Re: [TLS] Before we PQC... Re: PQC key exchange sizes
"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Sun, 07 August 2022 20:58 UTC
Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33C74C159483 for <tls@ietfa.amsl.com>; Sun, 7 Aug 2022 13:58:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.626
X-Spam-Level:
X-Spam-Status: No, score=-14.626 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=PVvDZZIv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=QkIjIpMx
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ybNkYzObvED for <tls@ietfa.amsl.com>; Sun, 7 Aug 2022 13:58:50 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9737FC14CF13 for <tls@ietf.org>; Sun, 7 Aug 2022 13:58:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4000; q=dns/txt; s=iport; t=1659905930; x=1661115530; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=OCZf7cLGQa5SF165sQ3Wx75PhcgnVHgYAoFDjOVbsMI=; b=PVvDZZIvvVqnGDHdIqmItpm1Bv9/NiNpRA9STvTtxpKeyMkegvjG/xqe oRqqp8qyj+gixO8W2/tEQBlKKHI586ufXTlTjo6Uwf66k8+N/wwla8WG9 2J58kgHDc6RrcVFbk3+8Y86B9wugUiZzy6x263jxF+tSpGd0w1sQHQfij I=;
IronPort-PHdr: A9a23:hkNoWxel+3k/K56JMBqHO/aqlGM/tYqcDmcuAtIPh7FPd/Gl+JLvdAza6O52hVDEFYPc97pfiuXQvqyhPA5I4ZuIvH0YNpAZURgDhJYamgU6C5uDDkv2ZPfhcy09GpFEU1lot3G2OERYAoDwfVrX93az9jUVXB74MFkdGw==
IronPort-Data: A9a23:ecyhj6I9jGZfv3ZbFE+R6pclxSXFcZb7ZxGr2PjKsXjdYENS0TNWyjBJXWqDMvyCNjenKdhyOY7i8UsEsZXczIVgSVQd+CA2RRqmiyZq6fd1j6vI0qj7wvTrFCqL1O1DLIiZRCwIZiWE/E31b+G/9SAUOZygH9IQNsaVYkideic8IMsRoUoLd98R2uaEs/Dga+++kYuaT/nkBbOQ82Uc3lT4RE60gEgHUPza4Fv0t7GlDBxBlAe2e3I9VPrzKUwtRkYUTLW4HsbiLwrC5Li9+mWc9BA3B5b8yvDwc1YBRfjZOg3mZnh+Avf5xEMc4HVplP9gbpLwam8P49mNt8t/zMhNr5GqYQwoJabL3u8aVnG0FgknZfAYqO+ZeCHh2SCU5wicG5f2+N1yCFoePIAE9KBwG24m3f0VND4lbhmHg+uzyru4R/MqjcMmROH2JoI3vnUmyDDFS/sqXPj+rw/ijTND9D40gsYLFvHEao9AMXxkbQ/LZFtEPVJ/NX73p8/w7lGXTtGSgAv9SXIL3lXu
IronPort-HdrOrdr: A9a23:TYMOAKFWjotMxbZtpLqFXJHXdLJyesId70hD6qkvc3Jom52j+PxGws526fatskdsZJkh8erwXJVoMkmsiqKdhrNhcYtKPTOW9VdASbsC0WKM+UyZJ8STzJ8+6U4kSdkCNDSSNyk0sS+Z2njCLz9I+rDum8rE5Za8854ud3ARV0gK1XYfNu/vKDwOeOAwP+teKHPz3LsjmxOQPVAsKuirDHgMWObO4/fRkoj9XBIADxk7rCGTkDKB8tfBYlal9yZbdwkK7aYp8GDDnQC8zL6kqeuHxhjV0HKWx4hKmeHm1sBICKW3+4kow3TX+0aVjbZaKv+/VQMO0aSSAZER4Z3xSiIbTodOArXqDyaISFXWqk/dOX0VmgHfIBej8AreSIrCNWsH4w4rv/MDTvMfgHBQ5O2UmZg7r16xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuIIO5gLZvin+9Kq1wVR7S+cQiCq1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm1kxR3g8d3ogSj30A/JUyR91N4PnFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XX50vKjbIsdr68b817OaldNgBy4Yzgo3IVBdCuWs7ayvVeLqzNV1wg2TwqUmGLEbQI5tllutEU5XHNc/WDRE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A7BgAHbIJi/4QNJK1aDnuBT4FSUgd1WjlDhE6DTAOFMYUJgwIDmziBLIElA1QLAQEBDQEBQgQBAYUCAhaFKAIlNAkOAQIEAQEBEgEBBQEBAQIBBwSBCROFaA2GQgEBAQECARIREQwBASoKAwELBAIBCBEEAQEDAhQSAgICMBUICAIEAQ0FCBqFPwMNJAGfdQGBPgKKH3qBMYEBgggBAQYEBIUNGII4CYEQLIMUhCmDCIQbJxyBSUSBFUOCZz6ERk2DBzeCLpVKHTsDVIEFEoEhcQEIBgYHCgUyBgIMGBQEAhMSUx4CEwwKHA5UGQwPAxIDEQEHAgsSCBUsCAMCAwgDAgMjCwIDGAkHCgMdCAocEhAUAgQTHwsIAxofLQkCBA4DQwgLCgMRBAMTGAsWCBAEBgMJLw0oCwMFDw8BBgMGAgUFAQMgAxQDBScHAyEHCyYNDQQcBx0DAwUmAwICGwcCAgMCBhcGAgJxCigNCAQIBBweJRMFAgcxBQQvAh4EBQYRCQIWAgYEBQIEBBYCAhIIAggnGwcWNhkBBV0GCwkjHCwLBgUGFgMmJysFBB8BG5Z2Zgg8KhuBUIEPljqqfAqDTKAmFahXlmYgpl4CBAIEBQIOAQEGgWE8gVlwFYMjURkPVo1WFoNQihlFdTsCBgsBAQMJjniCIgEB
