com>; Mon, 4 Nov 2024 12:07:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.706
X-Spam-Level:
X-Spam-Status: No, score=-2.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.453, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n70k4MyqL1VZ for <tls@ietfa.amsl.com>; Mon, 4 Nov 2024 12:07:28 -0800 (PST)
Received: from GBR01-CWX-obe.outbound.protection.outlook.com (mail-cwxgbr01on2084.outbound.protection.outlook.com [40.107.121.84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B12EC1DA1D5 for <tls@ietf.org>; Mon, 4 Nov 2024 12:07:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Dm+aKzYwCyHHsV/SDTvfuVojrgzyzbNvsVRd+RUrrVW8ZrBsdVt5z2XJaNC2YIKMJSAQWwUtKf7CfMY8dqJoee290gUZJuQ2YoO/87GP8YyCNVV6NHN2Ve/QBpgVKayDmivcH2RwPyoDrQKwDt1adKxAS9wASgOiecHRU2XBl1DF4XsFuJuiCZCCM5m47UhxOX7KfPQS5xD6wECWqQUpNlMHe5WsDDpxd1Rx4j0Y3attjmmsT+hxuhesWS+uh0L1Gky0prJuRczZ1r+043tD/mIXy5vfF0G8+wKE17OabZWF6DNeWlggdS9g14JHMIQv/lY+ZDm9bqZs/ykhfgBN0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cbQ7fuMBMfagBQRwNRJsfsyalJlNpzRjS0ddZTFN1T8=; b=aXxPOAsLiB0cpxf85w/F/g7h/TSkMi79JpGkwAo5fAlkUmdMWM6/yHafunezSPwQtj/rw+NnZrjSprR48LFl7HZUP9ML07bfD5ueMVnfWzOgNFUzw+EepIvWOsuYcV49g8G4FVMhLgSvwtRJ0D7AkWNbyezsaWRugCK3tmfBCH1FO7VztyWgv3GXd2IXwBW/0H/IayBlfjkoctW/O9Fo73YdkHAn2TDndXpzdnnNDAEp6y/yw9u5BsljomO5GYk4OoLPzRzujq8cF5FOW5wTPBTLJRCGgrPPNUr9hleLlIdtsmjAISmotR/XR9gi2hjzjRTKDHPoF4yi3kX1W7mSDQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cbQ7fuMBMfagBQRwNRJsfsyalJlNpzRjS0ddZTFN1T8=; b=DqnCLUjdnfuDuNrLH+wTuJ6TQTjNrOADtiOzhm3Kuht15mvo6DQMB3xaBPzWh3+psAeh8Dx+nYF4ixg2DN8/N6EDZI+nic+Ny/U3y8ZdP6PrNoLaML21CvuEd9wfOMicfXYijc9JN+lFOLIagoA6AU+WyA2jj+rEOlFxUOOpM5g8p+MC2uGu8zHudVLILDbtKH4eAEjtv3nS2gZ1IzpKmi2RVsYMBZ4lbhKKKbbgfOywhOhZf9KBzoQjeuWlq+m6Zdch6jPD0LF7ZQkiYuhMjMFe0dlcCwnIkPtJFQOoA3sURcljsn7nZXQ8K5ZDXBHv1js2oRP/xEPd4j7Fi+tsKg==
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:31d::15) by CWXP123MB3621.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:9d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8114.31; Mon, 4 Nov 2024 20:07:24 +0000
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0]) by LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::b9d:11d:61c5:dba0%5]) with mapi id 15.20.8114.028; Mon, 4 Nov 2024 20:07:24 +0000
From: Peter C <Peter.C@ncsc.gov.uk>
To: TLS List <tls@ietf.org>
Thread-Topic: [TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt
Thread-Index: AQHbLeHqpgVjvoLhL0e3MlULvOyzobKlqXVwgAG4+gCAAAIYAIAAI8mg
Date: Mon, 04 Nov 2024 20:07:24 +0000
