Re: [TLS] Did TLS AuthKEM die?

Blumenthal, Uri - 0553 - MITLL Tue, 24 Jan 2023 12:26:29 -0800

Using ephemeral-static ECDH for implit authentication as in the Noise protocol 
has several benefits. The benefits of using KEMs instead of signatures seem 
more limited. The current proposal requires 3 full round-trips instead of 1.5 
round-trips for mutual authentication. If I understand correctly, the messages 
sizes are smaller than Kyber+Dilithium but similar to Kyber+Falcon (probably a 
bit larger in total).


 

Yes – but CNSA-2.0 only approves Dilithium, not Falcon. And NIST report 
mentions the difficulties validating Falcon implementations. 

 

If continued, I think Kyber KEMs makes a lot more sense than ECDH KEM. 

 

Yes, absolutely. 

 

 

From: TLS <tls-boun...@ietf.org> on behalf of Blumenthal, Uri - 0553 - MITLL 
<u...@ll.mit.edu>
Date: Tuesday, 24 January 2023 at 19:15
To: Mike Ounsworth <Mike.Ounsworth=40entrust....@dmarc.ietf.org>, p...@ietf.org 
<p...@ietf.org>, tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] Did TLS AuthKEM die?

I truly hope AuthKEM is alive.

 

--

V/R,

Uri

 

There are two ways to design a system. One is to make it so simple there are 
obviously no deficiencies.

The other is to make it so complex there are no obvious deficiencies.

                                                                                
                                                     -  C. A. R. Hoare

 

 

From: TLS <tls-boun...@ietf.org> on behalf of Mike Ounsworth 
<Mike.Ounsworth=40entrust....@dmarc.ietf.org>
Date: Tuesday, January 24, 2023 at 12:33
To: "p...@ietf.org" <p...@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Did TLS AuthKEM die?

 

Thom, Sofía,

 

draft-celi-wiggers-tls-authkem is expired. Is that on purpose? Does it still 
have steam or is it dead?

 

---
Mike Ounsworth
Software Security Architect, Entrust

 

Any email and files/attachments transmitted with it are confidential and are 
intended solely for the use of the individual or entity to whom they are 
addressed. If this message has been sent to you in error, you must not copy, 
distribute or disclose of the information it contains. Please notify Entrust 
immediately and delete the message from your system.

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Did TLS AuthKEM die?

Reply via email to