[TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt

Peter C Sun, 03 Nov 2024 08:48:29 -0800

Tiru,

Is SLH-DSA considered a practical option for TLS end-entity certificates?


Under realistic network conditions, TLS handshakes with full SLH-DSA 
certificate chains seem to be about 5-10 times slower than traditional 
certificate chains and, in some cases, can take on the order of seconds.  See, 
for example, the results in https://eprint.iacr.org/2020/071, 
https://eprint.iacr.org/2021/1447, https://mediatum.ub.tum.de/1728103 and 
https://thomwiggers.nl/post/tls-measurements/.

I agree that there's an argument for using SLH-DSA in root certificates, but 
I'm surprised it's being proposed for the full chain.

Peter

From: Russ Housley <hous...@vigilsec.com>
Sent: 03 November 2024 11:13
To: tirumal reddy <kond...@gmail.com>
Cc: IETF TLS <tls@ietf.org>
Subject: [TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt

Thanks for doing this work.  I hope the TLS WG will promptly adopt it.

Russ


On Nov 2, 2024, at 8:15 PM, tirumal reddy <kond...@gmail.com> wrote:

Hi all,

This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ specifies 
how the PQC signature scheme SLH-DSA can be used for authentication in TLS 1.3.
Comments and suggestions are welcome.

Regards,
-Tiru
---------- Forwarded message ---------
From: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>>
Date: Sun, 3 Nov 2024 at 05:39
Subject: New Version Notification for draft-tls-reddy-slhdsa-00.txt
To: Tirumaleswar Reddy.K <kond...@gmail.com<mailto:kond...@gmail.com>>, John 
Gray <john.g...@entrust.com<mailto:john.g...@entrust.com>>, Scott Fluhrer 
<sfluh...@cisco.com<mailto:sfluh...@cisco.com>>, Timothy Hollebeek 
<tim.holleb...@digicert.com<mailto:tim.holleb...@digicert.com>>


A new version of Internet-Draft draft-tls-reddy-slhdsa-00.txt has been
successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:     draft-tls-reddy-slhdsa
Revision: 00
Title:    Use of SLH-DSA in TLS 1.3
Date:     2024-11-02
Group:    Individual Submission
Pages:    8
URL:      https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.txt
Status:   https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/
HTML:     https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-slhdsa

Abstract:

   This memo specifies how the post-quantum signature scheme SLH-DSA
   [FIPS205] is used for authentication in TLS 1.3.

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

[TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt

Reply via email to