IETF Logo Mail Archive

Re: [TLS] PQC key exchange sizes

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 26 July 2022 15:42 UTC

Return-Path: <prvs=52061cfc92=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF1B0C13C222 for <tls@ietfa.amsl.com>; Tue, 26 Jul 2022 08:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EuCYd49pmuw0 for <tls@ietfa.amsl.com>; Tue, 26 Jul 2022 08:42:14 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6051CC15A729 for <tls@ietf.org>; Tue, 26 Jul 2022 08:42:02 -0700 (PDT)
Received: from LLEX2019-1.mitll.ad.local (llex2019-1.llan.ll.mit.edu [172.25.4.123]) by MX2.LL.MIT.EDU (8.17.1.5/8.17.1.5) with ESMTPS id 26QFftiJ042677 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 26 Jul 2022 11:41:55 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=1ZXQIbt0BbMmMvY+CAhKO2Z8VfwFNV3d9xkBkymsthMu2n2EwxuVX9uOa6HsZQKjVQtD5XWHCkEMzAmOWrlRwosY5lSdt0oAqtuprCKZJgaRfC0sNbZbdANNnztS6L09W2ThSaCBpK35uORGzxsKAJheY5SfxvYdubCf5AQlwQSm1DXiYnbnz/W2ItOeh2DO9mr/3yMqeuR42O3VOSFMGvQUJqvalEj/7tJzH1bdSnucqwDAyhPwqV1uG9xU2n6mSZ/mCSCtKQ0x9IFsyOvNCi65mflBFcxL+5CwTa9EZJr9PiEIbomUX3dUxeMrsKyNGHoOsA0XAhCJQfjZa6FGvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BHyk9Wr31FXh2vWgrKh9k45Ziksc1F9kpi/Ak/nS9cM=; b=sIcwZg2XxjM0HfzAfMkRbmWWN9SvSphYEB+QsxzhCaH3ZjKgJuUwyTPGeWSKcJNLSrhZjDW/IPOyrbiZ8i38m1on0lnpXEreib0y0fqQJMO7NDR+CceFRXAV4uT0D84QVIOSkrTXKrJj74WzBQX+j06Ossb3lAg/HcdFG82k55lV/NYMWlPwMgIrV41BzQbjHdnTPEK2jh8OtGgkhX0a7Uys+Zk03GHkUWUjmgGWbVa9t2VkNWnX0EvLXHtpjKJGLJCTwVnF++Iu3IfGpRMusD40cuptY+KeC2oROkh4yQUTsIJab1VPrZN9pbM3LNkxjl4YdpbWWEzNn90WaSFCeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Martin Thomson <mt@lowentropy.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] PQC key exchange sizes
Thread-Index: AQHYoOl+piUeQrfB+kabfUpxcytGs62QxQGAgAACnQCAAAMLgA==
Date: Tue, 26 Jul 2022 15:42:00 +0000
Message-ID: <4052CC09-1867-4A51-B366-6554C22C3E69@ll.mit.edu>
References: <9f6b11ba-3649-42bb-87e9-1015be3dc84b@www.fastmail.com>
In-Reply-To: <9f6b11ba-3649-42bb-87e9-1015be3dc84b@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 68b01370-170c-4d2e-12fc-08da6f1d6125
x-ms-traffictypediagnostic: BN0P110MB1142:EE_
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ONXSg60LCPfAyDGfakpLl4ygkpLb/1zGaB6gUIuqxkL/6FQaipiKxW0NALqN0YwO5cYcdmpYbw1rOfMUE1dpinuchHXJ/5JdBn3efTpzrZnrkstiEStJ5Of3w1DTIKQ4w767kdIKDwR1fAWqW6u0bv692NSp+x3bzImH6pL1rXgg6AJr8oA+UlQ8vEQnvNG0MD7gIpwQx29h05nDpRJ4C6wLXXjiE2jvWKo+3ybfgLErRQ9EdRui0XJ9/hkZLwW3O1tOgFQuMauwHCH1MRNVHQQHxIVr3XyVnRRZJUe9Z/1VKWYjzS2YuNCRmytpdFM1g9OjOo+tVsxXkuffTRhk7RhPLCnGnvyDnmp6WRZtzeWLpVBvIjmAIKjuBKi7NXjSZLpSTSy9bOBw3wJEAC7N09zg6ZmN0jN5epnDc+2xM26pc51ROpHwmoVFUW2wSI8bB/QiqKI