[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120

On Tue, Jul 23, 2024 at 09:51:04PM -0700, Dennis Jackson wrote: > > Ahead of the meeting tomorrow, I want to highlight some of the questions > which I think we need to find and agree on answers for: The following are my own opinions. > - What are the problems that we solving? * Allowing server

[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Douglas, The agenda for the TLS session is looking packed, and this is a very in-the-weeds comment, so I hope you don't mind me posting it to the list. Happy to take any discussion off-list, if you'd prefer. The draft-ietf-tls-hybrid-design security considerations currently say: The share

[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Not a direct reference for TLS 1.3, but recent related work from the document author, Douglas's analysis of PQ3 iMessage¹, has a hybrid encrypted session setup with commonalities with the TLS 1.3 key schedule, especially the layers of calls to HKDF.Expand and HKDF.extract, albeit in a different ord

[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Deirdre, I’m not familiar with the PQ3 protocol, but I think PRF-ODH can fail in practice due to the way that ECDH is usually instantiated. For NIST P-256, the input to the KDF is usually the x-coordinate of the ECDH shared secret rather than the full point. Given a challenge (C, label), sett

[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Yet another reason I would love full group elements included in these protocols but alas On Wed, Jul 24, 2024, 9:22 AM Peter C wrote: > Deirdre, > > > > I’m not familiar with the PQ3 protocol, but I think PRF-ODH can fail in > practice due to the way that ECDH is usually instantiated. > > > > Fo

[TLS]Re: I-D Action: draft-ietf-tls-svcb-ech-03.txt

Hey folks this version is just a keep alive version, i.e., the dates changed and that’s it. We had a couple of comments during WGLC that need to be addressed. Cheers, spt > On Jul 23, 2024, at 08:26, internet-dra...@ietf.org wrote: > > Internet-Draft draft-ietf-tls-svcb-ech-03.txt is now avai

[TLS]tls@ietf120: WG I-D status

Hi! We often review the WG I-Ds’ status during the chairs’ slides. I’d like to try an experiment to save us more time for the session by sending the update via email; it’s also in the chairs’ slides. If any I-D authors disagree with this very brief summary please let us know. The list is sorted

[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120

I think this is a good summary. I want to support this sort of effort, in part because it's very similar to some other ideas my boss and I were pushing about five years ago. Something similar to this would solve, but also cause, lots of problems. It's not clear whether the net result is bette

[TLS]Re: tls@ietf120: WG I-D status

Hiya, What's the status/plan for draft-ietf-tls-esni-18? Thanks, S. On 24/07/2024 20:57, Sean Turner wrote: [External Email] This email originated outside of Trinity College Dublin. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hi! We

[TLS]Re: tls@ietf120: WG I-D status

Funny I had the SAME question earlier too with someone else. So, ditto Arnaud Taddei Global Security Strategist | Enterprise Security Group mobile: +41 79 506 1129 Geneva, Switzerland arnaud.tad...@broadcom.com | broadcom.com > On 24 Jul 2024, at 13:22, Step

[TLS]Re: I-D Action: draft-ietf-tls-hybrid-design-10.txt

Hi Peter, I agree that if you assume that the PQ KEM is broken, then [GIACON] and [BINDEL] don't apply since ECDH-as-a-KEM is not IND-CCA2 secure. I don't fully follow your argument on why it's not possible to fall back on [DOWLING] -- in other words, just resort back to the original security

[TLS]Side meeting on attested TLS tomorrow

Dear TLS WG, There will be a side meeting on Attested TLS tomorrow morning, Thursday 9:00-10:00 at the Prince of Wales room. The target audience is the TLS community, so please join us whether you are big fans of attestation or you think that attestation is a Bad Thing. Thanks, Hann

[TLS]I-D Action: draft-ietf-tls-tls12-frozen-01.txt

Internet-Draft draft-ietf-tls-tls12-frozen-01.txt is now available. It is a work item of the Transport Layer Security (TLS) WG of the IETF. Title: TLS 1.2 is in Feature Freeze Authors: Rich Salz Nimrod Aviram Name:draft-ietf-tls-tls12-frozen-01.txt Pages: 5 Dates

[TLS]Re: I-D Action: draft-ietf-tls-tls12-frozen-01.txt

This version removes all text that is duplicated in the UTA "require TLS 1.3" draft.[1] In my view, this is ready for WGLC. [1] https://datatracker.ietf.org/doc/draft-ietf-uta-require-tls13/ On 7/24/24, 4:44 PM, "internet-dra...@ietf.org " mailto:internet-dr