IETF Logo Mail Archive

Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

John Mattsson <john.mattsson@ericsson.com> Thu, 11 May 2023 14:38 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26F59C05E037 for <tls@ietfa.amsl.com>; Thu, 11 May 2023 07:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XDNj2jT4VX2 for <tls@ietfa.amsl.com>; Thu, 11 May 2023 07:38:12 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on060a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::60a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3CC1C05E036 for <tls@ietf.org>; Thu, 11 May 2023 07:38:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QLv92X+BDt9vsKPCvqytMFz2UYTCsexq7p7+kPFaZO0OJkRct4CBHB7YEL9scHQb8P3tHNq7OG8+GLEiJFbIEhj4M6udZwq2BUMleW01seao4+8/9qp8oJwTQZqEncWPy/rFqoMp1ZXYZ9S3rMmOBmtGa+XKhLwEvxgcqFY1UKBSaBj8AAAg6zMK6iN6jM8IOVcgCsYn3szcrp20n/RIQcyl6rwA3akwA8ZfCZClx7ydufHoWKbT8NjmVCdCdDcxTLzlZAMnHwIv1LqEMHXgYka0MctUPZpjZ+Ms5jvpcm3jTqrsfNocV2yOKPfw/YVwJ+Xfx9QIwFjBuCCayn/w4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KaypVwuZEYg7dwmRBl7aDbjmMjfU8G2DtmhBgCHxzKg=; b=oBq3f+robJwpqO1nX+lgt7VK7hVHBMA7ruXkrFwWjjH7iy6X8xGiJpHv6TWLWFZItoGg0nkg5V0XAKu0jQPxGYfEGjpcFfy5/ELTGsJpPV9qge4NO5+6J8JtX6Y5VqfGrs5zwxzizq17Qy1OC419jxx4z8lwdVTnAMlU+foJxnYZCFxHP1vX21FvW0Xbc0pQ1NHzHMs00aBpyTYp4Ptuv+H62mQKW6yCmym02hmK2wpBfNqN/FEuehM//eD+Kda/wNy/2eTLTnHuSBbMz2w0h1foYfTvwjIz8jQ4uts10DRohh1kg7MnTmSYbgatq8dYnVitWQFQnby0hkrg1NR2ng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KaypVwuZEYg7dwmRBl7aDbjmMjfU8G2DtmhBgCHxzKg=; b=rflm2qb6nX5s1ewBtIvNTeR5iXBp6EO00YtvhkPETCtW3f32gteP5sq3oaTKzKfNV5tRTUMyV9pXG07LgHhKRLo8DMkCir1NllIZ32BgoF0+bh6HOsaX8y2OYDZhyJp+phCMi4pxXAXlPWn6wctHvQZjn1hBkC7eC1uYOrdqFoU=
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by AS8PR07MB8374.eurprd07.prod.outlook.com (2603:10a6:20b:445::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.20; Thu, 11 May 2023 14:38:06 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::47af:87d7:c8ce:1957%7]) with mapi id 15.20.6387.019; Thu, 11 May 2023 14:38:06 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Scott Fluhrer (sfluhrer)" <sfluhrer=40cisco.com@dmarc.ietf.org>, "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, Christopher Wood <caw@heapingbits.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
Thread-Index: AQHZYeDUmxEw/HfYYkCDVeGyOGiTW69FY1eAgA6+tYCAAUB3AIAAAgAAgAACAqI=
Date: Thu, 11 May 2023 14:38:06 +0000
Message-ID: <GVXPR07MB96783A8CC291DC4BB296E34D89749@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <FBE87FDA-A407-4DC8-A2E8-F39AB475C87B@heapingbits.net> <C446C65E-924F-4927-BF53-E0B13EFC4930@heapingbits.net> <CAMjbhoXYiX2AP9w6JvCRuhPSvuEEWjBbLJhwVAKZhOByOnfeXw@mail.gmail.com> <920f6d11f8994141a9fba472236e2988@amazon.com> <CH0PR11MB54444E0D1E41A52F1775FFFDC1749@CH0PR11MB5444.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB54444E0D1E41A52F1775FFFDC1749@CH0PR11MB5444.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|AS8PR07MB8374:EE_
x-ms-office365-filtering-correlation-id: 8084d90c-1923-4e7b-05ff-08db522d55ab
