Tiru, Is SLH-DSA considered a practical option for TLS end-entity certificates?
Under realistic network conditions, TLS handshakes with full SLH-DSA certificate chains seem to be about 5-10 times slower than traditional certificate chains and, in some cases, can take on the order of seconds. See, for example, the results in https://eprint.iacr.org/2020/071, https://eprint.iacr.org/2021/1447, https://mediatum.ub.tum.de/1728103 and https://thomwiggers.nl/post/tls-measurements/. I agree that there's an argument for using SLH-DSA in root certificates, but I'm surprised it's being proposed for the full chain. Peter From: Russ Housley <[email protected]> Sent: 03 November 2024 11:13 To: tirumal reddy <[email protected]> Cc: IETF TLS <[email protected]> Subject: [TLS] Re: New Version Notification for draft-tls-reddy-slhdsa-00.txt Thanks for doing this work. I hope the TLS WG will promptly adopt it. Russ On Nov 2, 2024, at 8:15 PM, tirumal reddy <[email protected]> wrote: Hi all, This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ specifies how the PQC signature scheme SLH-DSA can be used for authentication in TLS 1.3. Comments and suggestions are welcome. Regards, -Tiru ---------- Forwarded message --------- From: <[email protected]<mailto:[email protected]>> Date: Sun, 3 Nov 2024 at 05:39 Subject: New Version Notification for draft-tls-reddy-slhdsa-00.txt To: Tirumaleswar Reddy.K <[email protected]<mailto:[email protected]>>, John Gray <[email protected]<mailto:[email protected]>>, Scott Fluhrer <[email protected]<mailto:[email protected]>>, Timothy Hollebeek <[email protected]<mailto:[email protected]>> A new version of Internet-Draft draft-tls-reddy-slhdsa-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-tls-reddy-slhdsa Revision: 00 Title: Use of SLH-DSA in TLS 1.3 Date: 2024-11-02 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.txt Status: https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ HTML: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-slhdsa Abstract: This memo specifies how the post-quantum signature scheme SLH-DSA [FIPS205] is used for authentication in TLS 1.3.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
