IETF Logo Mail Archive

[TLS] Re: [EXT] Re: ML-DSA in TLS

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 24 November 2024 15:59 UTC

Return-Path: <prvs=305838ca27=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA16AC151522 for <tls@ietfa.amsl.com>; Sun, 24 Nov 2024 07:59:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYJW6Mbhnv1g for <tls@ietfa.amsl.com>; Sun, 24 Nov 2024 07:58:59 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) by ietfa.amsl.com (Postfix) with ESMTP id A62BCC14CF0D for <tls@ietf.org>; Sun, 24 Nov 2024 07:58:58 -0800 (PST)
Received: from LLEX2019-02.mitll.ad.local (llex2019-02.llan.ll.mit.edu [172.25.4.98]) by MX3.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 4AOFv8dF064200 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <tls@ietf.org>; Sun, 24 Nov 2024 10:57:08 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=gAuXo7/BGqoals4MRYJXlb+kITHk2kqGbJX68qd5r1mMcjOpX7V+1dfMr8xyNE5ft4rwj75TBf6josaqUkhGRqZSXHfBQrVawwePVZfv5Nc3yR0HxBudmbHCHTEhpCnITcpiN+Jco6KKb1RXj2iaPvSFXZ+BdXlrlyCJrwGdMiricJL62VBQ+xEIFr+ebIXvcA8enLNJ4EelmhNZ7L1YU7rspdhcsF7WUek0jUYX6WNfIdEKNdb6GcPcbGDLGUSQrtCLetMPTb9bdx6jZHu0cimR8BrG08eM25n3es2S4GCwdU+s6WbmpjYpNoVaDqtlGi2kfLVJlBbZz5AjcYXsRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wsQ7lCBDFfrne7LDK4j7o815vIV5IsHG1Wh0qN3q/i8=; b=Xy225Rsz8zl7+eJGoq75iB6YRujrNFtWN5O4spwuqcz/1rU4ji/uw0Ly37DbFoHbGue65y1z33Pq1T0H19H+GpLKBZavy9CLKSVgfsBK71ZG/eNNU0vWkaLPj00Ceh7G8ioT7R45YeLb/HXt3FQjwllSM/jLikPlhhcz1iE0k569rGkH/5nG7jZ2L7whKZN9RD1Dct4UhBJPOm+qTOX0Fnfkm851IPo6Sm2Ld2Wc/i1+wF+puY05KRmJTqpGV854qPJOXcL9QyXRNm1KFKslGaDTUzGXBIe3Xw6xIeKImSus1OLx7woid+NKHhmazBg5wW7D25otC6q0qh9aTcxJYQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: [EXT] Re: ML-DSA in TLS
Thread-Index: AQHbPFaFDvdNSwGEEUy91G+79jFaGbLCSB+QgAGGNYCAAqmYFYAAHusAgAACEzI=
Date: Sun, 24 Nov 2024 15:57:57 +0000
Message-ID: <BN0P110MB141956A14F67C282A3F0F86E902DA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <BN0P110MB14195DA107D02E328FDDF274902DA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <20241124154434.733721.qmail@cr.yp.to>
In-Reply-To: <20241124154434.733721.qmail@cr.yp.to>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1032:EE_
x-ms-office365-filtering-correlation-id: cb88d057-e188-4be4-6d2e-08dd0ca0c3ec
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|8096899003|38070700018;
