IETF Logo Mail Archive

Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

Krzysztof Kwiatkowski <kris@amongbytes.com> Wed, 17 May 2023 18:14 UTC

Return-Path: <kris@amongbytes.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 251BCC151074 for <tls@ietfa.amsl.com>; Wed, 17 May 2023 11:14:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pH0GP4Dxofnu for <tls@ietfa.amsl.com>; Wed, 17 May 2023 11:14:03 -0700 (PDT)
Received: from 1.mo580.mail-out.ovh.net (1.mo580.mail-out.ovh.net [178.33.252.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AD31C14CF1A for <tls@ietf.org>; Wed, 17 May 2023 11:14:03 -0700 (PDT)
Received: from mxplan8.mail.ovh.net (unknown [10.109.146.92]) by mo580.mail-out.ovh.net (Postfix) with ESMTPS id 4394F23F55; Wed, 17 May 2023 18:14:00 +0000 (UTC)
Received: from amongbytes.com (37.59.142.108) by mxplan8.mail.ovh.net (172.16.2.1) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 17 May 2023 20:13:59 +0200
Authentication-Results: garm.ovh; auth=pass (GARM-108S002c829973d-1787-4ebf-a9fe-12e37396efb8, BD3721F6E5F8D874856713640A299BB78050613E) smtp.auth=kris@amongbytes.com
X-OVh-ClientIp: 62.30.61.232
From: Krzysztof Kwiatkowski <kris@amongbytes.com>
Message-ID: <1FF9E580-D83B-41C5-ADC6-13492051959D@amongbytes.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_EACEC6A9-ADF0-4383-B5EE-DA79BA409162"
MIME-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\))
Date: Wed, 17 May 2023 19:13:48 +0100
In-Reply-To: <EBBF574C-CF1C-4552-A9C8-947F070C201B@amongbytes.com>
CC: tls@ietf.org
To: Christopher Wood <caw@heapingbits.net>
References: <FBE87FDA-A407-4DC8-A2E8-F39AB475C87B@heapingbits.net> <C446C65E-924F-4927-BF53-E0B13EFC4930@heapingbits.net> <EBBF574C-CF1C-4552-A9C8-947F070C201B@amongbytes.com>
X-Mailer: Apple Mail (2.3731.300.101.1.3)
X-Ovh-Tracer-GUID: 17124f96-8108-4988-b098-534f65a177fb
X-Ovh-Tracer-Id: 1830431777811578778
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvhedrfeeiuddguddvvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhephffktgggufffjgevvfhfofesrgdtmherhhdtjeenucfhrhhomhepmfhriiihshiithhofhcumfifihgrthhkohifshhkihcuoehkrhhishesrghmohhnghgshihtvghsrdgtohhmqeenucggtffrrghtthgvrhhnpeejgefgkeejteeltdefuefhgeevudellefgkefggeekfeeihfdvkefhheelffdvleenucffohhmrghinhepihgvthhfrdhorhhgnecukfhppedtrddtrddtrddtpdeivddrfedtrdeiuddrvdefvddpfeejrdehledrudegvddruddtkeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhhtpdhhvghlohepmhigphhlrghnkedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehkrhhishesrghmohhnghgshihtvghsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepthhlshesihgvthhfrdhorhhgpdfovfetjfhoshhtpehmohehkedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/w-YL38Pu7ASbm4mwvPiK7zTz2zs>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2023 18:14:06 -0000

Sorry, quick clarification - it’s Panos and myself who prepared, not just me.
(Thanks Panos for your help!)

> On 17 May 2023, at 19:11, Krzysztof Kwiatkowski <kris@amongbytes.com> wrote:
> 
> Hi,
> 
> Can we get another code point for P256+Kyber768? Following Bas’s draft, I’ve prepared similar one:
> https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-kyber/
> 
> The goals of having those are:
> * Be able to experiment with flows in which FIPS-approved curves are used
> * Some HW based solutions simply don’t have X25519, adding it to resource constrained devices
>   is kind of problematic and reusing ECDHE/P-256 already provided in HW seems to simplify
>   migration.
> 
> Kind regards,
> Kris
> 
>> On 1 May 2023, at 10:58, Christopher Wood <caw@heapingbits.net> wrote:
>> 
>> It looks like we have consensus for this strategy. We’ll work to remove codepoints from draft-ietf-tls-hybrid-design and then get experimental codepoints allocated based on draft-tls-westerbaan-xyber768d00.
>> 
>> Best,
>> Chris, for the chairs 
>> 
>>> On Mar 28, 2023, at 9:49 PM, Christopher Wood <caw@heapingbits.net> wrote:
>>> 
>>> As discussed during yesterday's meeting, we would like to assess consensus for moving draft-ietf-tls-hybrid-design forward with the following strategy for allocating codepoints we can use in deployments.
>>> 
>>> 1. Remove codepoints from draft-ietf-tls-hybrid-design and advance this document through the process towards publication.
>>> 2. Write a simple -00 draft that specifies the target variant of X25519+Kyber768 with a codepoint from the standard ranges. (Bas helpfully did this for us already [1].) Once this is complete, request a codepoint from IANA using the standard procedure.
>>> 
>>> The intent of this proposal is to get us a codepoint that we can deploy today without putting a "draft codepoint" in an eventual RFC.
>>> 
>>> Please let us know if you support this proposal by April 18, 2023. Assuming there is rough consensus, we will move forward with this proposal.
>>> 
>>> Best,
>>> Chris, Joe, and Sean
>>> 
>>> [1] https://datatracker.ietf.org/doc/html/draft-tls-westerbaan-xyber768d00-00
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email