X-IronPort-AV: E=Sophos;i="5.91,230,1647302400"; d="scan'208";a="1056886116"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Aug 2022 20:58:49 +0000
Received: from mail.cisco.com (xfe-aln-002.cisco.com [173.37.135.122]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 277KwnIH014619 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Sun, 7 Aug 2022 20:58:49 GMT
Received: from xfe-rtp-004.cisco.com (64.101.210.234) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Sun, 7 Aug 2022 15:58:49 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-004.cisco.com (64.101.210.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Sun, 7 Aug 2022 16:58:48 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Eqa0Efwqcqh6Ai4JiUAFhR2fkhtwyrtXB1mF8HoNcHEgOfP1R5PdSR9PK845D6HjXOTHR4XMLl+ogmseXAZ3G8kXeoidR2emHStyuF6/wQjo+fyAfXwI28mjBsBdufrqqrGC//DrRZaKYTW/GmTADYUwsjNgDW5F8CgXWfszPhkjXDM/kBO9kyQ6spxIWFm0jrpplJDDvAw557lBj8It/jjsVVaOrSBKgCDOB7fNk7ci1aj9NuZzGhon8wUeLMW/+GXHQE+aIPG/t+PVR0U53tvDknijp9aNsIlYweIFLdFIYnwaQiAwKv+b/7yrH3DBuOWDp9CyjzV8eDzz+uK3ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OCZf7cLGQa5SF165sQ3Wx75PhcgnVHgYAoFDjOVbsMI=; b=Wa7XeXhd7j7mwLnvQVI6ht5PdYDYW+t58KMhNaC0aUQdtWHW0oIqMVM/320WdJmMaIliaJJyKB+tXJaFzSAVoQvNEOo+5YLVc6BSeOrIxZx/tjiehPhuyFbdDeE0zs6ioBN/q3Cdkmjxe6G1RPotQs6U51k6p4CTWvwOaCi3LhGuSfT356MJp5DB/c02ZB3tD6jMojyaZV68nzEcNKGUJMyuIwdrdQU8BmugyZyBcLKkJUi95LtM9ucPY35NiHeNsCB634tXLaee38zaCj3VR3ANq6RHbtJr4jyUUuwAlvM4INS+qvuYhqeL9nbr5vW6TFYb6JT+2TcvI4aSpPGRZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OCZf7cLGQa5SF165sQ3Wx75PhcgnVHgYAoFDjOVbsMI=; b=QkIjIpMxWxORBkZunuDMZ/acKGxUvz0HDCCQ/bEx0UKWC9ULb6CC8XhdKF8XIqF8zPMK0IK2sOTgBul919v7duGQyhSQHcYvrX0tLEsBaHZWgw9b3u2vVwsiph/vzF8+zn1uGPMt51776vC2pkY5qVc28Y1gC+F5R88rqxv3m+U=
Received: from DM4PR11MB5455.namprd11.prod.outlook.com (2603:10b6:5:39b::14) by DM6PR11MB2969.namprd11.prod.outlook.com (2603:10b6:5:70::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Sun, 7 Aug 2022 20:58:47 +0000
Received: from DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::5164:633:4152:fc86]) by DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::5164:633:4152:fc86%8]) with mapi id 15.20.5504.020; Sun, 7 Aug 2022 20:58:47 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Phillip Hallam-Baker <ietf@hallambaker.com>
CC: "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Before we PQC... Re: PQC key exchange sizes
Thread-Index: AQHYqRUdrjlws7yZrE+UA0hX8n6wgq2hAS+AgAAhngCAADIuAIAAYHmAgABkTACAAPl4gIAAmbgAgAAH/4CAADM7wA==
Date: Sun, 07 Aug 2022 20:58:46 +0000
Message-ID: <DM4PR11MB545560CE4F54D5B9B3455BBFC1609@DM4PR11MB5455.namprd11.prod.outlook.com>