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vMMQ0UNyHRVuJ5pzW7ubtO+KYrZpwWKOJ7ds9PLUFwt84qHBN2kIwD/CTMw1juMBQ471yq+QE/h3qN3yGcbys1fVQWnIrRCHCD2sLPmphQ98yXB4b7N3mHShwkO42ajJnjVbMZXeP8mytP8tN95ifKs8MxdTMJ1dqTArRoxzhmmgWgidEnd91VtXW+Ab8a2CvMeEfU9qoqArxKgw0PWSdJoVsiXfUE629KiF6g/T37W/Nr9/VkAQ6+5AFNbul7VXC71od5UL4I62Vl8/YOO9UJyzqtt24/BuYeFZQnCTyn0JbOb4dNOR0cMbwaEj4wFd8KKfsHD9acGub9f+H0qTRBnzb0jrSEWvfd/5Oyt1iwGAu6u9kgxpAdXbqdP48FAKYtWNQv+OxH/C2T3udojG+4tDdnsIF4qUTHR/J1SIYiZ2AyS6JItK4Z7N9hzCXFFbc+1LZVJorHbJCsUU654L7qQURy7UTERYloPjSQWTmo+6mYeOdh+eiOxUtojU7WDEHcx0/NYfNDI4r190lPhgLzH6y5YbKtznzUJwo/mt/C8G02Ehmk28wNBdH91SyPyH9VQS+BfTdfuUgMIziH3Mr4agR8w6+oTMPaodU7hPbJmvOkq3Aks2JeNHodw1e+wB1Iof23y7lYw780ggh293BQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVXPR07MB9678.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(366004)(396003)(39860400002)(346002)(136003)(451199021)(38100700002)(122000001)(76116006)(8936002)(8676002)(110136005)(83380400001)(41300700001)(33656002)(66446008)(66476007)(4326008)(66556008)(64756008)(66946007)(316002)(44832011)(6506007)(9686003)(53546011)(26005)(55016003)(478600001)(186003)(2906002)(86362001)(82960400001)(71200400001)(38070700005)(7696005)(166002)(5660300002)(52536014)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eab2gtwlr2mDvpgMGao+y5rJm9hf1j81EGVMSVu9ckQ10aMVYFT/2AX3dcvDxroUSkPJEXknUBDjmGvqM634rc1xK7svaQzOJkTkU6wbGQO5OR98Lzg9mo0fjBz2AIQhA2cC87LBzUBMN6k+8Dej15YQYNy8wilG9FcDt2GZTzph5Ua+E6jonD2fUayx4KcOST7eAaNdoKe5NUbT3+iq5sgAPgkZ9O5sI6mgBF/IXfGQohJj4/R/DXAfzGVKBI+2/kmqhc96Y3yI9HzgsJyLhwpu0tpyvt61JZdo/2KTqaPJ/SxPTR0HUBU3rF//rHQpDbYDtdnQbCMUqzoWKPNk6+lQAIPid3BuKENFTH/AiLZnOuex6mSwluw8aw+kJ8VAcWftaU8wNj6hOSAn/InlsA26vHrcMoWY1WHf1i1HO3uh0CfueNwNXRT/1Lrf/HUsSfphFMMaA0xIEszKxSGS1BfUIaRw1sVINYBYtV4texqvf2pg/mTGN+Xg/2trZiGSmLe1E34OdP/SCK+lfZ3VOdNjG8AgbywF7wFTikEYBwfbRf6d+WAsswnOX3FRofLPNAd9Yepn3rMQ+3GtYaJGWN2HmEPdnoBtTZHZ0y+hBoej7NhTD9gFoQYCKxm6o9sHW0owP/78P1XNye6tasJlxKiJ2gSNBO+X6E8bOChNED0raPUavBkQBBnUDSEacB9y+49gWjzV4pFmUg60xD8Roq7TOsFjLC8joRBtPoj2X7Q8Hb8zargd/82QsDX9RGovVUVo++jH8nzpj219OJT8wNv3i+pZGZsp2p/cYm2jtfiHx1qHHGkjg9p1QfOxkyT+vLMtDR4bvV264U6WhG9wbIO3eZaitOvA9HLv78XtatEa9Gi4T7LUe2ygtm5V84kyxFSBkCZg7thq7QzwKMXIM7UOJf8RhuJUMbnBcihswyhf+I0tCBhMEwKI3NYOYU6kSotafCxBEtHWc+PnOhhM4/dGajb8iUOfah0DK1tYjsvVjGV7eSX9yZGuJIIkhZi/lwuefaUfj8+BGXxW1wK7xmT2Si8IXur/U3MCpDf6g6WNAMr9W0MwDL056dMA00xl3kwmqq4ffCHrXfKMSiKErqqIRgTnAnLD+p4PMluxSGZmhkGsXsEt9Vz/RggppM767Bc4tED+ayM1M0e8cFYuX1nvqQoa1cUlRiuP7thYrJGiJT/pRwyYpZ/ZCYwblIIHsnG3vWGgfhd7tifuyImzf9UeizBI4gyGOLytfcVT2wbBcvpsiKNTR09nwhd1DmedagA1kVkdp21dLRyUVdM7n8EJcBKfQOOBtsURD5j6EcmyZSATe2Ug0XrjsDAChMaIWlHubLU6+w3DSIcOScpbIp8SlTKkEzaEAFpYUsGBHlAgY1d2Wm9ea2eFmAyGle7wNQe4Okx99e07OBpkWveLfzs8d+dugY/XrJNdjVo/iEetMKugnMU3btV1hcPqe5cjffKdI5CuHcJMk2UaBWWs36fAd50ZEuXn14rTEyy1k1Y7MkDtQmKhwC/HMrF23FJ7/JPkg0t84ivQhTCM8YyMDvBMD5pKGZxmz4ryfu7YLM9kzLfxqJaXxGBMB8CPK7TiJejAq8PC0IXydzbxn8B0dyTzCDIFtwiDyUEXBH7O56k=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96783A8CC291DC4BB296E34D89749GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8084d90c-1923-4e7b-05ff-08db522d55ab
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2023 14:38:06.7111 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ljerUI6coVqNibFYspAvLWPZjYzVmfPW0uu4yccQQdTs2/WP97XIcIfCMu4O6cGGja7C4dOZwUW5GKDnYLOa4ULS0Z/mV1KNpSxxw1D1xF4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB8374
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/d08zlZ9uYRr4qDb9P73WZrABHyQ>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2023 14:38:16 -0000