x-microsoft-antispam-message-info: v1yW744GQXITSn8s2gWZ//5FPPyy/EG3BqRwktFGqrVMIraGVoH4jtCdGRkW7hnjnCwPPPg5U34rTAIJJP1pBjcaXAcCOF4nZwypwib/4Du5Zufdbm/WjYy+it3C2zDM71Gy0oyhtIMVp10PfFEBCUNZnKCrSBacLskaf3MWmqiYQZ5EUjP31Lrj7NXQOJVKvmR/yCyAVHBw+OwX/6gUsPe+GPe9ApHFpwFRfjXuSG8xlJ8g0e0K0UbQzwJI18e9VAxrWpx2wLpZ1oyI2cCDVbG//JhFW2QBd0QUj0U9inIY3v3nvl6wCjOMUbdaYonB6YkzKcKVXsHDRPlB0GDvH7ST8BFUbo8TATH86jM7JxJ2+ZoYV6pobi+Ha+W/UcJoqRsaEo4YJflyWTw62c+YghD3+U4kGwYizS5PYvA6Hs4y+hO3F9ZP6BMPB9UxFK7x7Fc18kQyyz4Y+EiyglGEwmInasFPAG74EUeRAxAKV5z435c2j8kO1kLgWMZPLGVbkMux061qTrMOT8fm1b2pzGDp8dBV03jcFtLNF2zv24iA+5AsSM0Zpf3iw3ZZFimTg1cigZcIQfoLNMQAdTeyAaYJU542OkMMA5dkQwWjzVf9AwzCiAkuXQQWVilrvAmzX015Q2SwbHG9NGROIOXVWlJhPYXSw4VJFTxAm3WUwDiZ/tkXJSVT7r4U1UCu98lJDyI3HIem7jDwO4f7r7CQ13hnvYBObIUXZj4NVryR158kgweoJHj8sKmviDEGkDdlCO0n687h36CCKnrScYcsAHqHEqpTSz1niLB4Nq5FKaFRMVz53k3ep34a/P8iki8ihjSykm/j5eC2kFUme/ECuYlM0t7NpZZRcKG6hzH1UZZTIS95EzgMRBmpCRuL35YLaesQf5a/bLXTvAIRJybp7xbLizq6D4xOlC0BIF7OYbjndCPawLBRuHoeJfBCdTVvmft0yS7pUnPgi0z1OzwplGFrIvvqBbxmoHDX1Lzan0JPLDmjHnazfumcs4ns4XUbxD2re6zT/3wrmTzhP5sNCC9cJZEP/N8Ck9eO2b3/uxRQiQdepPJkNaWwH4mXFeWvyUy/mYbXz39CXNbwZjT6rWLtuHWJYhy4b1+37u2HFnXLBlF/QR5Ys80LKT6NNdLUenwrZxXzjkGzBVwCmhtjReYQfxOvtGSePp9rn8cVDxdtnUbeAM0fXhk4vojUlaBo3vBEfCuV2VnTMoe1HYlA8tbVXLT59dmF3Gdygr6WkObND9lnOnOIrfRRSq6Yb5eFSQ4ptKyCBTI4Pc/tzdZoCAm7oTsP/d7uFSLaDwk/TPvUQ5a3bPOwwi5JwIeSmzXIjiSVgJ8t00mc+CgJ7eK3pQXSzToJWWmLy0kiCS7zMx8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ixHt3YNHmtCFqqDbHM8rvZtL6ttdYLAI+H+jn1FJNcjNdfeWFFaEsrYWPp4gs7Q0vT40XIbgzLw3OPZtAlp89tLlHkSLI0F6u692SyjTk3/PwFEOmOd9c3t0k9/6+Ua0tGZXkpCe6iTSkT5DpDOr99OFGJYaEcaOZDcpt85sn3O1Ix4c54UjoJwjsmeepN5tgZ2JrQoA9JAqm84HUfHDnXvMMls8uJpsNBU0m6ar61z4KkTgfXWQznWlvx+qQ7vCcU9ZwQdLULTEAusqQYTPQ77ikd0athLwekSiaeDj3VNbOWbW9oJjl+ZjcHm1Q9MBrAerLQhZFe0xxswvU7iAceQujlhx7kCKfPIwnBXOx+1Yxe1VU8tqjeiNj9Q8pWRu4Xthn+he4hAqS7gc9QBecGFUhXPxOgYSBBtxH+s6aYr3QIRgKF0HWnvsX7kN6A6gypGiwJPeFiTNv3hZZHInJSm0OeJl/9gQv+ZOVXKXegHn/av+tNLHyD8GpwYrkK2qrjmiimSWa0CA1BkzYsxdyq2OqgxNWUQoOc7JL2vpB0FFdDDmwPVQum6OYODVxTa6DbEGhk7Y58drqRSjUrLqP3/oqMTGZ4FB/GC42PXZgti6qiyeA2eaQYHg5MuV4VMOJ2B9au9tUIEY5dh9ffX+HB1MX8/mEwd6SYqDOzzDVfmQhl3Rg3w89aUGbcVdE53oYOFSKZvgpx38WuyH/hj5tftkZLFG1UDXEKh00wm3TD6h1PYa5mQdWduDcI8NbMIn2HNY10jK17rhJCOYYpRdRuondfxRG0robwQipLaijRJYlyFoqHh7bIir/YIgGxoMhNV7uwlHg8MFmFNdv2K04zA/BsclEE/m9S6vPzodHrI8zlSdKrZi5jwrwmXMU8q8SyiUQ1qQrk5Qn4sCz1WTfouNK3woiG2mU4wgBsJHjv3fiP4194oW+mtHzRgEVLXl4kFy4dbPNTmq02Kb1BeuOQNTIqRp/PruMjqMfIbCT4g2ztuI0EcAe2dFQBcWdPM7Rulon2Zz0hC+BAxgvUGbumIWyG/EhhSA1VQn4XzAhN0FX16pA9qtu3jjS8kukm8XQbnqk37b5