IETF Logo Mail Archive

[TLS] Re: Fwd: New Version Notification for draft-sheffer-tls-pqc-continuity-02.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 09 June 2026 19:26 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 04AB6FE417EB for <tls@mail2.ietf.org>; Tue, 9 Jun 2026 12:26:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1781033211; bh=hWVAkGat/+D6257ZffJIzelViujnQu8xpD3N0xzrp58=; h=Date:Subject:To:References:From:In-Reply-To; b=wMpzX2aNx6Ou12FwSSv+JjoSUVXIZEYRGPXkEJeoVL7uabYNPICVsVxZ7BdaVQwOW 2PeDteiLxrfVEl0Yq3f+a33luh5hA1DzglTkoR/LfvxjVA30z5Ug2+W1K5r7VmGPo7 88UPsEQIbr/R9F/8kmYcGzWhhRBj4AWlvs/RUgks=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnsjW3NU0z32 for <tls@mail2.ietf.org>; Tue, 9 Jun 2026 12:26:50 -0700 (PDT)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B20A7FE417E3 for <tls@ietf.org>; Tue, 9 Jun 2026 12:26:50 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-4903d730b1fso67597925e9.2 for <tls@ietf.org>; Tue, 09 Jun 2026 12:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781033210; x=1781638010; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=ifg7RlonmrmY0agATdgi4xwTAoAV4We6WiHNodFqJqI=; b=gMfP6kfpuDLEYAddcjNDhCUKS5vt0kwmfl7vbKWNDH1BsBwCdtWGA+R4E2hzi6qM8f R+QzT6JFyMqxrEe5NnCmozaAlw0+QnKlpj0A4WAbiaXPJnzEnJq9csKIEjXdHe2nUHtm 9lX/THS7gf2um3TZvkgVsh8pY5aY3HEKGC8Wac5KgQA9pmuAk+PGswFOqql8EzxaFB/I E85dPffIZKfw5zFALpRDFtZ3OB2omnBjVBaerHqBAS8HKnzqkZiTlo/rVcf3qjlQTFYv UuTfYGG1V8AY1wrZcEqC/fM+PUBZrzG5Nvb3ap4ePvQxE8qjt5FQIm0SO4B94JnehJ+t OZaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781033210; x=1781638010; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ifg7RlonmrmY0agATdgi4xwTAoAV4We6WiHNodFqJqI=; b=P13+fu5Hs2vyjqT1vUZVjed3pxp/R0Mpo5O3lgdVdV8siZ4e+qlaby+VSHvNYrgy3Y pCWvfuYQEwBSZkRv4Qa5FlxwjRyDpoIHlkARt5uIlfs5ADunP5B2jF59OImeeqWWLiEA JEAd+nIHeYt4n8h2KFSLHfqBPS6qRhOIta+BQo6KMJX8b4J0ipyPpMzkvVOunX8RVlbQ tHgQqkWQZcm4Zg6dJBwyJsPKHhpPHdXsbyQGeBqHf3azDpYXWh/TUrIvIaxv8cfHU+aC 3eRu/sbBgdbn0/YWWPDIuASbcCZuUN9XEkN6KFIf17x9SmIE1+EtvJcgfmNltG1acbmL +j1A==
X-Forwarded-Encrypted: i=1; AFNElJ85hM2LI7jp5ugK9baUdnPl+yr9V47JKhPCNNxF+y8rwwZz1hjALRFpr4vqMe3mWhW7MZc=@ietf.org
X-Gm-Message-State: AOJu0YzcAr17FAxJyWoAxvrw3USuFNMgg23uohDJnMp9gNppkRZV8wWM Rc9d+FXwQlBBAT2K2JBSfZaX9Gf61QL9MZq8HesS1/YBUVHOJk3WEnh9
X-Gm-Gg: Acq92OFaydh5Mf94ren3PuN+eLeNHuJh8fR1G6kuzFbYRbUTIZ80eWSUwW6D2Jbxx3N QLg/RXuanphFoFfDAAeqsCrBJPaA9tbBhmqx6ubJ2g5Wo3klJfxUw8FTpmOfw/KiixExprcoUTh I82eh3tOEQwFSShzFn7g0IyWBhiI13TwTSgGHIJwQ/xh/eVRVUfMDy+fBrB/gOJuIPKQ/Mrt11p njbsAZREFyKclLzTVuDOtCa5pY/BLhXOXZk4L73McYOWFOq7T8qPb7GbW8ilI3SqPOOM1/YW/of GMu9VcIN8YpRjIAoo1qmcU3nytG+dUu/dl7BKK14BsrFcepZ0nQWd7U2k7c0pUPZokkHc4yuSC5 smU3JgQhXefdk2jOBkVfUNXbnaAUHLpLdtE85q0ZXpZDU+WyextAaM+ud5kbKhrYp68HOkIkuo3 iZ/j/oAmiylQMG/Ue0RCUWPGrLQUhvvop23LbASf9o3ghQ90+AiU7r3mU2H7ojDYOUjelHM6S4Q I2Ec1NDqCPDbhxd7F0=
