IETF Logo Mail Archive

[TLS] Re: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt

Filippo Valsorda <filippo@ml.filippo.io> Tue, 18 March 2025 13:27 UTC

Return-Path: <filippo@ml.filippo.io>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 57D7EDED773 for <tls@mail2.ietf.org>; Tue, 18 Mar 2025 06:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=filippo.io header.b="JnIp8IXE"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="JXslzUS5"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6CwaPW-fQa9j for <tls@mail2.ietf.org>; Tue, 18 Mar 2025 06:27:40 -0700 (PDT)
Received: from fhigh-b2-smtp.messagingengine.com (fhigh-b2-smtp.messagingengine.com [202.12.124.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1F006DED769 for <tls@ietf.org>; Tue, 18 Mar 2025 06:27:40 -0700 (PDT)
Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id B1D072540103 for <tls@ietf.org>; Tue, 18 Mar 2025 09:27:39 -0400 (EDT)
Received: from phl-imap-13 ([10.202.2.103]) by phl-compute-11.internal (MEProxy); Tue, 18 Mar 2025 09:27:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=filippo.io; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1742304459; x=1742390859; bh=pz2aiHOiP8 cxYO/r0NUawtSjbUp592N9C5opQoRtqi0=; b=JnIp8IXEtFdtx78Jk85S5/sOuk SdPYO3WN86/emIlybgyX+OjvEw1IKu84hHiG5MY8ejOh5cvkMviiZbbZ4XBjMXji WX3XtK12pbPaEcUhCa0JI+a+lQ0EdwEbFrkMcJ6bQMd1OjzcMa8SUB2u44sUHkBv d/QZ30ES4wIz9ataGn4OvUGjxTSoZ/pRGGxqUmZzkMpO9j+IUDSSqxCZ1Tkd5Zri ADKhjTTFwFwORgyErWTHAf/fP4sNV+G3W1gKaUWMF9vzCAB8ML9uwt9V5r1FgCzu kgJMhvCvqZOAyXg9syWR63ZAbp0CAOfYs9jSVaK+j1zt882PISMbMw3hYEsA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1742304459; x=1742390859; bh=pz2aiHOiP8cxYO/r0NUawtSjbUp592N9C5o pQoRtqi0=; b=JXslzUS5k82wG9A2Yf5oZ3CD+wo7ixw2RNW7lmYk16QfipMjgXo YyVaRtcAScd8jLIm785GfT07nXz0es/aLpNRQWEZiJG7ihSgQcmpEJJ+BC7OBK38 Km3bGn1MycV4nvDMdb2Ed+MBgX9CChI8dxvi+SmH6E3wjX+OiCink5fwzFkxxieI u83Qkof2wNh7bV6HGlVWU6B/NGMOELlwopJK4bZrZOs7ARhNm8ypJC3zfpFvgpUr g6oAdmb4IBtHOeoc1ceaAIPJBS7OPnmBDXSB0kZUR7kdYUy1Toaz7vQqLs/AeIgd TqIl74L2kNgmel+itdazSwvDnCUOm8jQsjg==
X-ME-Sender: <xms:y3TZZ95-93JIY5e4gF6S1uj_d4IWZliLHjCoap3_1fkOO0iEUnzLJA> <xme:y3TZZ66U-g_E-zKzUUSBr6xyNnAo3Zd31CzlhesYyMXbwvdRorwjAzqoLZNqiZEw9 fNRK9TDtkU9ikNeAQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddugedvheeiucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefogg ffhffvkfgjfhfutgesrgdtreerredttdenucfhrhhomhepfdfhihhlihhpphhoucggrghl shhorhgurgdfuceofhhilhhiphhpohesmhhlrdhfihhlihhpphhordhioheqnecuggftrf grthhtvghrnhepjeefudekffdtvdefhffhledvhedtledvudeljeeukeekgfekteegueev vddtteevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epfhhilhhiphhpohesmhhlrdhfihhlihhpphhordhiohdpnhgspghrtghpthhtohepuddp mhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepthhlshesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:y3TZZ0f6DdsaZdokrGn5N_oDaM9QK4oT4NDIA9yc33jCo12M3PKazQ> <xmx:y3TZZ2LGJmTGVva1nbTrHNK5IsTAIsadQ4jMpjZTsSCgo0hhJG8YPg> <xmx:y3TZZxJIWpU6PIFMJ2PZsPtwf9vrXsmry_q1TrlByJnvGx_CiSbJRQ> <xmx:y3TZZ_x3r0Gt8ADOjBP7k8_SWkr9yb-CeAlJUrn0PArRn513seTdXg> <xmx:y3TZZzx5z1iYAkRHq60Gew-GLrTura0gcU_kMN-cfCZsTb4ofpAYuWHZ>
Feedback-ID: i2e91459c:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 370051F00082; Tue, 18 Mar 2025 09:27:39 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T5ac5a1335b984e2a
Date: Tue, 18 Mar 2025 14:27:04 +0100
From: Filippo Valsorda <filippo@ml.filippo.io>
To: tls@ietf.org
Message-Id: <4192466f-5ee3-4de6-aeb7-9ca263c855bb@app.fastmail.com>
In-Reply-To: <Z9luzuI4d1xIgxon@chardros.imrryr.org>
References: <GVXPR07MB9678E29CF1D00E59164EB89089D72@GVXPR07MB9678.eurprd07.prod.outlook.com> <85F8F286-84E1-4570-8248-7C9A17F68E34@amongbytes.com> <Z9luzuI4d1xIgxon@chardros.imrryr.org>
Content-Type: multipart/alternative; boundary="b2aa8b6ef7104cbf944d92b571204ac1"
Message-ID-Hash: CPRGPKTBEVDIJMVN4QOZK4SZBEWAZGBQ
X-Message-ID-Hash: CPRGPKTBEVDIJMVN4QOZK4SZBEWAZGBQ
X-MailFrom: filippo@ml.filippo.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bKMgeUmn3IYUn0T3uqAE5T8bkAs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I supported and support prohibiting key reuse, and seem to remember multiple other supporting voices not named John. My impression (which could be mistaken because these debates are really painful to keep track of) is actually that objections are in the rough, if we count From headers rather than Message-ID headers.

Yes, there is no protocol police, and implementations feeling the Need for Speed might still do reuse. They might also use all zeroes in place of random bytes, since memset is faster than any DRBG! It's also easier. The good news is that we won't have to waste time thinking about how reuse-based attacks might apply to compliant implementations.

v2.30.2 | Report a Bug | By Email | System Status