[TLS] Re: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
Bas Westerbaan <bas@cloudflare.com> Tue, 27 May 2025 12:13 UTC
Return-Path: <bas@cloudflare.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8A15E2D4725F for <tls@mail2.ietf.org>; Tue, 27 May 2025 05:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cloudflare.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ha6p0vAw1mlC for <tls@mail2.ietf.org>; Tue, 27 May 2025 05:13:51 -0700 (PDT)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E684D2D47258 for <tls@ietf.org>; Tue, 27 May 2025 05:13:51 -0700 (PDT)
Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-e7387d4a336so2359743276.2 for <tls@ietf.org>; Tue, 27 May 2025 05:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1748348031; x=1748952831; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JxCduvVOk2LH8KiUBrRrASAeifVsKCFPjEuWteB/Za0=; b=HVDwbLRAZ7I3ZYUaIhpQUkBrvlfIVqtkoQeGBtdPAbztJJT6xBe2qpehzqrMDRjXwT DIN2LniOXcaCHlhguLeSgFYUkppHvM3Ee2oaPDo03nxXeKjXr46+bjg00J46UPKneSn3 3veiTluFkxmo2dpOy4Mucl8fKCx9/WvQR8IHLOYP7LvfM9QiUi1arNcHuV1NmMJsBwks SYqCMdzV3xd5IaJk6/0kMI5z2aFfk6i/aQXGW2+Ewnar4N5cty9WFVdQiJDSAUKBoTrU LFpfITjuAbwu5dJ/DUponBmpQ1Rw2IVj648a+HFBi+Aniqpy3UJCC7sLmz13Ml9JdjG8 KUZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748348031; x=1748952831; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JxCduvVOk2LH8KiUBrRrASAeifVsKCFPjEuWteB/Za0=; b=kDZ3GWw+kbSAJtLqBzbo/swTl/E8D85c0+dJ3oCyWMXclpmBsdbcHY4sCAsVw3p4V4 YxTw/OojO1N8/xu/FYX2H67okuAEKZFWmve0uhlqKFJt4FUo7i/oEGvLajk1sTXKh7UD sS6UnJoXLASKM/dGzUv2juyD2O5hVcRR/nrpZkgmIF5gdvRPZ7iXYPouJ536/iNMSd3f GuRZaOMnLFOVNeNw7sKGRzv0J1Y3c4nOpir+I6OtqYLbhG70yez34EPiHGwjW9eQ5lpb lleDn++56uN9okvuEyYgv21kBxwNLt5ugzDI38FScnnhXl3BtQGEGb/KG05AwdScwL2x iHug==
X-Gm-Message-State: AOJu0YxWT+KkhbL13eVRsvTLuABFkyrVi0OOAgGYACCDQcWZXDemYx22 dFHGQW0I2JiitGMCEkiMXfvV1wDW1VIOug08Ijoioj357RGNjeUWjaXj6ANakMTCxTcWfjHrh29 tzH0dxE9xCc3WafzsfPbuC5RzsS3lspQOyPgpat9OVA==
X-Gm-Gg: ASbGncsvy3oAJATaxeGS6VwHD6v6k/JCMyb50IBa8rtWvj6/S45KCxT0+x7Iz+O/xgT 9HAjJZIprLccqrajb0yrTUGZVOULdkMRZku1GIU5tRDXx74uryRYvW0xW/jgRrkBsfGCVlYy76y cFNBOAX0H3SjDsIVHpEzVVLC/4DJPkUgDSwKg9vxhuNQhEK5fLev8=
X-Google-Smtp-Source: AGHT+IE59X36A4/rc0l/dfqWlqEv0sGMMLQTTibJi1eTOY0L3eRSULtVHGTjzLlx6qIAo8atpKBWfeJfe4VbRtCYli8=
X-Received: by 2002:a05:6902:6c09:b0:e7d:5d72:7799 with SMTP id 3f1490d57ef6-e7d919c3de0mr12802696276.14.1748348030890; Tue, 27 May 2025 05:13:50 -0700 (PDT)
MIME-Version: 1.0
References: <9dd756034dd942abaaf302ef594d493d@bofa.com>
In-Reply-To: <9dd756034dd942abaaf302ef594d493d@bofa.com>
From: Bas Westerbaan <bas@cloudflare.com>
Date: Tue, 27 May 2025 14:13:39 +0200
X-Gm-Features: AX0GCFvTEvp9NVSXshskbAVIRAjF1mqlkk7Wm3VODs265en7Wna2FOEJcCJYLY4
Message-ID: <CAMjbhoXRH_-c5bXArf7Z6Wj0P5h_vhggEqFD7ZWPKj6BXnHr2w@mail.gmail.com>
To: "Appel, Ryan" <ryan.appel=40bofa.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000053ce2d06361cffb7"
Message-ID-Hash: 6OTUPCESDKHRHTTK7NNA7PA3YNIEGUBN
X-Message-ID-Hash: 6OTUPCESDKHRHTTK7NNA7PA3YNIEGUBN
X-MailFrom: bas@cloudflare.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mail regarding draft-ietf-tls-mldsa - Small Editorial items
