On Thu, Oct 24, 2024 at 03:51:50PM +, Tim Hollebeek wrote:
> My personal feelings on pure vs composite are actually the union of several
> previous comments:
>
> 1. Like EKR, I actually have a weak preference for composite, all other
> things being equal. Failures happen and I like backu
> And thinking about the decade+ WebPKI SHA-1 to SHA-2 transition, I do not
> think the main factor was long approval timelines, need to do rigorous
> analysis, or need for rigorous discussion.
So, the WebPKI SHA-1 to SHA-2 transition was a tiny little corner of the SHA-1
to SHA-2 transition. It
The TLS WG has placed draft-mattsson-tls-super-jumbo-record-limit in state
Call For Adoption By WG Issued (entered by Sean Turner)
The document is available at
https://datatracker.ietf.org/doc/draft-mattsson-tls-super-jumbo-record-limit/
___
TLS maili
On Thu, Oct 24, 2024 at 03:15:38AM +, Scott Fluhrer (sfluhrer) wrote:
> In my opinion, we’ll end up standardizing both. At the very least,
> I (Cisco) have some customers who want ML-DSA only, and other
> customers that insist on hybrid, and so we’ll need to support both.
>
> Of course, when
Viktor Dukhovni writes:
>One of the ways in which this WG is sometimes unwelcoming is not covered by
>the called out unprofessional behaviour. Rather, this list at times appears
>to be dominated by a single browser-centric world-view, and a dominant set of
>entrenched participants. Perspectives
I would like to thank the chairs in advance for all the hard and thankless work
they just volunteered for. It is desperately needed and I truly appreciate it.
-Tim
> -Original Message-
> From: Sean Turner
> Sent: Friday, October 25, 2024 8:31 AM
> To: TLS List
> Subject: [TLS] Changing
> The following PR creates the TLS Flags sub-registry where we can manage the
> actual flags. I asserted that the chairs control adding values, which won’t
> be true once (and if) the registry goes to IANA (it’ll be the DEs: Rich,
> Nick, and Yoav), and populated the 1st value from the draft:
>
>
> I'm not sure I agree that there is no value. In general, we try to roll
> out new mechanisms slowly so that we get some experience with how they
> perform in the wild. Given the experience with PQ key establishment, we
> should probably have some concern that ML-DSA won't just work in all cases
On 10/25/24, 10:02 AM, "Viktor Dukhovni" mailto:ietf-d...@dukhovni.org>> wrote:
>One of the ways in which this WG is sometimes unwelcoming is not covered
by the called out unprofessional behaviour. Rather, this list at times
appears to be dominated by a single browser-centric world-view, and a
dom
Hello list,
The TLS list is infamous in that it is regarded by some as [insert your
descriptive word; where the chairs have heard the following words used:
noxious, toxic, unwelcoming, and rude]. The chairs want to change this
reputation and we hope you do too. A big part of this is on the chai
>This document certainly needs more work particularly when it comes to security
>considerations.
Thanks Yaroslav. Do you want to see more details on in the current
considerations or is there some aspect that you are missing?
Cheers,
John
From: Yaroslav Rosomakho
Date: Friday, 25 October 2024
Hi Alicja,
The main use case would be to use this on networks where you know that there
are no old restrictive middleboxes. If used over UDP or SCTP, I don’t know if
there are any restrictive DTLS 1.2 middleboxes.
Could be an option to restrict things to 2^24 byte, but we felt it was more
natu
I've been called out on this, and so I need to apologize
> -Original Message-
> From: Scott Fluhrer (sfluhrer)
> Sent: Thursday, October 24, 2024 2:18 PM
> To: ilariliusva...@welho.com;
> Subject: [TLS] Re: ML-DSA in TLS
>
>
> Is there some complexity there? Yes, a little. However,
> On 25. Oct 2024, at 13:56, Alicja Kario wrote:
>
> While I'm sceptical of a need to send nearly 2^32 byte records, or
> that it would increase performance, the draft is well thought out
> and detailed enough. I wouldn't be opposed to it.
Hi Alicja,
there is at least one use case of this extens
On Fri, Oct 25, 2024 at 7:55 AM Bas Westerbaan
wrote:
>
> Hi Eric,
>
>>
>> Hi Bas,
>>
>> I'm not sure I agree with this analysis, but perhaps it depends on
>> what you mean by "ready-to-go".
>>
>> I would think that the natural thing to do here is to get fairly
>> widespread deployment of support
Most likely, we’ll need both composite and pure ML-DSA cert chains. We have a
set of customers who don’t trust pure PQC (yet?), and we have other customers
who are determined to skip composite cert deployment.
