IETF Logo Mail Archive

[TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3

Joseph Salowey <joe@salowey.net> Tue, 19 August 2025 14:41 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7051255FED71 for <tls@mail2.ietf.org>; Tue, 19 Aug 2025 07:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GWdqFSHkVUod for <tls@mail2.ietf.org>; Tue, 19 Aug 2025 07:41:11 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BD43255FED6A for <tls@ietf.org>; Tue, 19 Aug 2025 07:41:11 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-333f8d387d6so36270591fa.0 for <tls@ietf.org>; Tue, 19 Aug 2025 07:41:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1755614470; x=1756219270; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nplchREm4J9GN/52At82mhp/U41tVZecmbQKEUpANsM=; b=lqdsr2fxWc0TF5qHtjCF6y2w4le8se0h4SiFT5sy86xNtLDrQyiVamsKX76PdpGIPI B2Yr6VTT6i/wOKmIdUrHQ9k9QhPkhEd/daBV7G885hY9SpMI9yGOeFbcw1YFSfvOxX4x J9D5sF468G44w67Ngi/IDz9nbTw9qX+3e7iKxnVm5NKljP1ZsTxjz+kpFQYqtnmuplT0 8g4KSFa77ETScDSUkE5W8xbdPTE5op1xkm6eSVG71djbtu9JJO9v8U8RWhlVkF5aRjLg B0Zt3KGGhZ5sMB1sw1dW6fWNJ8i7zyhDVj+Ia9M5P5+k/YOPnZZryopOgp2KDO7orcT9 REVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755614470; x=1756219270; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nplchREm4J9GN/52At82mhp/U41tVZecmbQKEUpANsM=; b=EqdPrQnTLX75FYbVNiNx0AM1I7NYKPwXa5EmLZc8EESwl2wAcMWfLYG5mbWJAXgEwA nbpUkUAE8KsG/XoHmXnWmi8HFMV+NaGrE7n2AgDwPOHGgE03i+qfTlcLkTGMxs4u/dn7 DmUzTwynCJ9rWLaLV3ox39UigpepIpqISjdL926onqUb0w6UsxHkbr0OSDeVPnxSaFaF aHTwuM5P7chcGTEj8arIssjq83aA3EZf47cepcGQGYymcrzNosCPzI9+kcXYkOdJU9p1 CtBQ0q2KwJLq9w7JIC0em5UOIFeDiqcUTbkWcA/eqwRidzvWzbzJinq/pQv1wE4oQvkD gaig==
X-Gm-Message-State: AOJu0YxXGBpMJXQeKURKAXWR/XJAaXQgTJVkRF6LfL+6DNe7/mZKl9LV RRYEsHgQ6hfTUlo+64eTLOee4iNzuUF1tDuSgQ2vv4Pv75wkmvGjXV5CafrqFgTJIEeflX1tXMF rvSVRwkn4n5KDYAWxtBo8QD9typIlBdIp5wjwBIMVHeFKKQum+/qC80s=
X-Gm-Gg: ASbGncsVgbZZn6/UCTtu6rWpDh6ZXdOiRfVGeSVWyUZCKpyqvKdZXReG/IbxGjeljG9 Uuoqx3XxUAo7sPlTl0t3P9OEZLF7bn1AljvdrLml9srD85NA3WV5VuCaMOcoEUBr9JWCCNmiQw6 Q+M25Du7Arf/oQSmsK9E4Us7gl6tJhwhM4FbWW/wCOK7ODMhtJWtP5Vza+00z0CvjOUPMZJZgiR qCn
X-Google-Smtp-Source: AGHT+IHUmkejheAtkjEjoLCtxcWc3qtcgATVrp4FmlRbp5kqXm7xOvYhMnQKHiM2IKwOnF3o26HA/ZvlEA0XM5vL78Y=
X-Received: by 2002:a05:651c:411a:b0:332:69fd:96cc with SMTP id 38308e7fff4ca-335304fb62bmr5680251fa.2.1755614469311; Tue, 19 Aug 2025 07:41:09 -0700 (PDT)
MIME-Version: 1.0
References: <07105AEE-D7EE-4261-B225-72379843738F@sn3rd.com>
In-Reply-To: <07105AEE-D7EE-4261-B225-72379843738F@sn3rd.com>
From: Joseph Salowey <joe@salowey.net>
Date: Tue, 19 Aug 2025 06:40:57 -0800
X-Gm-Features: Ac12FXz8k3hOm1aQzCTXC4YrACjPL-5CqRLltHV5iP_2dowAl2gbE8YWE6pWDjk
Message-ID: <CAOgPGoAnDqhsd3X26UpdzjBBc5McijRD7c82PHpCCJ=vYVG0Xg@mail.gmail.com>
To: TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ce6af9063cb8d864"
Message-ID-Hash: XPQU6YNBEE52J5T56UGPNYVCR42CTBCR
X-Message-ID-Hash: XPQU6YNBEE52J5T56UGPNYVCR42CTBCR
X-MailFrom: joe@salowey.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YQ3ju1KXzwrT1T2U4ny8YK-ZmU0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks to everyone who participated in this call.  While we had more people
respond to this call than the previous one, however, the ratio of the pros
and cons was similar making the consensus rough.  The lack of a motivating
use case was a common reason for being against adoption. The chairs feel
that the following is the best approach to move forward:

Adopt the draft and park it until there is sufficient external interest to
publish it such as usage in another standard or a groundswell of
significant implementations. Adoption turns control of the document to the
working group which can then put appropriate disclaimers on its use and a
RFC would not be published without a driving use case. While this is not
the normal process for the working group there have been instances in the
past to hold a document such as for TLS hybrid key exchange and ECH.

We realize that this is not ideal for either side of the issue, but we feel
this approach meets the needs of both parts of the community.

Thanks,

Joe, Sean, and Deirdre


On Mon, Jul 14, 2025 at 2:06 PM  Sean Turner <sean@sn3rd.com> wrote:

> We kicked off an adoption call for Use of SLH-DSA in TLS 1.3; see [0]. We
> called consensus [1], and that decision was appealed. We have reviewed the
> messages and agree that we need to redo the adoption call to get more input.
>
> What appears to be the most common concern, which we will take from Panos'
> email, is that "SLH-DSA sigs are too large and slow for general use in TLS
> 1.3 applications". One way to address this concern is to add an
> applicablity statement to address this point. We would like to propose that
> this (or something close to this) be added to the I-D:
>
> Applications that use SLH-DSA need to be aware that the signatures sizes
> are large; the signature sizes for the cipher suites specified herein range
> from 7,856 to 49,856 bytes. Likewise, the cipher suites are considered
> slow. While these costs might be amoritized over the cost of a long lived
> connection, the cipher suites specified herein are not considered for
> general use in TLS 1.3.
>
> With this addition in mind, we would like to start another WG adoption
> call for draft-reddy-tls-slhdsa. If you support adoption with the above
> text (or something similar) and are willing to review and contribute text,
> please send a message to the list. If you do not support adoption of this
> draft with the above text (or something similar), please send a message to
> the list and indicate why. This call will close at 2359 UTC on 28 July 2025.
>
> Cheers,
> Deirdre, Joe, and Sean
>
> [0] https://mailarchive.ietf.org/arch/msg/tls/o4KnXjI-OpuHPcB33e8e78rACb0/
> [1] https://mailarchive.ietf.org/arch/msg/tls/hhLtBBctK5em6l82m7rgM6_hefo/
> [2] https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status