IETF Logo Mail Archive

[TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt

"Dang, Quynh H. (Fed)" <quynh.dang@nist.gov> Mon, 10 March 2025 13:06 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D364C992855 for <tls@mail2.ietf.org>; Mon, 10 Mar 2025 06:06:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -3.091
X-Spam-Level:
X-Spam-Status: No, score=-3.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.551, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EHlVwVBT1iHP for <tls@mail2.ietf.org>; Mon, 10 Mar 2025 06:06:43 -0700 (PDT)
Received: from SA9PR09CU002.outbound.protection.outlook.com (mail-southcentralusazon11010026.outbound.protection.outlook.com [40.93.193.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 01990992850 for <tls@ietf.org>; Mon, 10 Mar 2025 06:06:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QkzsCVs8qugSJ/w6sytyKrMwRSz1zzQ+CwtC9OFL8DivnXny2j1rTTSi9UAM2nTRDzDaQ6U8re6MqQMeYmD1f96s1bY28DZbopJ+hxPV/MPVd9ppMTzimcXjQ5ST/YkI08rBXsJ80moyASdEgcYahNELxABVEr66q5xCDSs+SBPxos/siywsxMK/MnzFf9kFhEgQJMH2Td3B9HXJSFql1v8e5FmxXV165F4QRxZ81VDTFKMMuUd1qjXFDvFQIXzGCtrxY50M3BcWHPBU0peuOI37uYkOAzx2OpUJBgcIcH9Z/yXMtCiKfd6H05lcxY3j+09b8FJc+w5BmsFEiw1qjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ff0iFo25wJEFGOBznecys+hlx060mn8ednc/XmzW/hs=; b=PMUTJPlYCzb9OkKeh/MypwlnGdPD0kkaO3zG5uDCa2Q86k3PfoPk3EzTjPnMGtq0rnbyg1ZCKv9bQOTymGhhLmpF7msMTGZGnSC/I24pxo1D/KSOn20/HzALjwqQVu9NJxTaljuA4fdDhElI0SrTN0THtD2/mo4CchY75beg5os1pVxGLTZg2A+xsA6Bj4qxY9hSIWoKMgY/yyMVPELQGsH8USzV6q3hogtx9QdKNZtDLDFmZgBhpZW9Gm3/zC+PBicvMscdc17/aRiXzhwr+jBPubh1df+rn+3sE0hh+HmKCkSMSjCGV1vPL8GRltJfs6vR/xdg/1v7cMQbRPe+1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ff0iFo25wJEFGOBznecys+hlx060mn8ednc/XmzW/hs=; b=d7wRdf3Q4+ooVHfypE0Vh7yrpyXEGGG2eXvSaNYaOj5I+PkFdbHJxnG8Dl46LN8UVZ7qY7IFE4Mp9cCEpJm4HmuilwpqVJB9blVRbtfU3BcLf3a9w/3O7m+HDDMuMBqklaGyQKiAJLinCbUtv6cjOxOhdMq2w6RxENuSo9EDgbuoM4dhi1n9oYn5IT0f/TlWzFs+F9y1lwL6mknCxeshmvTu1CP+Pjmi/jjVifE0BMZ997e4uFkh9lGS6XcCaKNHm4vrvCU8Ckdr8zmB6fBiRP6t3qg/zf2PXK4lTJS0TebOgPwJFhO7/IF8A82E7zQ9h25rBnEERprQ2/gC5WdRHA==
Received: from MW4PR09MB10059.namprd09.prod.outlook.com (2603:10b6:303:1fc::22) by SA1PR09MB11164.namprd09.prod.outlook.com (2603:10b6:806:36c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.26; Mon, 10 Mar 2025 13:06:41 +0000
Received: from MW4PR09MB10059.namprd09.prod.outlook.com ([fe80::e0a3:5842:681e:70c5]) by MW4PR09MB10059.namprd09.prod.outlook.com ([fe80::e0a3:5842:681e:70c5%7]) with mapi id 15.20.8511.026; Mon, 10 Mar 2025 13:06:40 +0000
