Re: [TLS] I know TLS Device & Radio & BT protocol, For such things as mice & keyboards & Game-Pads, Could propose AES & PSK, Can you see ECDHE Being used ? maybe Preshare & seeded PSK is better, Can we make a protocol TLS for devices ?
Achim Kraus <achimkraus@gmx.net> Mon, 06 February 2023 06:51 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C47B2C14CE4B for <tls@ietfa.amsl.com>; Sun, 5 Feb 2023 22:51:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKsDWhIt-9h7 for <tls@ietfa.amsl.com>; Sun, 5 Feb 2023 22:51:01 -0800 (PST)
Received: from mout-xforward.gmx.net (mout-xforward.gmx.net [82.165.159.13]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5BC8C14CF01 for <tls@ietf.org>; Sun, 5 Feb 2023 22:51:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1675666256; bh=7XQTQym2PSQPLqlTkMRKSr2SrrZ1M96ck2eyeOAP1DQ=; h=X-UI-Sender-Class:Date:Subject:To:References:Cc:From:In-Reply-To; b=K/ql7uo7awpXfziyIciZOr80n6qZD29VRs+v5kYpAWWk2GheQceihpuq6sI53dTXY GnOvQ70ZNNmGaH0fXR/WBX9jPr0VnSKY04kXwbZ8/7eik/RFDksbOVPcKaPDCHykG8 qpJZ9I+WDjPk3JM0T9YoW1qa+daPMxA+8gz83Q60y0ZQ3WUv74vDrZArBWvGdPT+aV hT086Mpi3nsGYxFE48xYUOUHJ/I1dj2R0WcRISnlgWUrV64xtmJd2DdcQHYVLLFDZd mH1vvggG9m9iy/NwLfev3trhB/kpCGkkGS5PnGLQkRgVzDXF8jEjn06Ar5Jja5eRcX 56JK/uVBpvtWQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.178.10] ([5.146.192.44]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mq2nA-1olii23JZ4-00nBRE; Mon, 06 Feb 2023 07:50:56 +0100
Message-ID: <16975c8b-47cd-3d6f-4952-7dd7104ab9b9@gmx.net>
Date: Mon, 06 Feb 2023 07:50:56 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: de-AT-frami
To: Duke Abbaddon <duke.abbaddon@gmail.com>
References: <CAHpNFcOO2NPY8f-GOitGo4NK2nOR_1A2owgfD70zBtnx94PrgA@mail.gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <CAHpNFcOO2NPY8f-GOitGo4NK2nOR_1A2owgfD70zBtnx94PrgA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:H/yW3vTr6HCkytAUlnvpypkldybVvBTAEbmJdaY5tnI7E42QczI YZ4+x8FHdxku6mUYNlbCYUnslZp+QbIl+XXbMW62N1yL69GLN0BbdJLB5YofoL0pO+b4mqq ZVPmv+9RuoolzBb5Ucfy8GcVq9i5n5XREbBs+5LL4g1NfUFAHF1loXlByTIzvui08CqB0w1 HKmb4mTQYPkEJxLoDaZ2g==
UI-OutboundReport: junk:10;M01:P0:ytZTxvde3u8=;8boy8C1S5hr5egfS9QM6fMa079Ii2 SMZlN6qj7QxlFJCS20qNP2Qw1mYn4bRzrx6eyzwKhLPVAivJYkgE5JK0w2ZwB9O+Otc8A359H xiAyAXg3MmvGSDUDxpOueUWzWkicToGQPDj2KheVvOkf/s0BmIMn8ZnmWt1ohx11MaBFkx2oP abGdQRzDc21Wmqn3sIk9t/q4TZZx+xPB2Gh+dK9HFHee2fAW6XAbh1DleNb7FW6fXlbVAOjWH uv6AAVLECmqDc2JsAsw9ERntMX6fhCtY/STET3kaFlcQJPNWuiqI2Y/EnER4zUJZtyPuCL58O E1jOAx67WKwlwdfbzj0h4zmLlPoJk7jawLJ6Kttqd/Rmm195yTW1PJFaseu6BUVuBXoNlDyu9 2CcPi/zhmacbPgYK4p/gyIANLAH/2IbefsskxdmF2x9nMbVu87Bjo7oLt6CJ3u0Y7PZu3S6qV 14gOv5i4sVGjofhsGv+4Vjgj1quJ+NoIijwObx1w7KZTg9fDnFLs4Rxce0hcp160jqRT956dQ 0J/aRWWDxy24YLVeXj0Soj0WNq3gKZmXrukNs6wcMfCWRbN5kBvgBZZ/je49cV9tvX1XfHFg9 Khn3oF62aAsY1KoJ7mFb3YDbIN49zHT7Rma7xlDLQbTx8dQ6TeiJYX5oAA23HYiQluSEjQQom 20QeKC/N0Abx/uP/Uq4gGcXtAuVJgQPgut0DLEu/CXTtcXlRiZ8J7GdFDJz7/GUjyEV/9ajkT r3aqL6gY4tvaGX7VM4O5u3imE10xV9vpZVGON2mGD7Yn5eRvObLMn476noGmjc+vM95aDU1e9 AUir8d+2iwKYaz/OSJF1PRf5xL7NUF8UaMk5K98pNytlm0lJpyrrdjbqiTk0b8jdw/oKXatoV xaxaQRIHB/wlacgcp23BZTNli3ql2Wmtf6E+KPDW/ydJ3RBHpIIgMM4SK+FHFOZM14uvxoJld iEj1w+B27sJcoCdUJoE4+kaieYVV9BUupuskvAmcBD0qVIZU3UngP2aFeURrMDQTHLNwkeCvc +J4emIxnzfM4hoh1kELLyzsmui5eGRhkivvQBfz50TBed6hEfkdgBL7huP10gKtleEwu4dBpO Td02ge8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/f2Vtfry1Vg9zz0WCsPFTYK2hOiY>