References: <CABzBS7nsbEhR-bmHG_ViSJFSH-0_5p0O3vKndS4+wFR=iGQzhw@mail.gmail.com> <CAMm+LwgAzb4t=awzpU4Sb5j7Bf6DuR3u+23n+h_C3Pnsin-SHg@mail.gmail.com> <8383756C-5595-4028-9E5E-8B758147ED33@ll.mit.edu> <CAMm+LwgHNL_aHqK+TbdBf=xJBPftjkXL_=isXUJB+mbiUc7_Lw@mail.gmail.com> <58778bee-ccd8-3b6b-cdf3-7392cd6f3187@riseup.net> <CAChr6SxXVzKptFzDEczOUzVf+LGSNxY=rk45DgXceg_anA_SPQ@mail.gmail.com> <20220806051541.GQ3579@akamai.com> <CAChr6Sy3vGbcDCDXWOGNwLQgwZZG_z3HTSgz54Ch2_vurF++RA@mail.gmail.com> <CAMm+Lwj19zmbPo+53Zk8m3AOWPGF8mhyB9SPTVP7mP0DsWpPzQ@mail.gmail.com> <SY4PR01MB62514622B4DE2AF47F1B1DD2EE609@SY4PR01MB6251.ausprd01.prod.outlook.com> <CAMm+LwhdxdWJsqCW295Byu1OFDqbTnJR91MFdBHAY6tkk59Jag@mail.gmail.com> <795BED30-B499-4E64-915F-4317C629E908@ll.mit.edu>
In-Reply-To: <795BED30-B499-4E64-915F-4317C629E908@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 03acec2f-aa70-4059-bd57-08da78b79f2e
x-ms-traffictypediagnostic: DM6PR11MB2969:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: l1GaBHVciIDAR3xDdUW2qceF8GRnP6STEAWhYorfItYwlQZyd3kx2wUsOLHx33afzrutfJZh8FBayzlYm3civxZNkz6aXBp3TUoKE3sE1AYs+IPunFe7vISNwgmKG705bfftaI+/UQii4XccUxROgBLnll4kBMQSd3iwfH2SiPW4hJYNwAwRJYvqajSpa3F4z13xf6VNHA3U51UR5aUgh9EjO4efsG1c1frbMeQuBgG2cnWN1v7xbVEj23VKzjvO7CZM5VpsKpbKtOS7JG3TxEa9tvZ2gNx0uXz/xonBinlX1yKOuwEFXrMWGOqmyOemtNGvOjgrDnLjtPnV0AWGS7xCCC+VlZgJHdC0zSYftAGhQfqszsbgapk20tvEpx2yKJU5JwXgh8xyHpJlDVx+IUPFEOqv9XTeX7Onp1cvUjjhWGi/28hcRPpLFQm1uKoyAvyIlUqKyCbJheXjOF3MWeyLguHcsx71R7FdVQ2Rd2YsUGd3AMNwXKpUGYbuTjqJj2TG5QkUq4LmhchySx3b2ArCTo39/LfR51Gzfj9nW/pw44Piix+etuLl21jxZt/w9+KYV3Xte0eW/SZPFTOnH+QC2/a5Ib/qzQMu9dhzJT7euV3k0fVN1cbCNxgWhCaTFjPn8SYWRWlREd2KMcF77za2Mnvw5aIrfDvp63mboDRYBsB/beHf8doc+b3SBw6fSigxMULPqm/p7aj6CZ22GJwG5OQRlqjqyFVvFyGGIH9S7UxM+GIk2gpwvcrVo8wpJNDUGVpjWSMyOIsb3KKEg1y0MDgLmjjjOR8GwlC3EZOskQ4T6Zxfd08bAi1noycC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR11MB5455.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(110136005)(83380400001)(71200400001)(316002)(186003)(41300700001)(53546011)(9686003)(86362001)(7696005)(26005)(6506007)(478600001)(55016003)(8936002)(52536014)(5660300002)(38100700002)(2906002)(76116006)(33656002)(66476007)(66446008)(66946007)(66556008)(64756008)(38070700005)(8676002)(4326008)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /NmH98yqCC1g4V5b6fODwJqZuC0AQ9uW1uICO9HJPZPD27fhrWjqn5OPqVZoFkVy6t6a4cesyB17asy0Ed7dOmiSKk1CDRtU4Diu3/cnS1TE3+W2DYaIq819jDbOhBponwf9njQLHk8Ct72Cxi5HtaxKwaKoQp0kJSSP3d68Nu+J113+LLAXdL2ekMDoRJm+fFuX/RMcEu9WlNJEZ8GF8bN0ovgASfcBAHNJOAq0Wy7lHy2eXE4L6E1BeN7io//SUGSKG3gZGMCvwm1BWNjeQwAjQwob3N5FIiLmshk/uljuTAwYWNiD3mbs1bxA1Q4MUcIT3sF0rt1ppueJIlyeKqUqSQAESqBB3NuRKi3KZFQyuxMWC+/4StX4DVaSMoKUomlk9VATVijddP4z5mYuUzidd+Aad/aBYrxEGS0SLIxcimbA6Wq2gYveef/RAYU7RvAXQCanZx5XDY7cWpIpEVtSqycGlNL+OMwHvGmJnBEz22BTaU1ATfYv587L1MfRiZLEj8yo5njsWD86RpvH070IL3MOpoZuCJBMQq5VA0XoYaFq/dcYLUj3xJ+13kngFv/6imc1z3hlXUZl9qNdJXSEqF3o3wjkz/2+7b3FNsSgSOn/LIaecZOPC2RQ/TnKK/b23weAPxIg1gnaHLqVBMSGv5pBQ37pCJX1W5HA+PKYO1x23amvcRfPFwLL7VUVaQIkRCu7mpy6YIMMtUDyWR3FrXNDYdxXzb9tCa98oTbzI8LS1u4TKcxz2UwvSL1OBzrGrP59Nm4n5KGBTL4huwL/iZR5Cs4Ts/t+CkP5H8NL+7uImcNfIQYroJwEgKvWN28tsREEvOPABokJzCknilvuiV7HAcTsfe+iWx0Ay6HaNHZTvJEbTLWTMIFkcYUsEuNxbbqJALgJHV/dudGL4/OZt5P5LQQ0nmqF29Yi8LDZ28F1YkDshelbVd5JZpwKYGFDCOyC9iCU0YpAEjKZeIFRNuiS+MxV9ql6PVNuPUNRpqV568c5F3/zgqkp7ElXUddUXjGDFtVgGnosw3LeOhYqiaUIeO8UkGsaxTkNGECWoYYsBqKWndSi/wSDfaL8np8vn7GN7Y9xXdHtL4Ze8/Us+4YaV3H9A1lQFVWW16xkef5zp57KjFpq50Um1ws4jscHiSxFzS3az+AOZp7yuQmYbIOvsebpvy4EOBBKinTg14baiKxDLX4/KQhg0y6Mmkj8QaWQ+eYlDm+U2XeTtxk6pFAnO1ovT3Rnbpgl96kacZY0mnr0ksiqTGDWdUY0tKUk3iDtDsc6QWVqey+0S9Z2Om7iB1KDn5oLFDepWMBSx+4Jc8+ceGS4NvZhFMhBeVNFHlv704EcyuVOPtJ4Pmhd570EEqMUqJo3GTIaG2ebsOM4oj+GsaZgxJ85VsV6EV1izrd7gfKSX1rfTLxPGdjrYEyn7EoAhdSd1H8isGabWUsP5WamSWq9MQJDpLj/ndXvdsghfRaJwgiy7Uvw++blP3qkThWbmAO0VzNr/93dQzUY1moN5szUJW/NYHCr8J2TN3EG/poIuTzLMbnyuCn0iqXBH7yYNHnjA2mHdabeTpMBBI/rQJIM56MSkM9e
