IETF Logo Mail Archive

Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design

Watson Ladd <watson@cloudflare.com> Fri, 21 February 2020 22:03 UTC

Return-Path: <watson@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F54C1200C3 for <tls@ietfa.amsl.com>; Fri, 21 Feb 2020 14:03:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TH_PD5Yb17T for <tls@ietfa.amsl.com>; Fri, 21 Feb 2020 14:03:04 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C33D12008A for <tls@ietf.org>; Fri, 21 Feb 2020 14:03:02 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id c188so3335019qkg.4 for <tls@ietf.org>; Fri, 21 Feb 2020 14:03:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=m/W/Bz+n5ltu9alWyACO9/h2BT3SMWfYIi4hUX2YR3k=; b=IG56kra5bXRTi3M+2B9WL7SbLNjdrtps1mNyWV0CNyixDt9J+8gR/DLerj6hAoDtsS OfmQCdJusz84SAVTcIecym4GOYzpEUWuHod4vgbVYdVE0VqDhFgfDYEyW+Fx5cLHR/vz IkGDgDWE2pcX9qRUBKprPRX7QEh+mPLoPIjRE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=m/W/Bz+n5ltu9alWyACO9/h2BT3SMWfYIi4hUX2YR3k=; b=H/UhyL8G6cgxF5DFxbXO/CTH7Kh0qf/KYanVhmHDXM3iv01VjPJVJar9OLShugJZ5e B0Px3z2U8RB4kuzwSlCTUgIaJW6wI3Nz4BvpUtvEhFd4LKl7QkXv6qnM6lnNCH7TR+Jl xG1MmM946EHKXl+AYnf7A+oF4Bmc49DtkD861s4RxC2ASv1GkVBWch3NNwDTF2ukSkuF F4xizcYCYQ2q3DjJfDmPVfYciLQyBLuswLUa67YaQqJeZfXU90xhrfVhSUgAenf+oFlS HT3hmRJ41JkVsKsTlTz+uH3phXMghOxuoI+Y3bktzmB4cDuyxW13WdDt6zLHDFbH0p4Z j0kA==
X-Gm-Message-State: APjAAAXRyAaB+zQoJvAjJ+HFhmbuYq3MyFZZG6z1BQwUxkcn3ZEzVTeX VDB1UjtSEPI2aPDc/H5cDYhQjRLVExwmErPqYFz2bx1HCvM=
X-Google-Smtp-Source: APXvYqwSe8RY5BYAUf65sQyT2l+Sp8Deg8KG5FrETVKz3yVrAZ83G6H/9WQvqacJyYiNLGpHSZVgEoQDdChS52uYtuA=
X-Received: by 2002:a37:9e09:: with SMTP id h9mr35716264qke.176.1582322581263; Fri, 21 Feb 2020 14:03:01 -0800 (PST)
MIME-Version: 1.0
References: <CAFBh+SRAJAbviyrcQM2PjztumAH565i4-ui28OQ-pCJE9nePJg@mail.gmail.com> <284685f0-8b19-4870-aef6-573809827091@www.fastmail.com> <D4DBD81C-6555-4EBD-AA77-49905CB88B22@icloud.com> <b91df74c-cec7-44a3-9224-6240553af223@www.fastmail.com> <4ADAE043-22A5-4926-B09E-B167D189B660@vigilsec.com> <MN2PR11MB39364F6D4E91AF466AECD6A3C1120@MN2PR11MB3936.namprd11.prod.outlook.com> <16f0a0d4-be96-64bf-cf64-a09d603beb86@cs.tcd.ie>
In-Reply-To: <16f0a0d4-be96-64bf-cf64-a09d603beb86@cs.tcd.ie>
From: Watson Ladd <watson@cloudflare.com>
Date: Fri, 21 Feb 2020 14:02:50 -0800
Message-ID: <CAN2QdAGk1ReZWdke2WqXHizHdWsDANhRrNNm-xBJ=wZAygUB1w@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, Russ Housley <housley@vigilsec.com>, Martin Thomson <mt@lowentropy.net>, IETF TLS <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/p0RUEDUMXiqT_f9Zm7GRJHyFYdY>
Subject: Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2020 22:03:09 -0000

On Fri, Feb 21, 2020 at 1:37 PM Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
>
> Hiya,
>
> On 21/02/2020 21:24, Scott Fluhrer (sfluhrer) wrote:
> > What it tries to address is "once we have an
> > approved algorithm, how do we integrate it into TLS".
>
> Except that we do not have an approved algorithm. We have
> 17 round 2 KEMs with vastly different properties. Even
> when NIST are done that number seems likely to be >1.

All the KEMs are KEMs, meeting the same security properties, and fall
into three categories of problem: lattice, code, and isogeny.

>
> > Surely it
> > would be better to get that preliminary work out of the way first,
> > rather than waiting for the NIST process to conclude, and then start
> > spending the time working on the integration process.
> Given the range of differences in sizes of public values,
> CPU etc and the fact that we don't know how those algs
> will be parameterised, I don't believe this is work that
> can be usefully gotten out of the way first.

We have already deployed widespread experiments that conducted the
hybridization described in this draft, already have implementations
supporting an approach similar to this draft, and that produced
valuable input to the standardization process. It really didn't matter
that it was SIKE or NewHope that was being hybridized, and they have
very different characteristics.

What will we know when NIST finishes that we need to know that we do
not know today? Which algorithm we want to hybridize? That's easy to
handle: the mechanism is generic.

Sincerely,
Watson Ladd

v2.23.0 | Report a Bug | By Email