IxAPU/gGqAKt4KjnDteuBbNAmTPOmMmbQY9CoVv6NYHgSBfTqyFF5hzfJE1+VY1Xg7uQGJd9kWdMgiT5w5UpBIYmDGWZM9jtpLySeLjDzccV1zxBj+xdMv70uYh5CryjRCUSkMKpghZq0tk1UhDqPPTugKqvl6/qkiXBGMc0pWa7rhkcMCScODsbtteFfYqAXA1R/xfTcUSagSnklPOlc3mT+UyLHwn66m3i4SlCQDq66FcNRyTAff3vpCZueeaBIb+Jj1awnmACjbkxkt0RTepPSbceVl+a9PJzdXvCSaMKZy2Rjatv4YG1xE5Bh/8BMB1lypjKNuS+tWiQqW67YEKThff5gG+YOoBcsVyPPf1bbUtIoSdz+3evoqq4bifTQPmrR+yzjYnSic22/IyFI07+JFP1dBT4bciVhw8zaVlEfgjSGxrigOf
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_4ADA1BDB-3D46-AE45-8912-B18C1DD9B779_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: cb88d057-e188-4be4-6d2e-08dd0ca0c3ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2024 15:57:57.7392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1032
X-Proofpoint-ORIG-GUID: hFL1a-Syr8sXCRBSAxWHAwBcax4ZW1p9
X-Proofpoint-GUID: hFL1a-Syr8sXCRBSAxWHAwBcax4ZW1p9
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-11-24_14,2024-11-21_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 malwarescore=0 phishscore=0 bulkscore=0 mlxscore=0 spamscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2409260000 definitions=main-2411240139
Message-ID-Hash: 66LSR6MRLXIVLTZMIB7FOLWRQNRN5C5D
X-Message-ID-Hash: 66LSR6MRLXIVLTZMIB7FOLWRQNRN5C5D
X-MailFrom: prvs=305838ca27=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: ML-DSA in TLS
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aHC8Roef-6BY0PRt83g2AqO2Vr0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> [ regarding encryption vs. signatures: ]
>> There’s no damage possible (at least, in the TLS context) caused by PQ
>> DSA break
>
> Not true. I already explained what's wrong with this argument:
> https://mailarchive.ietf.org/arch/msg/tls/77uUYhGJYNVQIp9heMY9bkbKbaA/ <https://mailarchive.ietf.org/arch/msg/tls/77uUYhGJYNVQIp9heMY9bkbKbaA/>


Sorry, I can’t accept the answer you’re giving. Your argument basically is comprised of two parts: 

1. If a PQ DSA break happens, reverting back to ECC would take time, and 
2. A PQ attack may not come to public attention (for some time?), leaving people with (only) PQ vulnerable. 
To (1) – then don’t move to PQ DSA until either CRQC is announced, or you’re certain “enough” (in whatever is your definition of “enough”) that PQ DSA is strong/resilient “enough”. 
To (2) – what makes you think there’s no ECC attack that simply hasn’t been announced yet? Perhaps, your whole reliance on ECC is misplaced?

v2.40.4 | Report a Bug | By Email | System Status