Hi Achim, Viktor,
Answering to multiple posts in a single email.
The provisioning is frequently done "out-of-band" and the trust is
based on that procedure.
As observed from the formal modeling exercise:
https://arxiv.org/pdf/2411.09770, misbinding is possible even in the
case where provis
Alicja Kario writes:
> Unfortunately, I don't think we have a rough consensus in
> LAMPS on how hybrid signatures should be done just yet, and without that,
> we can't standardise it for TLS.
It's trivial to build a signature system where each signature has,
internally, an Ed25519 signature follow
Hi, Randy,
On Mon, Nov 18, 2024 at 8:32 PM Turner, Randy
wrote:
> In our tests of RFC 7925 recommendations/requirements, the mandate for the
> CCM_8 AES algorithms seems to be outdated – from our tests, both Microsoft
> and OpenSSL have deprecated or removed support for the CCM_8 algorithms – w
Answering to the broader thread: when I said "uncontroversial" I was
thinking
more about _how_ it should be done, not _if_ it should be used.
Answer to email below follows.
On Saturday, 16 November 2024 09:57:03 CET, D. J. Bernstein wrote:
Watson Ladd writes:
Authentication is not like encryp
Thanks for the work on this document, it's highly appreciated!
Few comments:
- If we allow for pkcs#1v1.5 sig schemes in signatures_algorithms_cert but
not in signatures_algorithms I think we should, at the very least,
ask IANA to add a column to the SignatureScheme namespace that
includes
Hi Hannes, all,
Coming back to this. I'd disagree with the assertion that when using the
raw public key mode, the public key is the identity. We don't open a
connection to a key - we open a connection to a domain name or to an IP
address unless of course we are a HIPster and use Host Iden
Internet-Draft draft-ietf-tls-tls13-pkcs1-02.txt is now available. It is a
work item of the Transport Layer Security (TLS) WG of the IETF.
Title: Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3
Authors: David Benjamin
Andrei Popov
Name:draft-ietf-tls-tls13-pkcs1-02.txt
Hi All,
In our tests of RFC 7925 recommendations/requirements, the mandate for the
CCM_8 AES algorithms seems to be outdated - from our tests, both Microsoft and
OpenSSL have deprecated or removed support for the CCM_8 algorithms - we have
seen this when CCM_8 algorithms are offered by TLS clie
The CNSA 2.0 FAQ states, "Do not use a hybrid or other non-standardized QR
solution on NSS mission systems except for those exceptions NSA
specifically recommends to meet standardization or interoperability
requirements", and, "because NSA is confident that CNSA 2.0 algorithms will
sufficiently pr
>
> The reality is that we have very tight deadlines from CNSA2.0, with
> customers actively asking for post-quantum support. For those for whom
> those
> requirements apply, use of ML-DSA is not only uncontroversial, but
> mandatory.
CNSA 2.0, as clarified in a recent FAQ, does not prohibit ML-D
On Mon, Nov 18, 2024 at 6:07 PM Deirdre Connolly
wrote:
> The CNSA 2.0 FAQ states, "Do not use a hybrid or other non-standardized QR
> solution on NSS mission systems except for those exceptions NSA
> specifically recommends to meet standardization or interoperability
> requirements", and, "beca
Hiya,
I totally understand the commercial imperatives that cause
people to want to adhere to what governments would like to
see the IETF standardising, but...
On 19/11/2024 01:43, someone wrote:
NSA is confident
The above, and similar arguments that NIST or BSI or whomever
would like X, does
Is there a recommended replacement or “bis” work proceeding with new
recommendations ?
Your one-stop shopping for cipher recommendations is probably the TLS
registries[1][2]. But they are getting a large-scale cleanup and you should
also look at that [3]
[1]
https://www.iana.org/assignments/t
On Fri, Nov 15, 2024 at 5:09 PM Rebecca Guthrie wrote:
> I also support WG adoption.
>
>
>
> One suggestion in the Introduction:
>
>
>
> "ML-DSA [FIPS204] is a post-quantum signature schemes standardised by
> NIST. It is a module-lattice based scheme." -> "ML-DSA is a
> module-lattice-based digit
On Mon, Nov 18, 2024 at 08:25:12AM +0200, Mohit Sethi wrote:
> The lesson here is the same countermeasure for all misbinding attack - be
> explicit about the identities and check them. We have created a pull request
> for 8446bis adding a reference to misbinding attacks and countermeasures
> when
On Fri, Nov 15, 2024 at 5:18 PM John Mattsson
wrote:
> Agree with Rebecca's comments on ML-DSA and HashML-DSA. After discussing
> ML-DSA a lot with developers, I have noticed that after being used with
> RSA and ECDSA where they needed to combine RSA and ECDSA with a hash
> function, they have a
16 matches
Mail list logo