Subject: Re: [TLS] I know TLS Device & Radio & BT protocol, For such things as mice & keyboards & Game-Pads, Could propose AES & PSK, Can you see ECDHE Being used ? maybe Preshare & seeded PSK is better, Can we make a protocol TLS for devices ?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2023 06:51:05 -0000
Hi Duke, > Can we make a protocol TLS for devices ? did you consider to use DTLS? > Can you see ECDHE Being used ? Once starting with ECDHE, in my experience the most seems to prefer ECDSA. With RFC7250 the additional overhead is limited. best regards Achim Am 06.02.23 um 03:11 schrieb Duke Abbaddon: > I know TLS Device & Radio & BT protocol, For such things as mice & > keyboards & Game-Pads, Could propose AES & PSK, Can you see ECDHE > Being used ? maybe Preshare & seeded PSK is better, Can we make a > protocol TLS for devices ? > > Rupert S > > Device Security CRT Initiations for URT, USB, Wireless & other Device > Interactions : (c)RS > > A very good way to think about a mouse, Keyboard & device AES & Crypto > security is that a device needs to be in the certificate store, > > Two reasons Hardware acceleration is OS Store & Security; The > device(computer) specifically requests all interactions with the CRT > with a level of privacy & security, By GUID Definition & identity; > Secondly limiting the function to parameters so it will not hack the > system.. > > So firstly the device certificate needs to interact with a store for a > temporary cert & therefore we need a device Certificate store that > contains the equivalent of the Secure client key in SHELL, > > This does not need to worry us; But we need a store! if not the device > driver needs to initiate the system Store DL & AES Systems so that the > device is secured with a personal store & main key (probably > ECC-AES-'GCM<>FF3-1' ) > > Rupert S > > https://science.n-helix.com/2022/08/jit-dongle.html > > https://science.n-helix.com/2022/06/jit-compiler.html > > https://is.gd/LEDSource > ***** > > ((network server)Effectively Improves Phone & network SSL Connectivity > & thus +security) (good for telecommunications networks) (TLS) My > files are all verified by virustotal & are signed anyway! > https://is.gd/SecurityHSM https://is.gd/WebPKI > > TLS Optimised https://drive.google.com/file/d/10XL19eGjxdCGj0tK8MULKlgWhHa9_5v9/view?usp=share_link > > Ethernet Security > https://drive.google.com/file/d/18LNDcRSbqN7ubEzaO0pCsWaJHX68xCxf/view?usp=share_link > > RS > > ***** > > *********** > > (in comparison Poly & AES is quite good for 32Bit USB Mice > (small channel) Performance Evaluation Comparison LIGHTWEIGHT CIPHERS > NIST LightWeight Cryptography Requirements : RS > > Lightweight Cryptography > https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf > https://www.scitepress.org/papers/2014/49006/49006.pdf > > Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight > Cryptography Requirements > https://scholarworks.calstate.edu/downloads/k0698968b > > AES-NI Compatible Ciphers : AES, ARIA, CLEFIA > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-cipher-catalog-01#page-3 > > CLEFIA : Large size table, Pure function > https://datatracker.ietf.org/doc/html/rfc6114 > > ARIA : Random is a big+ to anomininity bit 128Bit's of data > https://datatracker.ietf.org/doc/html/rfc5794 > ARIA is conformant > https://datatracker.ietf.org/doc/html/rfc6209 > ARIA SRTP > https://datatracker.ietf.org/doc/html/rfc8269#page-14 > > ************ > > > AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption > https://datatracker.ietf.org/doc/rfc8452/ > > Adding the nonce to GMAC makes GMAC's unique : ICE-ssRTP > https://www.zerotier.com/2019/09/04/aes-gmac-ctr-siv/ > https://www.rfc-editor.org/rfc/rfc5297#page-15 > > Correct Time : EEC Elliptic & Nonce timer function: > > "The thing about random unique nonce with :dev/rng is that verifying > the nonce's uniqueness is an issue, with SSRTP nonce, Time intrinsics > allow only one play time https://datatracker.ietf.org/doc/rfc8954/ > > So what about if they have a reset phone & have not got the correct > time ? mine wouldn't do NTP until i set it to pools.ntp.org, the > telephone network would not change the time!" > > So the nonce may need a seconds from arrival timer; So that it is from > the time it arrives (in your terms) & additionally a sent and arrival > time so that when you get the correct time; It still works! > > In essence TLS & OSCP need a time from arrival (to verify > link/Security CRT), It does not matter if that NTP timer is off by 5 > Minutes... > > you can use the Time related EEC Elliptic curve & as long as it is > timed from arrival & sends back a sample with a from time & until... > > That EEC Elliptic & Nonce will work. > > RS > > ***** > > > https://science.n-helix.com/2022/03/ice-ssrtp.html > > Code Speed > https://science.n-helix.com/2022/08/simd.html > https://science.n-helix.com/2022/09/ovccans.html > > Chaos > https://science.n-helix.com/2022/02/interrupt-entropy.html > https://science.n-helix.com/2022/02/rdseed.html > https://science.n-helix.com/2020/06/cryptoseed.html > > sRTP Chaos Nonce: Certificate transactions; TLS & OCSP Security Protocols > https://datatracker.ietf.org/doc/rfc8954/ > > RSA-PSS > RSASSA-PSS is a probabilistic signature scheme (PSS) with appendix > RSAES-OAEP (Optimal Asymmetric Encryption Padding) > > https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html > https://www.rfc-editor.org/rfc/rfc8017 > https://www.rfc-editor.org/rfc/rfc5756 > > PSK: > Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois > Counter Mode > https://datatracker.ietf.org/doc/rfc5487/ > https://datatracker.ietf.org/doc/rfc8442/ > https://datatracker.ietf.org/doc/rfc9258/ > > Nonce & Plaintext, Token & SequenceID (Bearing in mind that ICE-SSRTP > Nonce is compatible) > https://www.ietf.org/id/draft-howard-gssapi-aead-01.txt > > AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption > https://datatracker.ietf.org/doc/rfc8452/ > > Adding the nonce to GMAC makes GMAC's unique : ICE-ssRTP > https://www.zerotier.com/2019/09/04/aes-gmac-ctr-siv/ > https://www.rfc-editor.org/rfc/rfc5297#page-15 > > AES-GCM SRTP > https://datatracker.ietf.org/doc/rfc7714/ > AES-CCM > https://datatracker.ietf.org/doc/rfc6655/ > > Lightweight Cryptography > https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf > https://www.scitepress.org/papers/2014/49006/49006.pdf > > Performance Evaluation Comparison LIGHTWEIGHT CIPHERS NIST LightWeight > Cryptography Requirements > https://scholarworks.calstate.edu/downloads/k0698968b > > TLS 1.3 on Lightweight Crypto > https://eprint.iacr.org/2023/095.pdf > > Computation of Hilbert class polynomials and modular polynomials from > super-singular elliptic curves > https://eprint.iacr.org/2023/064.pdf > > Super-singular Elliptic Curves for ECDHE EEC PQC - Deuring for the > People - Supersingular Elliptic Curves with Prescribed