Re: [TLS] about hash and post-quantum ciphers

2023-01-31 Thread Phillip Hallam-Baker
+1 on support for SHA3, NIST is really putting the thumb on the scales here with their choices of PQC algorithm. Everything is built around SHAKE as the cryptographic primitive... On the BLAKE3 thing, the problem here is the IETF got into a position where assignment of code points is taken as an e

Re: [TLS] about hash and post-quantum ciphers

2023-01-28 Thread Ilari Liusvaara
On Sat, Jan 28, 2023 at 09:02:32AM +, John Mattsson wrote: > > >Well, duplex mode is a bit special-purpose thing, for cases where one > >wants to reduce number of primitives to reduce code size, or has > >hardware acceleration to make it much faster than AES-GCM. > > That is also a good idea.

Re: [TLS] about hash and post-quantum ciphers

2023-01-28 Thread John Mattsson
changes and too little gain to do. Cheers, John From: TLS on behalf of Ilari Liusvaara Date: Friday, 27 January 2023 at 19:15 To: tls@ietf.org Subject: Re: [TLS] about hash and post-quantum ciphers On Fri, Jan 27, 2023 at 11:24:59AM +, John Mattsson wrote: > Hi, > > I don't thin

Re: [TLS] about hash and post-quantum ciphers

2023-01-28 Thread John Mattsson
or should require. Cheers, John From: TLS on behalf of Salz, Rich Date: Friday, 27 January 2023 at 19:34 To: tls@ietf.org Subject: Re: [TLS] about hash and post-quantum ciphers >> I don't think non-standardized algorithms should be adopted by the >> WG. Even for just assigning

Re: [TLS] about hash and post-quantum ciphers

2023-01-27 Thread Salz, Rich
>> I don't think non-standardized algorithms should be adopted by the >> WG. Even for just assigning a number, a good first step would be CFRG. > Well, getting adopted by the WG isn't a requirement for those to wind up > with a number... There is expert review process as well. The requirements fo

Re: [TLS] about hash and post-quantum ciphers

2023-01-27 Thread Ilari Liusvaara
On Fri, Jan 27, 2023 at 11:24:59AM +, John Mattsson wrote: > Hi, > > I don't think non-standardized algorithms should be adopted by the > WG. Even for just assigning a number, a good first step would be CFRG. Well, getting adopted by the WG isn't a requirement for those to wind up with a numb

Re: [TLS] about hash and post-quantum ciphers

2023-01-27 Thread Kampanakis, Panos
@ietf.org>> Subject: Re: [TLS] about hash and post-quantum ciphers In TLS 1.3, AES256-SHA384 is not mandatory to implement. If there is a freely available published specification of BLAKE3, you can request an assigned number for it in the TLS registry [1]. * Furthermore, NIST selecte

Re: [TLS] about hash and post-quantum ciphers

2023-01-27 Thread Blumenthal, Uri - 0553 - MITLL
" Cc: hojarasca2022 , "Salz, Rich" Subject: Re: [TLS] about hash and post-quantum ciphers Hi, I don't think non-standardized algorithms should be adopted by the WG. Even for just assigning a number, a good first step would be CFRG. But this mail got me thinking: -

Re: [TLS] about hash and post-quantum ciphers

2023-01-27 Thread John Mattsson
HKDF. Might also be nice to use the duplex construction whose security can be shown to be equivalent to the sponge construction. Cheers, John From: TLS on behalf of Salz, Rich Date: Thursday, 26 January 2023 at 20:42 To: hojarasca2022 , tls@ietf.org Subject: Re: [TLS] about hash and post-qu

Re: [TLS] about hash and post-quantum ciphers

2023-01-26 Thread Salz, Rich
In TLS 1.3, AES256-SHA384 is not mandatory to implement. If there is a freely available published specification of BLAKE3, you can request an assigned number for it in the TLS registry [1]. * Furthermore, NIST selected some post-quantum ciphers: https://nist.gov/pqcrypto