Agree with Scott. And I think this applies to all NIST PQC code points IETF is assigning now. Most of the final standards will change and you cannot have a single code point for two different algorithms. Very good that there is a comment stating “pre-standards version of Kyber768”.

John

From: TLS <tls-bounces@ietf.org> on behalf of Scott Fluhrer (sfluhrer) <sfluhrer=40cisco.com@dmarc.ietf.org>
Date: Thursday, 11 May 2023 at 16:23
To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, Christopher Wood <caw@heapingbits.net>
Cc: tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
My opinion: since NIST has announced that “Kyber768 Rounds 3 != The final NIST approved version”, we should keep codepoint 0x6399 with its current meaning, and allocate a fresh one when NIST does public the Kyber FIPS draft (which is likely, but not certainly, what will be the final FIPS approved version…)

From: TLS <tls-bounces@ietf.org> On Behalf Of Kampanakis, Panos
Sent: Thursday, May 11, 2023 10:16 AM
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>; Christopher Wood <caw@heapingbits.net>
Cc: tls@ietf.org
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

Great!

So to clarify, when Kyber gets ratified as MLWE_KEM or something like that, will we still be using 0x6399 in the keyshare when we are negotiating? Or is  0x6399 just a temporary codepoint for Kyber768 Round 3 combined with X25519?


From: TLS <tls-bounces@ietf.org<mailto:tls-bounces@ietf.org>> On Behalf Of Bas Westerbaan
Sent: Wednesday, May 10, 2023 3:09 PM
To: Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>>
Cc: tls@ietf.org<mailto:tls@ietf.org>
Subject: RE: [EXTERNAL][TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

FYI IANA has added the following entry to the TLS Supported Groups registry:

Value: 25497
Description: X25519Kyber768Draft00
DTLS-OK: Y
Recommended: N
Reference: [draft-tls-westerbaan-xyber768d00-02]
Comment: Pre-standards version of Kyber768

Please see
https://www.iana.org/assignments/tls-parameters

On Mon, May 1, 2023 at 11:59 AM Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>> wrote:
It looks like we have consensus for this strategy. We’ll work to remove codepoints from draft-ietf-tls-hybrid-design and then get experimental codepoints allocated based on draft-tls-westerbaan-xyber768d00.

Best,
Chris, for the chairs

> On Mar 28, 2023, at 9:49 PM, Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>> wrote:
>
> As discussed during yesterday's meeting, we would like to assess consensus for moving draft-ietf-tls-hybrid-design forward with the following strategy for allocating codepoints we can use in deployments.
>
> 1. Remove codepoints from draft-ietf-tls-hybrid-design and advance this document through the process towards publication.
> 2. Write a simple -00 draft that specifies the target variant of X25519+Kyber768 with a codepoint from the standard ranges. (Bas helpfully did this for us already [1].) Once this is complete, request a codepoint from IANA using the standard procedure.
>
> The intent of this proposal is to get us a codepoint that we can deploy today without putting a "draft codepoint" in an eventual RFC.
>
> Please let us know if you support this proposal by April 18, 2023. Assuming there is rough consensus, we will move forward with this proposal.
>
> Best,
> Chris, Joe, and Sean
>
> [1] https://datatracker.ietf.org/doc/html/draft-tls-westerbaan-xyber768d00-00

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email