[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Yaron Sheffer writes: >Specifically, RFC 9325 [1] published a mere two years ago is not even >referenced in the draft, let alone a comparison made with these deployment >recommendations that were made by the very same IETF. (Yes you can hear my >frustration coming through). In defence of the -LT

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

David Benjamin writes: >Given that the new client_server_hello_hash fully overlaps with the old >client_random (totally under the client's control) and then the new params >overlap with the old server_random (totally under the server's control), >it's... not immediately obvious to me whether this

[TLS] Re: ML-DSA in TLS

Stephen Farrell wrote: >Without going into the details, I'm generally sympathetic to djb's >argument here, but also do recognise ekr's "we allow anyone to get >a RECOMMENDED=N code point" as valid. +1 In addition to discussing security, it is a fact that many governments requires ML-KEM an

[TLS] Re: ML-DSA in TLS

On Thursday, 21 November 2024 19:23:12 CET, Tim Hollebeek wrote: Yes, the thread on this draft got hijacked by a completely off-topic discussion about composite and hybrid. To be clear, the draft says absolutely nothing about either of those two topics, and to be even more clear, does not at a

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Hi, It doesn't make sense to me, especially considering the WG has adopted https://datatracker.ietf.org/doc/draft-ietf-tls-tls12-frozen/ TLS 1.3 is 6+ years old, for those counting. Ekr wrote: > There's nothing stopping people deploying this if they want to and in fact there > is already a code

[TLS] Re: Fwd: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt

Thank you, Alicja, for the review. I agree with all your comments and have raised a PR https://github.com/tireddy2/composite-mldsa/pull/1 to address them. Cheers, -Tiru On Mon, 18 Nov 2024 at 20:44, Alicja Kario wrote: > Thanks for the work on this document, it's highly appreciated! > > Few com

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

If the consensus view of the working group is that the existing communications have resulted in mixed messages and some confusion, the adoption of TLS LTS could provide a useful vehicle to address that whilst also dealing with the various technical points that Peter has already identified in his

[TLS] [RFC 7627] PSK vulnerable to MiTM-attacks

Dear ladies and gentlemen, the RFC 7627 introduces the "Extended master secret" TLS extension to prevent man-in-the-middle attacks. In section 1 - Introduction - on page three of the RFC, it is stated that "other key exchanges, such as [...] Pre-Shared Key (PSK), have also been shown to be vu

[TLS] Re: [EXT] Re: ML-DSA in TLS

Blumenthal, Uri - 0553 - MITLL writes: > we know enough now about the accepted PQ algorithms to be reasonably > certain that they won’t be the weakest part. Reasonably certain meaning, what, 90% certainty? What's the basis for this claim? And are you saying that a 10% chance of disaster is okay?

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

On Fri, Nov 22, 2024 at 6:48 AM Andrew Campling wrote: > > On 22/11/2024, 13:37, Yaron Sheffer yaronf.i...@gmail.com wrote: > > > My point was much broader though: the IETF is sending deployers a bunch > > > of mixed messages, and this is on us as a community. > > > > > > RFC 9325 basically tells

[TLS] Re: ML-DSA in TLS

On Thursday, 21 November 2024 22:02:45 CET, Stephen Farrell wrote: Hiya, Without going into the details, I'm generally sympathetic to djb's argument here, but also do recognise ekr's "we allow anyone to get a RECOMMENDED=N code point" as valid. That said, if the WG adopt *anything* with RECOMME

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Hi Peter, Just to put matters straight, the predecessor of RFC 9325, RFC 7525, was published in May 2015. But that doesn’t matter a whole lot now. My point was much broader though: the IETF is sending deployers a bunch of mixed messages, and this is on us as a community. RFC 9325 basically tells th

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

On Fri, Nov 22, 2024 at 16:46 Watson Ladd mailto:watsonbl...@gmail.com>> wrote: > How on earth would providing another incompatible set of suggestions help? No > matter what text was in there it would still raise the question of what > people should be doing. Hi Watson You may of course no

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

On Fri, Nov 22, 2024, 9:01 AM Andrew Campling wrote: > On Fri, Nov 22, 2024 at 16:46 Watson Ladd wrote: > > > > > How on earth would providing another incompatible set of suggestions > help? No matter what text was in there it would still raise the question of > what people should be doing. > >

[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

On 22/11/2024, 13:37, Yaron Sheffer yaronf.i...@gmail.com wrote: > My point was much broader though: the IETF is sending deployers a bunch > of mixed messages, and this is on us as a community. > > RFC 9325 basically tells them: we prefer that you switch to TLS 1.3, b

[TLS] Re: Fwd: New Version Notification for draft-reddy-tls-composite-mldsa-00.txt

On Fri, Nov 22, 2024 at 07:34:18PM +0530, tirumal reddy wrote: > Thank you, Alicja, for the review. I agree with all your comments and have > raised a PR https://github.com/tireddy2/composite-mldsa/pull/1 to address > them. I think it would be better to have a footnote for the two SignatureScheme