Hi Uri, Just to be clear, the AuthKEM draft you mean is this one?
https://datatracker.ietf.org/doc/draft-celi-wiggers-tls-authkem/ Assuming that's the case, in case anyone else is confused (as I was), the "AuthKEM" here does not refer to a KEM implementing the AuthEncap/AuthDecap interface from RFC 9180. Instead it refers to the construction in that document, which uses a normal KEM. --Richard On Tue, Mar 21, 2023 at 2:34 PM Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > I’m surprised to see that there isn’t much (isn’t any?) discussion of the > AuthKEM draft. > > > > It seems pretty obvious that with the advent of PQ algorithms, the sheer > sizes of signatures and public keys would make {cDm}TLS existing > authentication and key exchange impractical in bandwidth-constrained > environments, especially when higher security-level algorithms (like, > what’s demanded by CNSA-2.0) are required. > > > > Thus, implicit authentication (think – MQV, Hugo Krawczyk’s HMQV, etc.) > seems to be a-must for making the PQ impact on bandwidth somewhat > manageable. > > > > I would like this WG to resurrect the AuthKEM draft. > > > > I can’t be in Yokohama, and am not fanatical enough to spend nights on > XMPP or such. But hopefully, we can discuss AuthKEM approach here on the > list. > > > > Thank you! > > -- > > V/R, > > Uri Blumenthal Voice: (781) 981-1638 > > Secure Resilient Systems and Technologies Cell: (339) 223-5363 > > MIT Lincoln Laboratory > > 244 Wood Street, Lexington, MA 02420-9108 > > > > Web: https://www.ll.mit.edu/biographies/uri-blumenthal > > Root CA: https://www.ll.mit.edu/llrca2.pem > > > > *There are two ways to design a system. One is to make it so simple there > are obviously no deficiencies.* > > *The other is to make it so complex there are no obvious deficiencies.* > > * > > - > C. A. R. Hoare* > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
