Hi, My current understanding is that cTLS is not planning to embrace any optimized encodings for P-256 key shares and signatures and instead focus on x25519 and ed25519. Earlier versions of cTLS had examples of (unspecified) optimized P-256 encodings, but this has been removed in the last version.
It would be good if the authors could confirm. We will then remove the following sentence from draft-ietf-iotops-security-protocol-comparison. Editor's note: The protocol and algorithm encoding in cTLS is currently not stable and the number might change in the final version. This version of the document analyses the -08 version of cTLS. It is uncertain if the TLS WG will adopt more compact encoding for P-256 and ECDSA such as secp256r1_compact and ecdsa_secp256r1_sha256_compact [I-D.mattsson-tls-compact-ecc]. https://datatracker.ietf.org/doc/draft-ietf-iotops-security-protocol-comparison/ I don't plan to any updated version of draft-mattsson-tls-compact-ecc unless someone actually wants to implement and use it. I will also not pursue code point registration as the consensus in the TLS WG was that this should go through the WG if pursued. Something like draft-mattsson-tls-compact-ecc could always be done later if needed. https://datatracker.ietf.org/doc/draft-mattsson-tls-compact-ecc/ I have personally tried to push hard for x25519 and ed25519 in the past but they are sometimes problematic. Some IoT devices/libraries does not have support for x25519/ed25519, some devices only have HW acceleration of SHA-256, and the deterministic nature of ed25519 makes it vulnerable to side-channel attacks. Cheers, John From: TLS <tls-boun...@ietf.org> on behalf of internet-dra...@ietf.org <internet-dra...@ietf.org> Date: Monday, 13 March 2023 at 23:30 To: i-d-annou...@ietf.org <i-d-annou...@ietf.org> Cc: tls@ietf.org <tls@ietf.org> Subject: [TLS] I-D Action: draft-ietf-tls-ctls-08.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Transport Layer Security (TLS) WG of the IETF. Title : Compact TLS 1.3 Authors : Eric Rescorla Richard Barnes Hannes Tschofenig Benjamin M. Schwartz Filename : draft-ietf-tls-ctls-08.txt Pages : 24 Date : 2023-03-13 Abstract: This document specifies a "compact" version of TLS 1.3 and DTLS 1.3. It saves bandwidth by trimming obsolete material, tighter encoding, a template-based specialization technique, and alternative cryptographic techniques. cTLS is not directly interoperable with TLS 1.3 or DTLS 1.3 since the over-the-wire framing is different. A single server can, however, offer cTLS alongside TLS or DTLS. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-ctls/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-tls-ctls-08.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-ctls-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