Message-ID: <LO2P123MB705147681B594211E9089CBFBC512@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM>
References: <LO2P123MB7051227463A7583A1E6C023DBC502@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM> <20241104172928.395503.qmail@cr.yp.to> <CAMjbhoWN=y=uNMSLS-Rv68fkEEvZnxW2p==24CzcARt-iSJKzQ@mail.gmail.com>
In-Reply-To: <CAMjbhoWN=y=uNMSLS-Rv68fkEEvZnxW2p==24CzcARt-iSJKzQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO2P123MB7051:EE_|CWXP123MB3621:EE_
x-ms-office365-filtering-correlation-id: 81456bba-630a-4baf-6812-08dcfd0c4c72
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018|8096899003;
x-microsoft-antispam-message-info: XOQVsxRLkjs4evNS1HqecbEKFrhb2CoM/yZ47il/TUApA6CAzMYF48+al9Epi6Z03m2kGehoK0SrfK6y/nDxsN83Sdcw188l8Aoh6ob1y2s5Ipm5S0oj25udMPuF4xv7e27V7WEZB2uvT5pJ1IMDHCL0anPeCwchPkXZuQ9Zpz6F/uO8Vo7vZiPK2IVWxcV/C6DObj0+qSXJEq+bbhTOLtVbdh06I/+LejS6XXyokskUSp7V2USVyyDLBgRKpB1d02P6jxY5ZUpfd5+ioUpRrSJpWyPfFzBsL/rfxS3jP3gh4h/oy1QEZJ9g7x7UrGcrM5Mk46upITfqvvJDVl9MS5gXGP0xnIxOvDASJ+LJwt+J2QeGfRUzeATxKPv4qToNHdgoxutZ3Ge7zbJ/tDNbwEeNeY049VeRRuGVrBmkYtk0zOuviiy1jUTyA0O7JxCriH4h7jOQvGLeOppJs+tzd2qJzo33U3X9Cd65s2ugs1EqTXKf0Fq16Mjqru09cHgv8ENBgWZ3M2PsZ3tJVUy2FWhvI2oAX3OLBAa0DsxUJShLWgV8ACbaEwIad2tmGKVsN9MDfznf+S+AAN0x18uzFNvxpMcakHmp89SP1IqHGtrX54d9VEpZsUX+FqJVJmxaVVSa0T+0TgSlz4FNqLCjelPePOuevnhUxd6rZi29T9A6AKmi6TpQ/mCprUZNIdl7Wh2PvcoSqDQShVUSG9FbvKDJEJ+5EMETntS/ZT+6J2zqs0TPr+QxqPwe1lONEB5ugT/1COzcSi9TdgOo/1SyiXQM/QM2OrPf3VUPhB7uBmoIIjOPyilIW3vOHqJNwUADta5BSJQnrEaY18uGJ5rek/1Ec7T1wfe93j8NK/2e91FBu33L/gLX3E74uTwrBswMsdTZLBs9x16qmDOHoKBlJm4hvb/jo110NgzW4n4xAL6po9AYtNZSOAAuhr/gte7QysFYaWB4n9pz/oOtrwn3IPGeYLKfoMDbqLTcyaus1XEzs3DH2DysZE438iOLudbOZ/qaRZTxUII4rbAJxdBoXc24yE5mqt1ZlJHBsZHKT5AFEshML+LBcBE/yS+/OoQYi3/i67w2YWzfi8EHYLFKOdWx/iwrR3kbdeKVtobzWGuklkWifNCc005UQZvOZ/212m0VLW+JskzW5QCtLdvN8JEd02iMzBJ0AzoANfgM6p8PEOBS+dVCKaXBESOXZgHmZSjtMUknx5/vjFt2bxElB8+PtolheI2LhGqTAlIyo16OX6j+7DGsZ3piaEItUV+jN0c31QDiP3U6JJQAaP4jM3VwoZYFSa4/9T0IyuAvHWkmuMB+3h7A0eJUbnUhOs7E
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xTfma5IJ8Edlml4tdobtAJwRKk/lip5169O6hOZLmtuLM6c3sW2DVTj0RvlbXWxCS+YRJoi4DN0FImQ9DMbcTUZ0JW4v994+yoKy9xL48OqDIo8EzBZ9uE7P8f4wOxnqF+2K2ypOpW/FTTd3oDpumu/qibSvik7Wxu+wEiurFYhs0RxA7r2XHhS14rLClRV/wP1LcgX02LKERnWbtwcsl18BJxrLjgmV8HA+41YOctW+iIysJOVIOrY8fLXx+h60Z9qotxZbqVPTnnVfTBgg32syYi6CRUBHGAVbS3Ie+to2xqxd4Frl0qDOzQR7c0KjXGz1cRObi8OFBs98haglp9yrx9+69GiiYLEIl2XWZPO/uevnWLFl0Hhl1rHsfw8EniiUPmGtew9TkAGyfVTM+T4MGvP9Ae2gbe70Cv3SdcdFQdTteACj+S1OmzO/b27K04kfJMOwMOnHRpk2ci5BKLp2O6BRJXrB0Qo1Pj9Q323EixSq2rLzQjPbuS8ydjUF8XslGNTyVeXafKwGM0iLtAQWrHqjYJZwiSAtUlSk2rIBllgx4+GDStjYW3qh5vzTBE/gtfxaJ3vLNhDn6j9nLCGfoC+rAaiR+8EZg2XGQ1RA7FVGlJur5zFOPCfLTyDGcsyDmq7bHaiMS0wOgWUbTudJcF+LFdbBbF5XM2xesc4kkvJbwsx7yosjGyEm4+wBWtgfRUM8qufb/KgDhYWfVkNSa8CNqtqrlwQd4L8oL1Xjri2UrUAEcAKyn0rQEhZZIxGGnhnqT5NBBse+wBYKwofN9R8PcDjvwhGaxddK24Y7CUCt05UcjdZjkdXDt+85q5EQbkCIUwUSk2UtVBi/cewiAByf9RgnEauMl0Z5Z9oOEgACh4CJhuVm20rVfwuBDMn0zv7Q8CcjVOri8ydkZpIcM6MUY5iumFfJ7FU0MMa4N72bUwoZzZgX3GF8sh17J2ud0hXZP0RrmCM/1siQKeoxbpmwOLHwMz1HezbVyy5o3r59WPA2gPYMBGq0IwVPZTKIcQSNonlP1c83ZDW2IlyZ2B6F+R5EqLtsN22q1ME0v/eYe7Eb3GpMkxv0NFvdTR8YzaX6X9oKunoto8RCjdOPLdoQDzHyDy0oAKJPYj3StwF80r0Une2V1w5X9farVNBrm0R6fh2/Fjh48JBEBT6zwTfS1kS1RRljYnQSCUrCBf+cWQXXfO01BIPvfdp88wkOoHrrU9OoPOx8O1heQTC+oUTjz4UPWr2Q/GJonzt3jaLEgr+RD6a+nQzM8ITTAIqJySHtj38zEerCm0xVqW3J7x6C+YLxpqj/atAjVdlOfeXajFbNnNN+K4cKweD38FM/I8+uKBz7cl5kK3RQXU/bX99P9A0Qid1IfsKeGjHFIkCdaVUPDS+dcDpfr+xWxAfajTPXa9KikRRhcsnbQ1VvjpvoWVT8HfaVM0dam+giy4it903hK6eenXu2jR5zxlYwHAdpTXUixd4zkxGNNpwaE4im/bOvxLYBcsj5AjM0DPEZ65vKUaac4X8R41GXrqBUO7J9+V0OyhCD0j5KvvAYZmbsrTLW8OsBuP6BB8IdLThUBbcH9WbLBKiQW0/g
Content-Type: multipart/alternative; boundary="_000_LO2P123MB705147681B594211E9089CBFBC512LO2P123MB7051GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 81456bba-630a-4baf-6812-08dcfd0c4c72
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2024 20:07:24.3159 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bIgnSuHklGPjPyJmS/Yc4HlMzuCQy4G9+VCjpfPibt4RoVkRPnw2VhK9MbqQseUYU/0zKFaOQwe+hlw9u+rAYQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP123MB3621
Message-ID-Hash: KPP2ES67FMOHOMEJHM3HTGQPAF3TEUVH
X-Message-ID-Hash: KPP2ES67FMOHOMEJHM3HTGQPAF3TEUVH
X-MailFrom: Peter.C@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VjyrRzAg-wCjTDvr3pm9mmy8ojc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Before this goes any further, perhaps I should clarify the context of my comment. Me: >>> I agree that there’s an argument for using SLH-DSA >>> in root certificates, but I’m surprised it’s being >>> proposed for the full chain. Tiru: >> SLH-DSA is not proposed for the end-entity certificates, >> it is preferred for CA certificates (please see the 3rd >> paragraph in [draft-section 2]). Me: > if you are not proposing SLH-DSA end-entity certificates > then you need to be more explicit that it is not recommended > for use in signature_algorithms. Yes, I’m surprised but at no point am I suggesting that SLH-DSA should be withheld, just that the draft should be explicit about what is or is not being