From: "Dang, Quynh H. (Fed)" <quynh.dang@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
Thread-Index: AQHbkO2ehAcnOcvdxk63BWeYOC61mrNqz28AgACheQCAABkFgIAApdRAgAAi7wCAAAH20A==
Date: Mon, 10 Mar 2025 13:06:40 +0000
Message-ID: <MW4PR09MB100596625FFF5130AA1C4D240F3D62@MW4PR09MB10059.namprd09.prod.outlook.com>
References: <Z82aAuvLY1tiDxbQ@chardros.imrryr.org> <20250309231710.335050.qmail@cr.yp.to> <Z842c12hY9LNOd8J@chardros.imrryr.org> <LO2P123MB70510AFFBB46844E256C0A06BCD62@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM> <Z87e3EL3VbwPvQae@chardros.imrryr.org>
In-Reply-To: <Z87e3EL3VbwPvQae@chardros.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR09MB10059:EE_|SA1PR09MB11164:EE_
x-ms-office365-filtering-correlation-id: 9f07b3a9-6cb4-4027-2a73-08dd5fd46634
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: 5qaM40RBubwVrzjWJCnqJ4LG/bp15/W+ow3sOuhjAr/IE/uxxy9gFjiL1tmNt3DuxF5NXHxl/As64W/3zIrJQH4witf2kXUoUAx258rzPBGkV4YCYu41RAIlS7m91iiTwunaOOBlawJ4/BZwAcGIYHYMnpY/PGX1wzI1tcVhexRcUCFU75I7Iad9u2kLUHQjaEKBoZlNcpNGrrUmH4ly6bbAMy5YZbQtETXl+fiaOFHIkvsyc3jazeJ4HlBWdXyhkTnkoUB+D5YrFO9568eHROK4Xj0Rj1Tvb54EyALMUdicycCNBl9yh4HL6blCW6gtWAUzVy8bX7h89JSVGtEh1PMKdOYml0kAi9r+i17TYapZwRTwQh0PUvLPYbZg0hY6qpCtsgtIiDLIyrgLtEsZYN7+Le2PB6vy0IXi2TO1g9/gsbPjSQWDOXHTDkN6me1/7VmU8KOO/26Hobf0O7VeKz+MXb5wU49o/VZnrKItgynj7r+V/MH/d4AGKjZBgKYGvD5btOqi0Pu5DeN8ZlP3uR8S9d8xRvOZNNzQz+UZmRb13fMf8Uqd6IZpT/gu7/+5Ied4fl3lD4Eu+eK87mXLI2QwWgS/QD9lhSavUrLfzRXNePHI1c1XFlXkyzqHByUAPLp8kdXixWXpc1SAUQuhrpe6d5GjJDAgf+Pt1woAFR1L3Eu4ZZrcajbnyDzdSIKmXqj3mF4oG12p6un5xpo/lIk1ZUANV4mBAO32SxXO/Ugzxqug6wz0DbnpSxBYQLnDgupJO9Cah1m1cIZdKaLSHvvsdmtrzXsde6i4Z0pyVlYze5m6fUS7gO0UjCLtmxMjMA8Ydg2dQYcMVqVXeMng7QQ/am/I0w0BmjfTdCDJp6WPvLAF4KhK8KWajwVozUOp8jwEsBRT8FsuSXO7WMZOAYKO59pLf3eu0UTUDwQSB4bDGhNggVzNZZYgW65m7gco0LeomC97qa437tZnrTWVoEmdojdSEU1kw6ERs5NfgxZfyKeVgdRZtAOmSwBZHwBc/Q8yK77DCSM2hX9ez/RsZ9N1SKhT78LxXjKh+zKCcMk07gKfZygH+FX3nwXLWoQacISu9r2RHRo4UAkkl+BztChjqh57Tv+DAsyNkgqNgjnA11yjNSNqI31ZREb9KVfkHO49PPtQp5ObJHlkj9y13WvKYv4Ni3uvWDG0CsSJzlGhJ2dC/gJOhblBtXbgcaacuU3vK2vMGHo35FP3Y5tfLhopy0xm/FtbXRczcr7xZZ1shbhCSEkgweCA8QH8OTijQvhWr1V30j5q7v3yT22H2Ay5N4r9xSuWVic84iqSfGbT/qFdhA7C+JIxrEXc+BNMDbSMhu73I65IGab8xVrVXDQhRGrby1Xv2DPlXR46znM2eiBygB8GsMAiAfgwoKnMX/CZE6kQoFrVRH66GahMFBbhuxiNRCXrkYGn4S7tW/urWm/n1vEz6jO4herJDSBP
