IETF Logo Mail Archive

Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space

Russ Housley <housley@vigilsec.com> Thu, 28 March 2024 21:08 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 019DFC14F683 for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 14:08:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ou-qiQ5Xa0iW for <tls@ietfa.amsl.com>; Thu, 28 Mar 2024 14:08:17 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3174C14F5F5 for <tls@ietf.org>; Thu, 28 Mar 2024 14:01:11 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 823C5104326; Thu, 28 Mar 2024 17:01:10 -0400 (EDT)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 679FD1041E1; Thu, 28 Mar 2024 17:01:10 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com>
Date: Thu, 28 Mar 2024 17:01:00 -0400
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0BC652C3-9BBF-4E18-97D1-4036EA16C9E4@vigilsec.com>
References: <B5E1CFD9-32F5-482E-B305-2D739AD273BA@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3731.700.6)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=content-type:mime-version:subject:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=pair-202402141609; bh=sfFIvL/D8HyFTzDEpIWAZ2wOint8XNSraxdT59o0t3k=; b=pXhBJhYzpa+Qx4lca6tWFFDmoXZueSpQOHpqVcDW0SuGgCopWA2OZvw/ni8yu91hZ4WxXn3ttUPI+mktcVCo8xy28bpBRRevKNM7kOQu1N81QUOB+h3hKPNdZ8DWb/px60uq9OiWN+ibD8Dyswio97OcqWOnEIy5MPPwtl5iOMn2n/UadcJBgtu7ANf+bCvPcjEreJ3Q0GvWuQZ7tGi40Dfl7K4+u326Cp+h+Mj4qvISUcOKhDWl5bs90aBWaKktVNUPL2TMr+SqjBv/MGHncrP2L0jKVLTVJSSLSRUilalkcqUbdyk7sG/KdvfueccLH9M1h29hxXwqlnCXiX6C7Q==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qDDgvQ9Ob6hPZRXult4E5f0ytL8>
Subject: Re: [TLS] -draft8447bis: rename Support Group Elliptic curve groups space
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2024 21:08:22 -0000

Sean:

I observe that ML-KEM is not a Elliptic curve group or a Finite Field Diffie-Hellman group.  I really think we want to include sepport for KEMs. but a separate range is needed.  I assume it will be carved out of the Elliptic curve group range.

KEMs are not "key agreement" algorithms as suggested by this draft name.  In a key agreement algorithm, both parties contribute to the shared secret.  With a KEM, only one party generates the the shared secreat value.

Russ

> On Mar 28, 2024, at 10:52 AM, Sean Turner <sean@sn3rd.com> wrote:
> 
> <author hat>
> 
> **WARNING: Potential bikeshed**
> 
> -connolly-tls-mlkem-key-agreement has suggested that code points for the NIST PQ be registered in the TLS Supported Groups IANA registry [1].  Currently [2], the registry is carved up into three blocks as follows:
> 
> Range: 0-255, 512-65535
> Registration Procedures: Specification Required
> Note: Elliptic curve groups
> 
> Range 256-511
> Registration Procedures: Specification Required
> Note: Finite Field Diffie-Hellman groups
> 
> Assuming that the proposal in -connolly-tls-mlkem-key-agreement is the path for PQ KEM algorithms (and maybe regardless of whether this is the path), we should really replace the “Elliptic curve groups” note in the 0-255, 512-65535 range row with something else.  I am open to suggestions, but would like to propose “unallocated”. I have submitted the following issue:
> https://github.com/tlswg/rfc8447bis/issues/54
> and this PR:
> https://github.com/tlswg/rfc8447bis/pull/55
> to address this.
> 
> spt
> 
> [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
> 
> [2] Originally, RFC 8442 defined the name of the registry as "EC Named Curve Registry” and then RFC 7919 re-named it “Supported Groups” and carved out the FFDH space.

v2.23.0 | Report a Bug | By Email