Endomorphism > Ring in General Characteristic - 2023-106 > https://eprint.iacr.org/2023/106.pdf > > The Security of ChaCha20-Poly1305 in the Multi-user Setting > https://eprint.iacr.org/2023/085.pdf > > Verification ECDHE > ECDHE Grotto, framework & C++ library for space- & time-efficient > -party piecewise polynomial 'i.e, spline' evaluation on secrets > additively shared over, Grotto improves on the state-of-the-art > approaches of DCF 2023-108 > https://eprint.iacr.org/2023/108.pdf > > AES-NI Compatible Ciphers : AES, ARIA, CLEFIA > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-cipher-catalog-01#page-3 > > CLEFIA : Large size table, Pure function > https://datatracker.ietf.org/doc/html/rfc6114 > > ARIA : Random is a big+ to anonymity bit 128Bit's of data > https://datatracker.ietf.org/doc/html/rfc5794 > ARIA is conformant > https://datatracker.ietf.org/doc/html/rfc6209 > ARIA SRTP > https://datatracker.ietf.org/doc/html/rfc8269#page-14 > > Post Quantum: > Verification of Correctness and Security Properties for CRYSTALS-KYBER > https://eprint.iacr.org/2023/087.pdf > > Verification of the (1–δ)-Correctness Proof of CRYSTALS-KYBER with > Number Theoretic Transform > https://eprint.iacr.org/2023/027.pdf > > A Practical Template Attack on CRYSTALS-Dilithium > https://eprint.iacr.org/2023/050.pdf > > NTRU, Kyber Hardware Acceleration - Gate-Level Masking of Streamlined > NTRU Prime Decapsulation in Hardware 2023-105 > https://eprint.iacr.org/2023/105.pdf > > Compact TLS 1.3 > https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/ > DTLS 2023 > https://datatracker.ietf.org/doc/draft-ietf-tsvwg-dtls-over-sctp-bis/ > TLS 1.2 > https://datatracker.ietf.org/doc/rfc5246/ > > https://datatracker.ietf.org/group/tls/about/ > https://blog.cloudflare.com/post-quantum-for-all/ > > Network Time Protocol Version 4: Protocol and Algorithms Specification > https://datatracker.ietf.org/doc/rfc5905/ > > https://science.n-helix.com/2022/01/ntp.html > > Securing TLS > https://is.gd/SecurityHSM > https://is.gd/WebPKI > > Crypto Libraries > https://github.com/miracl/core > https://github.com/jedisct1/libsodium > > About Circl library > https://github.com/cloudflare/circl > https://blog.cloudflare.com/inside-geo-key-manager-v2/ > > FPGA & ASIC Libraries > https://si2.org/open-cell-library/ > > Model & Create S-Box (AES & ARIA & CLEFIA S-Box Modeling) > AES & ARIA & CLEFIA S-Box Modeling - Advanced Crypto Algorithms - > Modeling for Large S-boxes Oriented to Differential Probabilities and > Linear Correlations (Long Paper) 2023-109 > https://eprint.iacr.org/2023/109.pdf > > > ***** > > Good stuff for all networks nation wide, the software is certificate > signed & verified > When it comes to pure security, We are grateful > https://is.gd/SecurityHSM https://is.gd/WebPKI > TLS Optimised https://drive.google.com/file/d/10XL19eGjxdCGj0tK8MULKlgWhHa9_5v9/view?usp=share_link > Ethernet Security > https://drive.google.com/file/d/18LNDcRSbqN7ubEzaO0pCsWaJHX68xCxf/view?usp=share_link > > These are the addresses directly of some good ones; DNS & NTP & PTP > 2600:c05:3010:50:47::1 2607:fca8:b000:1::3 2607:fca8:b000:1::4 > 2a06:98c1:54::c12b 142.202.190.19 172.64.36.1 172.64.36.2 38.17.55.196 > 38.17.55.111 > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] I know TLS Device & Radio & BT protocol, Fo… Duke Abbaddon
- Re: [TLS] I know TLS Device & Radio & BT protocol… Achim Kraus