Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto appendix - mention missing mechanisms #2380

Open
randomstuff opened this issue Nov 17, 2024 · 6 comments
Open

Crypto appendix - mention missing mechanisms #2380

randomstuff opened this issue Nov 17, 2024 · 6 comments
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.

Comments

@randomstuff
Copy link
Contributor

randomstuff commented Nov 17, 2024
edited
Loading

The following mechanisms are not mentioned and may (?) be missing.

Stream ciphers:

  • Salsa20
  • XSalsa20 (useful to mention explicitly?) (used in libsodium)
  • XChaCha20 (useful to mention explicitly?)

Block ciphers (found in the recommended TLS ciphersuites, are they used in practice?):

  • ARIA
  • Camellia

→ I did not find much usage of these two. Browsers don't advertise them in TLS ciphersuites for example. We can probably skip mentioning them for now.

Hash:

Key Exchange:

Moreover (and for better PQC compliance), I would remove:

Any other cipher options MUST NOT be used.

[...]

Any other method for key wrapping MUST NOT be used.
@danielcuthbert
Copy link
Collaborator

We love PR's btw ;) #justsaying

@randomstuff
Copy link
Contributor Author

Yes, I thought it would be better to have this discussed before PR but this could directly be discussed in a PR instead…

@elarlang
Copy link
Collaborator

elarlang commented Nov 18, 2024
edited
Loading

Yes, I thought it would be better to have this discussed before PR but this could directly be discussed in a PR instead…

That (agreement in an issue first) is the correct procedure.

@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine. AppendixV Appendix with crypto details labels Nov 18, 2024
@danielcuthbert
Copy link
Collaborator

@randomstuff I'd love your help making these please, if you have time?

@randomstuff
Copy link
Contributor Author

@danielcuthbert, OK, I'll try to do that. I think I'd start by including all the things I've mentioned except maybe ARIA and Camellia which appears to quite niche in term of usage but I'm open to any feedback on this.

@randomstuff randomstuff mentioned this issue Nov 21, 2024
Merged
@randomstuff
Copy link
Contributor Author

Some additional things not mentioned which might be relevant.

MAC:

  • Poly1305, approved
    • This one is important because it is used in current TLS ciphersuites.
    • note that this uses a nonce
  • CMAC, approved
  • CBC-MAC, not approved
  • GMAC, approved
  • Prefix-MAC, not approved (do we ned to mention this?)
  • Suffix-MAC, not approved (do we ned to mention this?)

Public-key encryption:

  • Plain/textbook RSA, not approved 😄
  • RSAES-PKCS1-v1_5, not approved
  • RSAES-OAEP, approved
  • Diffie Hellman KEM (DLIES-KEM, ECIES-KEM), approved
    • this is used by HPKE which is used in Encrypted Client Hello

@danielcuthbert, do you agree it makes sense to mention these?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@randomstuff @danielcuthbert @tghosth @elarlang