IETF Logo Mail Archive

Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space

Russ Housley <housley@vigilsec.com> Fri, 29 March 2024 16:35 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B3DFC14F600 for <tls@ietfa.amsl.com>; Fri, 29 Mar 2024 09:35:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9SWPOdgUIBIo for <tls@ietfa.amsl.com>; Fri, 29 Mar 2024 09:34:56 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC86EC14F5EF for <tls@ietf.org>; Fri, 29 Mar 2024 09:34:56 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 6AE8A17158E; Fri, 29 Mar 2024 12:34:55 -0400 (EDT)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 447421713C5; Fri, 29 Mar 2024 12:34:55 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <A1BD11B2-70AC-4214-BD29-5A29054F97B9@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5E71B456-BBF2-472E-B437-F69671B943DD"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Fri, 29 Mar 2024 12:34:45 -0400
In-Reply-To: <CAF8qwaCSNQaB13OgMU3DZyiWk27inExnNpORfZgMq6H-Vhr=xw@mail.gmail.com>
Cc: IETF TLS <tls@ietf.org>
To: David Benjamin <davidben@chromium.org>, Sean Turner <sean@sn3rd.com>
References: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com> <0BC652C3-9BBF-4E18-97D1-4036EA16C9E4@vigilsec.com> <CAF8qwaCSNQaB13OgMU3DZyiWk27inExnNpORfZgMq6H-Vhr=xw@mail.gmail.com>
X-Mailer: Apple Mail (2.3731.700.6)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=from:message-id:content-type:mime-version:subject:date:in-reply-to:cc:to:references; s=pair-202402141609; bh=MaFg05YtPmevVus8FJhShZWtEkqovd0oEuFNClMKfnU=; b=qXpK8oW4Mdhbpaxx15B+5QndypZp85GvhRWPhnoP6iNSnwDhJirzICKjBBf5QmkM9NQsQsMcxEJ9KwbXP/IdutSVSrcCL7P6ujmc+qLm4WP56X7MqzZc2Cel3TP1oiNfiVnHXtLg2uCthkpo9U2VfOcmy4YpKPMpBhP3NIu4rYxLY2c+65BoyPEjt953TVugzcZ/Dbp+9SkwqrBBJtRDV8ZwokwhYSR0gsnMWZ03FJRMwNLuGud5agh38eUND3m9Op3HB9rtNVQCxGyZSjVrUz+wXjNmOYmaJMyjI+HLBtY8h3IvFmCbRDybn5POCAFbwkLVqUaPEZYVKY8jsiK6ow==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jTb_kaY_LISRwuCKe1OCE1DXHX4>
Subject: Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2024 16:35:01 -0000

I am fine with putting a more inclusive name on the existing range.

Russ

> On Mar 28, 2024, at 6:04 PM, David Benjamin <davidben@chromium.org> wrote:
> 
> I don't believe we need a separate range, just to unmark the elliptic curve range. TLS does not usually ascribe meaning to ranges of codepoints because TLS implementations do not need to categorize codepoints they don't understand.
> 
> The only reason supported groups was partitioned was because of a goofy thing RFC 7919 did for FFDH. That goofy thing also was what made RFC 7919 undeployable anyway, so it didn't work out. :-)
> 
> On Thu, Mar 28, 2024 at 5:08 PM Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
>> Sean:
>> 
>> I observe that ML-KEM is not a Elliptic curve group or a Finite Field Diffie-Hellman group.  I really think we want to include sepport for KEMs. but a separate range is needed.  I assume it will be carved out of the Elliptic curve group range.
>> 
>> KEMs are not "key agreement" algorithms as suggested by this draft name.  In a key agreement algorithm, both parties contribute to the shared secret.  With a KEM, only one party generates the the shared secreat value.
>> 
>> Russ
>> 
>> > On Mar 28, 2024, at 10:52 AM, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote:
>> > 
>> > <author hat>
>> > 
>> > **WARNING: Potential bikeshed**
>> > 
>> > -connolly-tls-mlkem-key-agreement has suggested that code points for the NIST PQ be registered in the TLS Supported Groups IANA registry [1].  Currently [2], the registry is carved up into three blocks as follows:
>> > 
>> > Range: 0-255, 512-65535
>> > Registration Procedures: Specification Required
>> > Note: Elliptic curve groups
>> > 
>> > Range 256-511
>> > Registration Procedures: Specification Required
>> > Note: Finite Field Diffie-Hellman groups
>> > 
>> > Assuming that the proposal in -connolly-tls-mlkem-key-agreement is the path for PQ KEM algorithms (and maybe regardless of whether this is the path), we should really replace the “Elliptic curve groups” note in the 0-255, 512-65535 range row with something else.  I am open to suggestions, but would like to propose “unallocated”. I have submitted the following issue:
>> > https://github.com/tlswg/rfc8447bis/issues/54
>> > and this PR:
>> > https://github.com/tlswg/rfc8447bis/pull/55
>> > to address this.
>> > 
>> > spt
>> > 
>> > [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
>> > 
>> > [2] Originally, RFC 8442 defined the name of the registry as "EC Named Curve Registry” and then RFC 7919 re-named it “Supported Groups” and carved out the FFDH space.
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org <mailto:TLS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email