proposed. The conditional in the final quote is fairly important. Thanks, Peter From: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> Sent: 04 November 2024 17:37 To: tls@ietf.org Subject: [TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt On Mon, Nov 4, 2024 at 6:31 PM D. J. Bernstein <djb@cr.yp.to<mailto:djb@cr.yp.to>> wrote: Speaking for myself, not on behalf of the SPHINCS+ team (or other teams potentially relevant here). Peter C writes: > Under realistic network conditions, TLS handshakes with full SLH-DSA > certificate chains seem to be about 5-10 times slower than traditional > certificate chains and, in some cases, can take on the order of > seconds. For, e.g., sphincsf128shake256simple, a quad-core 3GHz Intel Skylake from 2015 handles 85 signatures per second and 1300 verifications per second. (Source: dividing 12 billion cycles/second by the cycle counts given in https://bench.cr.yp.to/results-sign/amd64-samba.html.) Sure, one can come up with scenarios where this isn't fast enough or where 17KB for a signature is a problem. But there are also environments where these costs are negligible compared to the transmission and processing of user data. Agreed. That SLH-DSA is clearly not suited for all use cases for TLS, doesn't mean we should withhold it for those where it's acceptable.
- [TLS] Re: [EXT] Re: New Version Notification for … Blumenthal, Uri - 0553 - MITLL
- [TLS] Fwd: New Version Notification for draft-tls… tirumal reddy
- [TLS] Re: Fwd: New Version Notification for draft… Ilari Liusvaara
- [TLS] Re: New Version Notification for draft-tls-… John Mattsson
- [TLS] Re: New Version Notification for draft-tls-… tirumal reddy
- [TLS] Re: New Version Notification for draft-tls-… tirumal reddy
- [TLS] Re: New Version Notification for draft-tls-… tirumal reddy
- [TLS] Re: New Version Notification for draft-tls-… Peter C
- [TLS] Re: New Version Notification for draft-tls-… Alicja Kario
- [TLS] Re: New Version Notification for draft-tls-… Peter C
- [TLS] Re: New Version Notification for draft-tls-… Peter C
- [TLS] Re: New Version Notification for draft-tls-… Kampanakis, Panos
- [TLS] Re: New Version Notification for draft-tls-… D. J. Bernstein
- [TLS] Re: New Version Notification for draft-tls-… Bas Westerbaan
- [TLS] Re: Fwd: New Version Notification for draft… tirumal reddy
- [TLS] Re: New Version Notification for draft-tls-… Russ Housley
- [TLS] Re: New Version Notification for draft-tls-… Alicja Kario
- [TLS] Re: New Version Notification for draft-tls-… Peter C