IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-hybrid-design

Martin Thomson <mt@lowentropy.net> Wed, 17 August 2022 23:05 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ACC3C14F72B for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 16:05:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=N/wpL3Cm; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=vmggl7LI
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQdG5ZQy7T6m for <tls@ietfa.amsl.com>; Wed, 17 Aug 2022 16:05:12 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E640C152710 for <tls@ietf.org>; Wed, 17 Aug 2022 16:05:12 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 8F1BC5C00F5 for <tls@ietf.org>; Wed, 17 Aug 2022 19:05:11 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Wed, 17 Aug 2022 19:05:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1660777511; x=1660863911; bh=T1fCYauxPp 03FHcTYqSdTUz8P//mT1nP749JfqDT+80=; b=N/wpL3CmM9/DXtngX9xtC2K03Q SUZbKH94fbablr8tPXB5YNTiilwAMr/djDaRw5QFzIG/tnyOl298MgMp8APojc2h 3nZSZP94xlIkqebMhJImPblwPoSg+Cj4c55UXLWJkCQQvxglcGjh5ywtQ8Bo5wdZ q0PaFC4rT+9riu2QUwzs1Z4oXrFlZpx31fESUAjSU0c4dxX5HopjVdGWGbdpaZFW N/ztXw3LDY8zMqmvXZKxZQ0uZ4E/UwqADXetwB45SUH7cfJgMjLInFCtnzVfgKm+ VQp/9cAoj493Uo7I+x+r+EQF2+PqEXUJrzouUIaoxgOemeISvyltDBxA9Tpg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1660777511; x=1660863911; bh=T1fCYauxPp03FHcTYqSdTUz8P//m T1nP749JfqDT+80=; b=vmggl7LIhZsSlUn4lc0iqM9BuaYRU+BE6u6pvNQRfMSS iLkHBuG+CLwNXrHwXncv1vYjMalH8Fel4bYXsOyE5b3f260qZydeCv0YZQcN0sQA 9MM5U64JP1++x0qJR/RPD8E360wIPIf3qLwKp3VHnO0sCCwNDWSwHxoKbEJB7Bx/ QlekUupAl1RsgRGTfq47CNkbLao/h0egb+ajBuWBh5g84TEh3lwk7LW2H0anSRTv K+6Xisa0OUdyrRNgs3oG5dBdooge3sdTTm65PNtt6B/j8yC2nbbcyBgj7BBmBoXZ saYqmCj9K18FE/mOIVOlYo/Ku/lLjJNXHvzjfSn+Ug==
X-ME-Sender: <xms:J3T9YktsMIjzo202S9Vd8UnnKaWQ5oDujq19WGXkYnKyJp8wAQcHGw> <xme:J3T9YheaA6XTvnzoaej6UbrSVhQNB-lJvX3YfmqK7DloGJ6IqEpAcHtdMwBWoQhPV V_g7JpGYuhD0CYUHFQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdehjedgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:J3T9YvydjXWBvCQbVeYZU4qk4GoOMahlRKZyL6f4h73wlF2m8lXnkQ> <xmx:J3T9YnMYcLrJGjEXPwe1AqNvOi6vM1YJOqQ8fEBXHygnDCajbtKEXQ> <xmx:J3T9Yk9_-ZepiZs4hUmWL_4BHcYu-IT1lzLEmFU0x8rSXvRjTeba9A> <xmx:J3T9YnL1p2mFZqurNdStOCYdAKd7AnLEpXkXU9UUoeTmByLpdipgbA>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 52C232340077; Wed, 17 Aug 2022 19:05:11 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-841-g7899e99a45-fm-20220811.002-g7899e99a
Mime-Version: 1.0
Message-Id: <320bb3ca-890b-45c9-b55f-f0d65bdce7be@beta.fastmail.com>
In-Reply-To: <CH0PR11MB5444D7D4F32F195FFB189C10C1679@CH0PR11MB5444.namprd11.prod.outlook.com>
References: <27E9945C-6A0A-46DD-89F0-22BE59188216@heapingbits.net> <e43fc649-3fc6-333b-c44d-55de0627c710@cs.tcd.ie> <Ymz7yncQAnzmp/eL@LK-Perkele-VII2.locald> <38de10e6-ab3c-6ea1-44b7-57057c97e7aa@cs.tcd.ie> <CH0PR11MB5444D7D4F32F195FFB189C10C1679@CH0PR11MB5444.namprd11.prod.outlook.com>
Date: Thu, 18 Aug 2022 09:04:51 +1000
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xohKB7F6iOBkLX3PN_k7XSroEIs>
Subject: Re: [TLS] WGLC for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2022 23:05:18 -0000

On Sat, Aug 13, 2022, at 04:13, Scott Fluhrer (sfluhrer) wrote:
> Well, if we were to discuss some suggested hybrids (and we now know the 
> NIST selection), I would suggest these possibilities:
>
> - X25519 + Kyber512
> - P256 + Kyber512
> - X448 + Kyber768
> - P384 + Kyber768

Any specific pairs of primitives should be specified in a different document to this one.

Ultimately, I want fewer choices, but the direction the discussion is headed seems about right.  At least in the short term, I think we need to eschew compression and only include one offer.  Partly because I think that there might be better options available to us than compression, partly because compression will be annoying to implement correctly, and partly because we're still in the phase where this is being trialed.

v2.23.0 | Report a Bug | By Email