I agree that ecdhe-mlkem should advance now. At the same time, “pure” mlkem should advance - because there’s no way the main “contentious point” of “hybrid vs pure” would be resolved. — Regards, Uri
Secure Resilient Systems and Technologies MIT Lincoln Laboratory On Dec 23, 2024, at 16:29, Rob Sayre <say...@gmail.com> wrote:
Hi all, since I am still on the CC list, I took the question to be about how to organize the work. If everything is a priority, there are no priorities. That's why I want to do this one (and only this one), first: https: //datatracker. ietf. org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside the Laboratory.
ZjQcmQRYFpfptBannerEnd
Hi all, since I am still on the CC list,
I took the question to be about how to organize the work. If everything is a priority, there are no priorities.
That's why I want to do this one (and only this one), first:
Some of the other ones look like they could benefit from waiting, in the sense that contentious points might resolve themselves over time.
thanks, Rob
TL;DR: Historical notes: not important for the current discussion.
To be clear about whether Cisco (or actually, me – I don’t actually speak for Cisco, but I like to think they listen to my advice) preferred NTRU or NTRU Prime – I actually didn’t have a strong opinion. I
advocated NTRU because it made it to round 3 (rather than stopping at round 2 as NTRUPrime did), and so it appeared to be a bit more mature (that is, having more cryptanalysis). If there was a general consensus towards NTRU Prime, we would have happily gone
along.
Other than that, John summarized the situation well – Cisco (or actually, Cisco’s lawyers) are happy with how the IPR issues around ML-KEM were resolved and are going forward with that (with both pure and
hybrid).
The thread starts with
“Due to this, Cisco has preliminarily considered Kyber unusable”
This is obviously not true anymore as Scott very clearly stated that Cisco wants to see both hybrid and non-hybrid ML-KEM standardized, and that they want to implement and ship
both. I agree with Scott. Also, I think Cisco was quite clear on that if the IPR uncertainties regarding ML-KEM was not addresses, which they were, they wanted NTRU, not NTRU Prime
https://datatracker.ietf.org/doc/html/draft-fluhrer-cfrg-ntru-01
Mozilla is obviously shipping ML-KEM in Firefox. I am an avid user of Firefox, and I am happy to see
X25519MLKEM768 on more and more webpages.
Cheers,
John
If there are some patent concerns regarding ML-KEM going forward, Would
considering NTRU-Prime as a less risky option for TLS Kex?
(Please see this thread:
https://eur02.safelinks.protection.outlook.com/?url="">
There is a section about patents here: https://eur02.safelinks.protection.outlook.com/?url="">
On Tue, 17 Dec 2024 at 02:53, Rob Sayre <say...@gmail.com> wrote:
>
> Hi,
>
> I only support an adoption call for this one:
>
> https://eur02.safelinks.protection.outlook.com/?url="">
>
> The other ones seem like they could wait, carefully noting that postponement is not a "no" vote.
>
> thanks,
> Rob
>
>
>
>
> On Mon, Dec 16, 2024 at 2:21 PM Martin Thomson <m...@lowentropy.net>
wrote:
>>
>> On Tue, Dec 17, 2024, at 08:59, Sean Turner wrote:
>> > Is the WG consensus to run four separate adoption calls for the
>> > individual I-Ds in question?
>>
>> I would like to see adoption calls for the key exchange modes and not the signature modes. The key exchange documents are both more ready and more urgent.
>>
>> The question of whether to set Recommended = Y for any particular choice is separable and can wait. Keep things as Recommended = N for now.
>>
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-le...@ietf.org
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
|
smime.p7s