[TLS] Bumped AuthKEM draft
Thom Wiggers <thom@thomwiggers.nl> Mon, 15 April 2024 14:23 UTC
Return-Path: <thom@thomwiggers.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A727C14F68A for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 07:23:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MxjGfw36ZGCJ for <tls@ietfa.amsl.com>; Mon, 15 Apr 2024 07:22:56 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B18FC14F6F3 for <tls@ietf.org>; Mon, 15 Apr 2024 07:22:55 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a523dad53e0so399807066b.1 for <tls@ietf.org>; Mon, 15 Apr 2024 07:22:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1713190972; x=1713795772; darn=ietf.org; h=to:date:message-id:subject:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=H5Agq7/Bm0gusk2Nq/vE+SHYeUjr98Ns9fjqqk1gT2Y=; b=B5NH6giRsOIISn2Wo35igFnyj/6GWi6ypPjgtdURlNF/pzn7GvakyRmhLF7sr0m1a3 Ww0kDCBMGGt26AP6EFVuex+HdFHhHH+sNwkLccNTZNSZQf1mhjzFHyh6oZvmKvcYiCCe 7jqDQOooMsangv2q2BrVpoh7aRc+par/oGtuE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713190972; x=1713795772; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=H5Agq7/Bm0gusk2Nq/vE+SHYeUjr98Ns9fjqqk1gT2Y=; b=pfc40381W/YXPjfe8zGy7yTPHFYx2X2pDnlkKLJXQNu/odaGOHInI99/9i6OH7Dh5c Dp42CqAzWabksfkR4twUqIwuFoOj2zNjLe5b7CiJngniJ2b6rdgwimIxFHiWZ0GoyTKS 9C6Dz0E8AqyfUAslYnbzknOZbuh/RF2KboB2Iuld/aq4vZusgADObVuJM21Ob9krGCab +s1F20foHub9RX966+dLgMA2YtgosUY/i4Dd5qqECe2Q5WZ2WD8DpQLO7IhdnB0HpcE0 rNfKqLK1ANlKHVzBo8TPcSceS0h8e9g93wTIhwmgTwI/Erhiate1rLz2+5987IpF6eiZ A+iQ==
X-Gm-Message-State: AOJu0YyLWu4Ajn4yOJSIzphSBySKUezqkBLVBH4O1qANdDyh/bSE2CsV onf0HeyNoJNM6m/Ft1azXi1EqH+0sWUHJKh3l44UhiA9gAPYtOztD22jWgdQUWdAzJYRNcpg3E5 Dp/k=
X-Google-Smtp-Source: AGHT+IGCdvv4YmKXc8Nsu4ST2UIwcsDrn2XOAiCb6GSfbutUblAwcxtYjtIcreb+hKxiYMstz//Vog==
X-Received: by 2002:a17:907:3605:b0:a52:54f2:6d0 with SMTP id bk5-20020a170907360500b00a5254f206d0mr5395046ejc.15.1713190972132; Mon, 15 Apr 2024 07:22:52 -0700 (PDT)
Received: from smtpclient.apple (139-165-187-31.ftth.glasoperator.nl. [31.187.165.139]) by smtp.gmail.com with ESMTPSA id g17-20020a170906595100b00a521327b019sm5541380ejr.197.2024.04.15.07.22.51 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Apr 2024 07:22:51 -0700 (PDT)
From: Thom Wiggers <thom@thomwiggers.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7DEE4F38-9FE8-477A-AB0D-839185F15982"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Message-Id: <8952A10E-4249-40FF-A8EF-0CF3348D8786@thomwiggers.nl>
Date: Mon, 15 Apr 2024 16:22:41 +0200
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yqeX6EMLAtyRbfxA0yrHII6LzH8>
Subject: [TLS] Bumped AuthKEM draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 14:23:00 -0000
Hi all, I have just pushed a minor update to the AuthKEM [1] and AuthKEM-PSK [2] drafts. I also have a new “reference” implementation of AuthKEM. AuthKEM allows authentication via KEM public keys, which in particular might save a lot of handshake traffic if you can replace ML-DSA by ML-KEM. This approach is particularly interesting if we can mitigate the overhead of the other signatures of the handshake using e.g. Merkle Tree Certificates. The reference implementation lives at [3]. I have only implemented AuthKEM server authentication right now; PSK and client auth will follow at some later point. The diff with the main branch of Rustls [4] might be particularly interesting if you want to see what the impact of an implementation of AuthKEM might be. Note that a large part of this diff is just instantiating Rustls' pluggable crypto provider API. The updates to the drafts include some things that I found when implementing the specified scheme, and I pinned some code points for experimental use (though with a note that these are not stable). As always, if you have questions or comments, you know where to find us. Cheers, Also on behalf of my co-authors, Thom [1]: https://datatracker.ietf.org/doc/draft-celi-wiggers-tls-authkem/ [2]: https://datatracker.ietf.org/doc/draft-wiggers-tls-authkem-psk/ [3]: https://github.com/kemtls/rustls-authkem/ [4]: https://github.com/rustls/rustls/compare/rustls:793553e...kemtls:a9ca69b
- [TLS] Bumped AuthKEM draft Thom Wiggers