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5455.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 03acec2f-aa70-4059-bd57-08da78b79f2e
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2022 20:58:47.0866 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: RupDU7DVZMFxO9q89Vwh8t83+bHYQagwM4QuDGaqfexpdJYDJf8yVljJiMccsO4fZLn+rcbXiK3ABZ4LCIEbNQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2969
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.122, xfe-aln-002.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/avrd2-Y7vHL_aEx_SmbFZn-McuY>
Subject: Re: [TLS] Before we PQC... Re: PQC key exchange sizes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2022 20:58:55 -0000
> -----Original Message----- > From: TLS <tls-bounces@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - > MITLL > Sent: Sunday, August 7, 2022 1:32 PM > To: Phillip Hallam-Baker <ietf@hallambaker.com> > Cc: TLS@ietf.org > Subject: Re: [TLS] Before we PQC... Re: PQC key exchange sizes > > > > I thought a Quantum Annoyance was someone who keeps banging on > about > > > imaginary attacks that don't exist as a means of avoiding having to > > > deal with actual attacks that have been happening for years without > being addressed. > > > > That is a little unfair but only a little. > > I don't think Quantum "Annoyance" makes any sense at all. It's only > annoying to implementers. Actually, we came up with the concept while evaluating PAKEs for the CFRG, and in the that context, it makes sense. For some PAKEs, if we assume that the adversary has the ability to compute one discrete log, all that would gain him is the ability to check of one particular password was being used for a recorded exchange (and hence if computing a discrete log is costly, which is likely to be the case for the first generation of Quantum Computers), you're still "mostly safe". In contrast, with other PAKEs, computing one discrete log would allow you to break any implementation of that PAKE parameter set globally - that is about is 'un-annoying' as you can possibly get. We say this disparity, and the term 'Quantum Annoyance' was coined to express it. Now, with key exchanges, it is somewhat less applicable. However, if computing a few thousand discrete logs allows you to put together a usable factor base, well, perhaps that would indicate that 'finite field DH with a common modulus' is less 'quantum annoying' (in the above sense) than (say) ECC... > > > I have seen references to a 'NIST' slide insisting that we should not > > use hybrid schemes and I completely disagree with them. (The above comment was by PHP) Hmmm, I had thought I tracked just about everything NIST said about postquantum, and I don't recall that. In any case, I