Hi all, I have just updated the AuthKEM draft and published a new one. TL;DR:
AuthKEM is a proposal that replaces signature-based handshake authentication in TLS by an additional KEM key exchange (putting KEM public keys in endpoint certificates). In this update we: * Split off the AuthKEM cached/pre-shared KEM public key PSK-style mechanism into a separate draft * Added a new section that explains the sizes of different TLS and AuthKEM handshakes * Also explain how AuthKEM makes it cheaper to use Falcon for offline signatures * Expanded on related work and how this mechanism relates to compression proposals In our view, AuthKEM can be especially helpful for embedded and IoT devices, as using KEMs instead of signatures can be much cheaper in terms of bandwidth, computation, and (when mutually authenticating) code size. For example, in [Samandari23], a KEM-authentication approach was investigated for MQTT and resulted in much faster messaging. But also for the WebPKI, AuthKEM can reduce handshake sizes further when combined with e.g. Merkle Tree Certs or Abridged Certificate Compression. The KEM-based PSK-style mechanism can in my mind be a robust contribution to the discussion on the update for RFC7924 versus session tickets: storing KEM public keys can be much easier than symmetric session tickets or other symmetric secrets in terms of key management, but also in terms of not having to protect the secrets. The source repository for both drafts lives at https://github.com/kemtls/draft-celi-wiggers-tls-authkem. I am already aware that I forgot to update the abstract for authkem-psk, so that is one of the new issues tracked there. There are lots of things still open for discussion, and these are marked in the draft. I am also sure the presentation or any details can be much improved, and welcome any and all contributions to either. Cheers, Also on behalf of my co-authors, Thom PQShield [Samandari23] https://www.mdpi.com/2624-800X/3/3/21/html
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
