Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design

Rob Sayre <sayrer@gmail.com> Thu, 13 February 2020 22:28 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89E2F12026E for <tls@ietfa.amsl.com>; Thu, 13 Feb 2020 14:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xrZUEr39AuFu for <tls@ietfa.amsl.com>; Thu, 13 Feb 2020 14:28:47 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C60F7120096 for <TLS@ietf.org>; Thu, 13 Feb 2020 14:28:47 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id n21so8358484ioo.10 for <TLS@ietf.org>; Thu, 13 Feb 2020 14:28:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gdvnjyyKws1kXGh7yzXmZqLxxPcnkhtcxa6/gw3PZI8=; b=UQ3zwHmBN2W2ZWqxHAbUVRQCjhz9fBsVpla+uqjnujKTduA/JmHY15SI7CgRwCuX0J TbjBEeYdFkYCmCS5zjQevaiusAvFXX9GLH9ZS/8x1svBstZCI8z8V06Ez158gGTA1vED OLKAvhKp0RjDhVCTX792+aU1hqrJKGlJvajYDjuWRspiXdNnEpMG//X/1ZJ5jhVlJpfE YLO1T2swRzmzUCrcVqWKxgkQ0Euuj/Dhh6X7T7HP/TaBmA6k/fx0MBesjgqJYE+61FUl LYArt3yYDHYELJTdoCugeYDaAcH114MDEjs9lADaCzXeVHRDkrUdpccOr8By4RmwIBpK YkEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gdvnjyyKws1kXGh7yzXmZqLxxPcnkhtcxa6/gw3PZI8=; b=VREB47fh1YOis67GIFp7gv07W1InWXmiX8jGlHYoIHxwffBGvnhgsWb5FnKZX/7y7s Im/JJO77n5K6s89u15OKPdj35crRQIewm9gC6p3CiCyIL4F5B/F+8tQgxC7v4gpW7TbV 3PvyIvqzNS24Lv3Zgztppr44EnQVL/rRz+OCl6ctqVfw0f26RErfHl4ENZkHfuM+giCf V1WfnP+PO4GPGOjFyJulDVR39yCHLrL/95N2Mw3HcrgApaJQY7X8AlMUkEdFd8kUkEt/ 4MphalbWSxr7dtJsQqaRO/w5w1YPY4O0vptw8wkFav264p7ZlMfGV8chDuOTeY7PhUhh PCIQ==
X-Gm-Message-State: APjAAAVjs7cqp2E55eWSBnfxa5yIk250Et7EDJ6userjBmKLUq14i4Dd lO4NeCXuWflKW888BCt+LQSuy7AQpCHn/XqdiGgAvWsX
X-Google-Smtp-Source: APXvYqy1vL9p1D3qt2qwhzr7WlQu4ZRDtw37774inRhNWuBmbfjkbm3QSC06nAnSb8nh/dO9ZjkYjdHJ8lpQqD1GPEI=
X-Received: by 2002:a6b:bb45:: with SMTP id l66mr24390885iof.73.1581632927061; Thu, 13 Feb 2020 14:28:47 -0800 (PST)
MIME-Version: 1.0
References: <CAFBh+SRAJAbviyrcQM2PjztumAH565i4-ui28OQ-pCJE9nePJg@mail.gmail.com> <CAChr6SyMxDvN5fnCNMpd3vmufQQkNvdrJJwxzNU3TdnbuwZMJA@mail.gmail.com> <64255C99-9C23-4F8E-A2F0-DA7B43572E2C@stebila.ca>
In-Reply-To: <64255C99-9C23-4F8E-A2F0-DA7B43572E2C@stebila.ca>
From: Rob Sayre <sayrer@gmail.com>
Date: Thu, 13 Feb 2020 14:28:32 -0800
Message-ID: <CAChr6SyjoDhLeWgiB+rRWw+xmanY4sp9ijDaTALXmHCLt25zcg@mail.gmail.com>
To: Douglas Stebila <douglas@stebila.ca>
Cc: Shay Gueron <shay.gueron@gmail.com>, "<tls@ietf.org>" <TLS@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c85f59059e7c9cff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iD-Mj4KefLoeMfeymbLjNYLa3cg>
Subject: Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 22:28:49 -0000

On Thu, Feb 13, 2020 at 3:48 AM Douglas Stebila <douglas@stebila.ca>; wrote:

> On Feb 12, 2020, at 11:24 PM, Rob Sayre <sayrer@gmail.com>; wrote:
> >
> > Would it be ok to add a rationale to the "Goals" section around backward
> compatibility? I'm not sure how the compatibility points will interact with
> downgrade attacks.
>
> For now I don't think we're envisioning anything different on downgrade
> compared to current DH group negotiation.  For example, a client that
> prefers curve25519 but also is willing to use nistp256 should be able to
> talk to a server that only supports nistp256.
>

This idea is what my question concerns. I'm not sure there should be a
negotiation of that sort, but the WG can sort that out.

thanks,
Rob