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kM4VUSulsnUTX8ClrXGPBoz50gs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi Ryan, Thanks for the review. On Fri, May 23, 2025 at 11:46 PM Appel, Ryan <ryan.appel= 40bofa.com@dmarc.ietf.org> wrote: > Hello all, > > > > Apologies if there’s any emails that have already gone out for these > editorial items or if you all already had plans to fix them. I was going > through the draft today and didn’t see any of these suggested edits in the > mail archive. > > ----------- > > In section 1. Introduction it states “module-lattice based” NIST defines it in FIPS 204 with a “-” in-between both module and lattice and lattice and based so this should probably be: “module-lattice-based” > > > > In addition in this section, it says “algorothm” which should be corrected to “algorithm”. > > ------------- > > In section 3. The paragraph beginning “These correspond to…” has the text “variantsadefined” which looks to be a mistyped “a” where a space should be. This should be corrected to “variants defined” > > > > In the paragraph beginning “The schemes defined in this document…” should probably say that these algorithms must not be used in a TLS version earlier than TLS 1.3. Right now it only precludes version 1.2. > > > > Throughout RFC 8446, this is referenced as “TLS 1.2 or below”. So the proposed language is to change the first sentence (and others like it) to: “The schemes defined in this document MUST NOT be used in TLS 1.2 or below.” And “A peer that receives ServerKeyExchange or CertificateVerify message in a TLS 1.2 or below connection” > > Does this address it? https://github.com/tlswg/tls-mldsa/pull/13 > ------------- > > I realize that there are many considerations that need to be put into > place in the “Security Considerations” and it has been left as a TODO. > There’s probably some worth in taking some of the info in 8446 appendix C, > D, and E, and discussing them in terms of using PQC for authentication vs > non-PQC. As well as the decision to NOT allow the hash-ml-dsa variants and > other such security considerations like what’s discussed in FIPS 204 > section 3 > Agreed. There is some early discussion here already. https://github.com/tlswg/tls-mldsa/pull/9 Best, Bas > > > Thank you, > > > > Ryan Appel > > > > > > > ------------------------------ > This message, and any attachment(s), is for the intended recipient(s) > only, may contain information that is privileged, confidential and/or > proprietary and subject to important terms and conditions available at > http://www.bankofamerica.com/electronic-disclaimer. If you are not the > intended recipient, please delete this message. For more information about > how Bank of America protects your privacy, including specific rights that > may apply, please visit the following pages: > https://business.bofa.com/en-us/content/global-privacy-notices.html > (which includes global privacy notices) and > https://www.bankofamerica.com/security-center/privacy-overview/ (which > includes US State specific privacy notices such as the > http://www.bankofamerica.com/ccpa-notice) > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] Mail regarding draft-ietf-tls-mldsa - Small… Appel, Ryan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Bas Westerbaan
- [TLS] Re: Mail regarding draft-ietf-tls-mldsa - S… Appel, Ryan