X-Received: by 2002:a05:600c:a011:b0:490:58ef:cea7 with SMTP id 5b1f17b1804b1-490c25ee058mr364270985e9.22.1781033209377; Tue, 09 Jun 2026 12:26:49 -0700 (PDT)
Received: from [192.168.68.101] (IGLD-84-229-147-222.inter.net.il. [84.229.147.222]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-490c2d37edbsm405207575e9.2.2026.06.09.12.26.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 09 Jun 2026 12:26:49 -0700 (PDT)
Message-ID: <63c1ca3a-a2e8-4be0-85a7-16a74805828a@gmail.com>
Date: Tue, 09 Jun 2026 22:26:48 +0300
MIME-Version: 1.0
User-Agent: Betterbird (Windows)
To: Ilari Liusvaara <ilariliusvaara@welho.com>, tls@ietf.org
References: <178100161553.1166.17557928717720479639@dt-datatracker-56f887f959-hdgj4> <b38dbb8f-1369-4106-8c35-12dd7f5d4281@gmail.com> <aihFjssxluLCfAKo@LK-Perkele-VII2.locald> <51e9deec-9cff-4961-b72c-3824b89c7707@gmail.com> <aihjjF4cI5BsJCUl@LK-Perkele-VII2.locald>
Content-Language: en-US
From: Yaron Sheffer <yaronf.ietf@gmail.com>
In-Reply-To: <aihjjF4cI5BsJCUl@LK-Perkele-VII2.locald>
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: ELN24UZUOPTM4FEFCN6BJRIKMTWC7RIA
X-Message-ID-Hash: ELN24UZUOPTM4FEFCN6BJRIKMTWC7RIA
X-MailFrom: yaronf.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Fwd: New Version Notification for draft-sheffer-tls-pqc-continuity-02.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kjA1x3EzJote0yEJMB8PRVB5rIc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi Ilari,


Understood. We would need to look further at the interaction between PLANTS and PQC Continuity. Specifically,  we would need to understand the PLANTS trust model better before deciding how the commitment should apply in that case.


Thanks,

        Yaron


On 09/06/2026 22:03, Ilari Liusvaara wrote:
On Tue, Jun 09, 2026 at 09:45:07PM +0300, Yaron Sheffer wrote:

The AP (server, in this case) must be able to determine which
certificate/MTC and corresponding private key to use when
generating CertificateVerify. Therefore, the information needed to
act within its commitment must be available to the AP, even if it
is not explicit within the MTC.

This only determines the server key algorithm, not the certificate
signature algorithm. The two can differ, and the draft requires both to
be PQC.

The MTC certificate signature algorithm is implicitly determined
by the issuer. The AP would need some way to look up the algorithm by
issuer.

(Unless the AP does nasty hacks like assuming any signature that is
over 1kB is post-quantum.)



Similarly, the MTC is received by the RP (client, in this case) along
with a CertificateVerify that clarifies the nature of the
authentication. So the RP can determine if the server is acting
within its commitment.

It is not enough to do this (due to the above), but the RP knows the
algorithm for each issuers it trusts, so it can check if it is
allowed or not.




-Ilari

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status