don't believe that anyone is taking that advice; initially, just about everyone is suggesting to combine postquantum with classical (ECC or RSA). And, since this is the TLS working group, I would point out that the current TLS postquantum draft does do hybrid. > > > First, do no harm: At this point it is very clear that the risk of a > > Laptop on a Weekend breaking Kyber is rather higher than anyone > > building a QCC capable computer in the next decade. > > So, what is not going to happen is a system in which a break of Kyber > > results in a break of TLS. Again, that's why we're planning on hybrid; to break the privacy of TLS, you would need to break both Kyber (or NTRU; I'll spout off on that if you're interested) and (say) X25519. Hence, what we are proposing is no less secure than what we are currently doing now.
- [TLS] PQC key exchange sizes Thom Wiggers
- Re: [TLS] PQC key exchange sizes Ilari Liusvaara
- Re: [TLS] PQC key exchange sizes Stephen Farrell
- Re: [TLS] PQC key exchange sizes Martin Thomson
- Re: [TLS] PQC key exchange sizes Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] PQC key exchange sizes Martin Thomson
- Re: [TLS] PQC key exchange sizes Kampanakis, Panos
- Re: [TLS] PQC key exchange sizes Kampanakis, Panos
- Re: [TLS] PQC key exchange sizes Martin Thomson
- Re: [TLS] PQC key exchange sizes Ilari Liusvaara
- Re: [TLS] PQC key exchange sizes Kampanakis, Panos
- Re: [TLS] PQC key exchange sizes Bas Westerbaan
- Re: [TLS] PQC key exchange sizes Rob Sayre
- Re: [TLS] PQC key exchange sizes Sofía Celi
- [TLS] Before we PQC... Re: PQC key exchange sizes Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Sofía Celi
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Rob Sayre
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Scott Fluhrer (sfluhrer)
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Benjamin Kaduk
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Benjamin Kaduk
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Ilari Liusvaara
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Rob Sayre
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Benjamin Kaduk
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Rob Sayre
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Stephen Farrell
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Ilari Liusvaara
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Peter Gutmann
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Bas Westerbaan
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Sofía Celi
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Sofía Celi
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Sofía Celi
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Phillip Hallam-Baker
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Scott Fluhrer (sfluhrer)
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Rob Sayre
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Stephen Farrell
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Robert Relyea
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Rob Sayre
- Re: [TLS] Before we PQC... Re: PQC key exchange s… Thom Wiggers