Re: [TLS] Resurrect AuthKEM?

Blumenthal, Uri - 0553 - MITLL Tue, 21 Mar 2023 13:54:45 -0700

Richard, yes, you git it right.

From: Richard Barnes <r...@ipv.sx>
Date: Tuesday, March 21, 2023 at 4:32 PM
To: Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>
Cc: tls@ietf.org <tls@ietf.org>
Subject: Re: [TLS] Resurrect AuthKEM?
Hi Uri,


Just to be clear, the AuthKEM draft you mean is this one?

https://datatracker.ietf.org/doc/draft-celi-wiggers-tls-authkem/

Assuming that's the case, in case anyone else is confused (as I was), the 
"AuthKEM" here does not refer to a KEM implementing the AuthEncap/AuthDecap 
interface from RFC 9180.  Instead it refers to the construction in that 
document, which uses a normal KEM.

--Richard


On Tue, Mar 21, 2023 at 2:34 PM Blumenthal, Uri - 0553 - MITLL 
<u...@ll.mit.edu<mailto:u...@ll.mit.edu>> wrote:
I’m surprised to see that there isn’t much (isn’t any?) discussion of the 
AuthKEM draft.

It seems pretty obvious that with the advent of PQ algorithms, the sheer sizes 
of signatures and public keys would make {cDm}TLS existing authentication and 
key exchange impractical in bandwidth-constrained environments, especially when 
higher security-level algorithms (like, what’s demanded by CNSA-2.0) are 
required.

Thus, implicit authentication (think – MQV, Hugo Krawczyk’s HMQV, etc.) seems 
to be a-must for making the PQ impact on bandwidth somewhat manageable.

I would like this WG to resurrect the AuthKEM draft.

I can’t be in Yokohama, and am not fanatical enough to spend nights on XMPP or 
such. But hopefully, we can discuss AuthKEM approach here on the list.

Thank you!
--
V/R,
Uri Blumenthal                              Voice: (781) 981-1638
Secure Resilient Systems and Technologies   Cell:  (339) 223-5363
MIT Lincoln Laboratory
244 Wood Street, Lexington, MA  02420-9108

Web:     https://www.ll.mit.edu/biographies/uri-blumenthal
Root CA: https://www.ll.mit.edu/llrca2.pem

There are two ways to design a system. One is to make it so simple there are 
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                
                                                     -  C. A. R. Hoare

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Resurrect AuthKEM?

Reply via email to