Agreed, accepting the drafts as WG documents says nothing about which
will proceed to RFC status first.
On Tuesday, 24 December 2024 18:47:22 CET, Scott Fluhrer (sfluhrer) wrote:
I would humbly disagree. I believe this working group has
enough bandwidth to handle a couple of postquantum drafts (along
with all the other drafts the WG is working on). I believe that
this is especially true because we pretty much agree on the
contents – what we have disagreements about is whether or not to
endorse those contents.
That said, if the working group decided to delay the hybrid
signature drafts, I wouldn’t complain too loudly – those would
also depend on the work in the LAMPS working group, and so
they’re less likely to be immediately useful.
From: Rob Sayre <say...@gmail.com>
Sent: Monday, December 23, 2024 4:26 PM
To: Scott Fluhrer (sfluhrer) <sfluh...@cisco.com>
Cc: John Mattsson
<john.mattsson=40ericsson....@dmarc.ietf.org>; Loganaden
Velvindron <logana...@gmail.com>; TLS List <tls@ietf.org>
Subject: Re: [TLS] Re: PQ Cipher Suite I-Ds: adopt or not?
Hi all, since I am still on the CC list,
I took the question to be about how to organize the work. If
everything is a priority, there are no priorities.
That's why I want to do this one (and only this one), first:
https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
Some of the other ones look like they could benefit from
waiting, in the sense that contentious points might resolve
themselves over time.
thanks,
Rob
On Mon, Dec 23, 2024 at 11:00 AM Scott Fluhrer (sfluhrer)
<sfluh...@cisco.com> wrote:
TL;DR: Historical notes: not important for the current discussion.
To be clear about whether Cisco (or actually, me – I don’t
actually speak for Cisco, but I like to think they listen to my
advice) preferred NTRU or NTRU Prime – I actually didn’t have a
strong opinion. I advocated NTRU because it made it to round 3
(rather than stopping at round 2 as NTRUPrime did), and so it
appeared to be a bit more mature (that is, having more
cryptanalysis). If there was a general consensus towards NTRU
Prime, we would have happily gone along.
Other than that, John summarized the situation well – Cisco (or
actually, Cisco’s lawyers) are happy with how the IPR issues
around ML-KEM were resolved and are going forward with that
(with both pure and hybrid).
From: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org>
Sent: Monday, December 23, 2024 9:02 AM
To: Loganaden Velvindron <logana...@gmail.com>; Rob Sayre <say...@gmail.com>
Cc: TLS List <tls@ietf.org>
Subject: [TLS] Re: PQ Cipher Suite I-Ds: adopt or not?
The thread starts with “Due to this, Cisco has preliminarily
considered Kyber unusable”
This is obviously not true anymore as Scott very clearly stated
that Cisco wants to see both hybrid and non-hybrid ML-KEM
standardized, and that they want to implement and ship both. I
agree with Scott. Also, I think Cisco was quite clear on that if
the IPR uncertainties regarding ML-KEM was not addresses, which
they were, they wanted NTRU, not NTRU Prime
https://datatracker.ietf.org/doc/html/draft-fluhrer-cfrg-ntru-01
Mozilla is obviously shipping ML-KEM in Firefox. I am an avid
user of Firefox, and I am happy to see X25519MLKEM768 on more
and more webpages.
Cheers,
John
From: Loganaden Velvindron <logana...@gmail.com>
Date: Monday, 23 December 2024 at 02:56
To: Rob Sayre <say...@gmail.com>
Cc: TLS List <tls@ietf.org>
Subject: [TLS] Re: PQ Cipher Suite I-Ds: adopt or not?
If there are some patent concerns regarding ML-KEM going forward, Would
considering NTRU-Prime as a less risky option for TLS Kex?
(Please see this thread:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdiscourse.mozilla.org%2Ft%2Fpatent-license-for-kyber%2F128114&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893766686%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Fi1LM1Q49lgZfAwBOQf5HhvEXZccY%2Bjk9VXHg6yHEaU%3D&reserved=0)
There is a section about patents here:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fntruprime.cr.yp.to%2Fwarnings.html&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893782148%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=T%2B2Ggx2ZxAV%2BCwqSvtrUlptlGHO9iYCFpCYf4Cq3xlA%3D&reserved=0
On Tue, 17 Dec 2024 at 02:53, Rob Sayre <say...@gmail.com> wrote:
Hi,
I only support an adoption call for this one:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-kwiatkowski-tls-ecdhe-mlkem%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893792936%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=D3lsZ10f5cHom9RHdadaPqHt0bSWb6Q6Cz53MBbq1PM%3D&reserved=0
The other ones seem like they could wait, carefully noting
that postponement is not a "no" vote.
thanks,
Rob
On Mon, Dec 16, 2024 at 2:21 PM Martin Thomson <m...@lowentropy.net> wrote:
On Tue, Dec 17, 2024, at 08:59, Sean Turner wrote:
> Is the WG consensus to run four separate adoption calls for the
> individual I-Ds in question?
I would like to see adoption calls for the key exchange modes
and not the signature modes. The key exchange documents are
both more ready and more urgent.
The question of whether to set Recommended = Y for any
particular choice is separable and can wait. Keep things as
Recommended = N for now.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