* These are independent matters.
Yes, pure and composite signature suites can be
On Friday, 25 October 2024 14:28:42 CEST, John Mattsson wrote:
Hi Alicja,
The main use case would be to use this on networks where you
know that there are no old restrictive middleboxes. If used over
UDP or SCTP, I don’t know if there are any restrictive DTLS 1.2
middleboxes.
but if it's s
+1million
Sent from my iPhone
> On 25 Oct 2024, at 18:00, Sean Turner wrote:
>
> Hello list,
>
> The TLS list is infamous in that it is regarded by some as [insert your
> descriptive word; where the chairs have heard the following words used:
> noxious, toxic, unwelcoming, and rude]. The chai
On Fri, Oct 25, 2024 at 08:30:45AM -0400, Sean Turner wrote:
> The TLS list is infamous in that it is regarded by some as [insert
> your descriptive word; where the chairs have heard the following words
> used: noxious, toxic, unwelcoming, and rude]. The chairs want to
> change this reputation and
Hear, hear! Thank for you sending this, Sean!
On Fri, Oct 25, 2024, 08:53 Arnaud Taddei wrote:
> +1million
>
> Sent from my iPhone
>
> > On 25 Oct 2024, at 18:00, Sean Turner wrote:
> >
> > Hello list,
> >
> > The TLS list is infamous in that it is regarded by some as [insert your
> descriptiv
On Thursday, 24 October 2024 17:58:18 CEST, Watson Ladd wrote:
On Thu, Oct 24, 2024 at 8:52 AM Tim Hollebeek
wrote:
My personal feelings on pure vs composite are actually the
union of several
previous comments:
1. Like EKR, I actually have a weak preference for composite, all other
things
I mean "IANA cannot have designated..."
I blame auto-correct. Or outlook. Anyone other than me.
On 10/25/24, 10:50 AM, "Salz, Rich" wrote:
> The following PR creates the TLS Flags sub-registry where we can manage the
> actual flags. I asserted that the chairs control adding values, which wo
Hi Eric,
> Hi Bas,
>
> I'm not sure I agree with this analysis, but perhaps it depends on
> what you mean by "ready-to-go".
>
> I would think that the natural thing to do here is to get fairly
> widespread deployment of support for PQ certificates but then prefer
> non-PQ certificates. I.e.,
>
>
Thanks for this Sean.
On Fri, Oct 25, 2024 at 6:31 AM Sean Turner wrote:
> Hello list,
>
> The TLS list is infamous in that it is regarded by some as [insert your
> descriptive word; where the chairs have heard the following words used:
> noxious, toxic, unwelcoming, and rude]. The chairs want t
On Thu, Oct 24, 2024 at 12:38 AM Bas Westerbaan wrote:
> Today for the WebPKI there is no security benefit to enabling post-quantum
> certificates (in stark contrast with post-quantum key agreement.) On the
> other hand, there is a big cost with extra bytes on the wire. As it stands,
> we do not
On Fri, Oct 25, 2024 at 7:54 AM Bas Westerbaan wrote:
> Hi Eric,
>
>
>> Hi Bas,
>>
>> I'm not sure I agree with this analysis, but perhaps it depends on
>> what you mean by "ready-to-go".
>>
>> I would think that the natural thing to do here is to get fairly
>> widespread deployment of support fo
While I'm sceptical of a need to send nearly 2^32 byte records, or
that it would increase performance, the draft is well thought out
and detailed enough. I wouldn't be opposed to it.
Not being compatible with TLS 1.2 middleboxes is a problem too...
I think that precludes it from being "Recommende
This document certainly needs more work particularly when it comes to
security considerations. However, it is well thought through and it widens
applicability of TLS.
I believe it is ready to be adopted as a working group item and I support
adoption of this work.
-yaroslav
On Fri, Oct 25, 20
On Friday, 25 October 2024 16:31:17 CEST, Eric Rescorla wrote:
On Thu, Oct 24, 2024 at 12:38 AM Bas Westerbaan wrote:
Today for the WebPKI there is no security benefit to enabling
post-quantum certificates (in stark contrast with post-quantum
key agreement.) On the other hand, there is a big
> On Oct 25, 2024, at 10:52, Salz, Rich wrote:
>
> I mean "IANA cannot have designated..."
>
> I blame auto-correct. Or outlook. Anyone other than me.
>
> On 10/25/24, 10:50 AM, "Salz, Rich" wrote:
>
>> The following PR creates the TLS Flags sub-registry where we can manage the
>> actua
30 matches
Mail list logo