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR09MB10059.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ID2YDacMw6WOBP5Og95MIHAyPYvp9FxBP329xtDkCh1bVRk3e/uUZ9wtJ+/KCPEiZRlNs9IkCTGujivKk9xJWKF7oq9i2SJ3PtWDv5CgpaL1yi2GWFt0X0gw2A+//PW6xnjjOmyr3kejN2a3dmP7+RYFny7Zfa3t+6wJcUnSk1e1qoKyGgL83awdbNxN55t7BHyCk4FLnXwGcjR24pjvReP5bFulF9jcGPFpPtw1mqZNjcH2E0tyq6XRMMFfSq/YL70yiZO2ZqCfeZpnCK+cOpvAz6+T0JZyb2Iz6LGzPin/CIYq6VmgNtroG1RQMJu7gOweTmw8KH51z9nc6lDRRxYzBBV+z8GXwZviK8HJT6x6/bsQ37qCpRTxPZ0JPvaAjPpy66Us8s19HcV0B+PdRZk2BoCMQniPb/Io8GqOx7l+fndwpJsPANlprM0lBgF3wrdvbvIvrS/pHxTWX8+VxN6HKlIbWZ90al+YUOGbxYpVu8UimSWe0c4YTpRltnLtUEd0uq6AyONU5dKTR1OqxDlYZUHxhnWbYXU1kt7fIXKjY2MvKqC7l3t4j17/Qy8YABmPv34U1vkJw7YdB0apnAGweMjMWavR/dxunOr9VEWYnPnhMLkD5JJxY7WLnuG6/Y5Rm4Is22BYQmaaJaECPfSTeXPXnNB1zGL7o3gQXYU6L3puV9LP73SugXphIJPJ9VLb61o9JVdmdevsBqfKkp4+Coyd8uhTVtIg1roRSl8YqdKSmaz53SXu/VkCxSKHviaU+GMemZyvkb8wrN0SZY8o0ivcDdGzHj8Y9DJoAY+R2P3zpbFuSyxJuScgg1R5WyEaRVVa7Jzw1/uugv6dWoUt54WlQ4l0rQbCEFx0HORlawdhnXDXRWlPmBWepWThxpNaaGtLk+aByIWxRKhGTblq6/jarN+zHQYJD07Q7Sie51La4EVWJDDsO+ixnwmNa3f11qiP+GyR+gwfn15H3zIKmHNZkg+nI5+g/f+tmT+1LA9ieoAWebSGRp4uNvqv1aczIe5+DhqZDtC92J54L+1DYoo56iknap23ztYnzvyQXRaC2xngCBygD/rxA5a8TywdWxjMqNCUqLWJq6pD22+5jzkgiSkuoFzC3MztpPh45xt37N0lV1eA4xbJPxxt3CLT9CLamR958WcQDk2CEb4kx0UTGsAyFoYK8hvD7X+P5dwaf7EheMbOSdYsmvFdqzL1zZuN92uRkXwK6gdppypQCHssXK/dw+ff6hZB7D0E5e+sQMqTfSE6owtxDK5zEldgN70o2bI88Hci44YR9mr8BiwvfDPt/dhAcjHFewNRmfSV1/ojw7vIuLBrCYwOWScFDdf2ujqKidXRx666oFr86CqZOCBnsZpJHOcpBDdwyKcsoqll9eaOgj3whwggsOXOUf8F6kusG/X6k2cJWI89kjIffUuBUoO9AMfeMzhkefFbz6TZSC4rNwBDt3l/KGpPsmYj/X5ehhO/btyre0Xj4LQKffqqdwcMmA9PVIYezyHvuqAb0rFeE1CdC6ImuwaiSgYIszXeHLBERgPRE+4+p0Gbp58bOEvpLVVikTo=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB10059.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9f07b3a9-6cb4-4027-2a73-08dd5fd46634
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2025 13:06:40.8707 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB11164
Message-ID-Hash: YGGYP6QJTHXOXOESTOCGKJ5NVU7VGN4T
X-Message-ID-Hash: YGGYP6QJTHXOXOESTOCGKJ5NVU7VGN4T
X-MailFrom: quynh.dang@nist.gov
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: FW: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iOPEbfVAKffUAx2lm6wS5vLV6PE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

The server can detect a reused encapsulation key if it saves the keys which have been received and check the newly received key against the list of its saved keys. The server could just save the hashes of the keys or a "small" portion of the keys as the key IDs.  My guess is that that would be an expensive operation because of many reasons. 

Regards,
Quynh.

v2.29.0 | Report a Bug | By Email | System Status