Dear list,
This email is in regards to draft-celi-wiggers-tls-authkem.
We’ve only made some minor fixes to the authentication-via-KEM proposal
that we submitted and presented at the last IETF meeting (IETF111) at the
working group. We did receive a few questions and comments on the draft
during t
ing
that.
Thanks!
-Original Message-
From: Blumenthal, Uri - 0553 - MITLL
Sent: Thursday, July 22, 2021 8:49 AM
To: Kampanakis, Panos
Cc: tls@ietf.org; Douglas Stebila ; Eric Rescorla
Subject: RE: [EXTERNAL] [TLS] Comments on
draft-celi-wigger
y 13, 2021 1:17 AM
> To: Kampanakis, Panos
> Cc: ; Douglas Stebila ; Eric
> Rescorla
> Subject: RE: [EXTERNAL] [TLS] Comments on
> draft-celi-wiggers-tls-authkem-00.txt
>
>> If we are talking NIST Level 5 (and I am assuming you are
>> discussing mTLS),
>
&
ar - it's not the *devices* themselves
> that sweat 5KB, it's their austere links.
>
>
>
>-Original Message-----
>From: TLS On Behalf Of Blumenthal, Uri - 0553 -
> MITLL
>Sent: Monday, July 12, 2021 11:39 PM
>To: Douglas Stebila ; Eric
On Mon, Jul 12, 2021 at 9:10 PM Kampanakis, Panos wrote:
>
>
> > So, while I'm not that enthusiastic about paying a few K, I think on
> balance it's a better than doing this kind of major rearchitecture of TLS.
>
>
>
> +1. KEMTLS is a great scheme but significantly changes the TLS state
> machine
Eric Rescorla
Cc:
Subject: RE: [EXTERNAL] [TLS] Comments on
draft-celi-wiggers-tls-authkem-00.txt
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you can confirm the sender and know the
content is safe.
Let me emphasi
NIST Level 5?
-Original Message-
From: TLS On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: Monday, July 12, 2021 11:39 PM
To: Douglas Stebila ; Eric Rescorla
Cc:
Subject: RE: [EXTERNAL] [TLS] Comments on draft-celi-wiggers-tls-authkem-00.txt
CAUTION: This email originated from outsi
d imo.
Cert compression will not help as these big certs mostly consist of big keys or
sigs which are random sequences and thus do not benefit from compression.
Rgs,
Panos
From: TLS On Behalf Of Eric Rescorla
Sent: Monday, July 12, 2021 9:10 PM
To: Douglas Stebila
Cc:
Subject: RE: [EXTE
Let me emphasize the reasons Douglas brought up. Note that I need to use NIST
Sec Level 5 algorithms. So, Kyber-1024 and Dilithium5 (other algorithms show
even worse ratio between KEM and signature!).
Communications costs:
- Difference in public key sizes: 1568 bytes of Kyber vs. 2592 bytes of
On Mon, Jul 12, 2021 at 5:58 PM Douglas Stebila wrote:
> Hi Eric,
>
> The main motivation is that, in some cases, post-quantum signatures are
> larger in terms of communication size compared to a post-quantum KEM, under
> the same cryptographic assumption.
>
> For example, the KEM Kyber (based on
Hi Eric,
The main motivation is that, in some cases, post-quantum signatures are larger
in terms of communication size compared to a post-quantum KEM, under the same
cryptographic assumption.
For example, the KEM Kyber (based on module LWE) at the 128-bit security level
has 800-byte public k
Hi folks,
I have just given draft-celi-wiggers-tls-authkem-00.txt a quick
read. I'm struggling a bit with the rationale, which I take to be
these paragraphs:
In this proposal we use the DH-based KEMs from [I-D.irtf-cfrg-hpke].
We believe KEMs are especially worth discussing in the context o
12 matches
Mail list logo