/E7A6IvnsfaVaryS8CS/jqtTiuS8MsI9HHvys7jWwDtXBAwKVfhucYVc0m2fEfK/3lpxrw+SNfNbmVYYBwDBiwvhnnFUWzIXup7ccIkcHftFMwVG/FnOFlPmhMT2znu82rmTrUM4JNusBtS1UVv4UoH8F0WpRReBC1yq/Tm4ASHmZ+MsjvKpmQepsjEViLmYlqNBfQRBoOSqCi3NY2f5y3J0ndvB0gc9hN/w66yRknKbbJpp0Y9l7+9uJDyJ8qUIE/g9kPz/fFSPIXGqZAmvaBiPqRbVFnX2GXRCd0tTQNVAVCPFuit9Nb8m0beMXIOT/SV9qyZG3/IpggA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(8676002)(38070700005)(122000001)(186003)(76116006)(4326008)(66446008)(66556008)(66946007)(99936003)(64756008)(66476007)(6916009)(6486002)(966005)(6506007)(86362001)(2906002)(71200400001)(53546011)(33656002)(75432002)(498600001)(5660300002)(2616005)(8936002)(4744005)(6512007)(83380400001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xhUtn5eLSI2RgnJztcjkNFPEH0cAlvblkpxVvT8vTME/wdnZw6vYr2xqZpX2qrBlI+sCIoMeGdJxDJD5yiL5PXLWRCBfXKnXGODlYqTpHKIwpDM2AkOxmkWyFx2lRXpQuzolBE0VCshX5XUvwLZbpBu4OXLEfYFM4EfdfvbpiLzQPl8IsFH48vFNA5xBgfXv1YL4eFaGqcigTzl1ezmLsD161ufjBc8AAToq8iTv52L3lxrbDYc2vmxlJojcDyJiEKrPBkMV+XLXLeef14/6W3SMVDpIdIRvqvVuP2c8FPLVLPV84lRDUN1d5rJ4a/sm
Content-Type: multipart/signed; boundary="Apple-Mail-B150DA8B-B5CD-4398-B086-51168D104A42"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 68b01370-170c-4d2e-12fc-08da6f1d6125
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2022 15:42:00.0432 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1142
X-Proofpoint-GUID: -qASPu1phcQa5gAdmiV4XTH-Xzcxqv4w
X-Proofpoint-ORIG-GUID: -qASPu1phcQa5gAdmiV4XTH-Xzcxqv4w
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-26_04,2022-07-26_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 mlxscore=0 mlxlogscore=999 phishscore=0 spamscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207260059
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qV-xKy1M7MXEvOacg_QiH0NnAbM>
Subject: Re: [TLS] PQC key exchange sizes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2022 15:42:15 -0000

What are the implications for environments that require NIST Sec Level 3 or 5?

Regards,
Uri

> On Jul 26, 2022, at 11:33, Martin Thomson <mt@lowentropy.net> wrote:
> 
> On Tue, Jul 26, 2022, at 11:21, Stephen Farrell wrote:
>> Be interested in how that'd change the CH if ECH is used too.
>> I guess the answer mightn't make us happy;-)
> 
> PQ HPKE would not fit, but the Kyber-512 numbers mean that we should be OK for ECH if we stuck with classical security.  For obvious reasons, that might not be OK though.
> 
> If we wanted a PQ HPKE (or a Hybrid KEM) then ECH would blow out the size so that we would end up with multiple packets for the CH.  That would be basically unworkable from a performance perspective.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email