I agree with John. I will give a concrete example to help clarify the uncertainty. DTLS based security solution for SCTP has been mandated by 3GPP for several key interfaces. These interfaces involve long-lived DTLS sessions. For more details, see the liaison statement from 3GPP: https://datatracker.ietf.org/liaison/1851/. The DTLS-in-SCTP standrds work is done in the TSVWG WG.
-Tiru On Tue, 22 Jul 2025 at 12:20, John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote: > I feel like I need re-iterate that according to 3GPP specifications, SLH-DSA > is already allowed (MAY/OPTIONAL) to support and use for all uses of TLS > in 3GPP deployments and that vendors are planning to support both ML-DSA > and SLH-DSA. As Matt correctly points out it is not yet decided which PQC > signature algorithms 3GPP specifications will have as SHOULD/MUST support. > > Cheers, > > John > > > > *From: *Matt G1 <Matt.g1=40ncsc.gov...@dmarc.ietf.org> > *Date: *Tuesday, 22 July 2025 at 11:29 > *To: *Loganaden Velvindron <logana...@gmail.com>, Simon Josefsson <simon= > 40josefsson....@dmarc.ietf.org> > *Cc: *TLS List <tls@ietf.org> > *Subject: *[TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3 > > [You don't often get email from matt.g1=40ncsc.gov...@dmarc.ietf.org. > Learn why this is important at > https://aka.ms/LearnAboutSenderIdentification ] > > I feel like I need re-iterate that use cases for SLH-DSA have not been > addressed in 3GPP meetings. The discussion will happen over the next 6 > months. We may or may not come to consensus to wish to use it. > > Matt > > NCSC Telecoms Security Consultant > > > -----Original Message----- > From: Loganaden Velvindron <logana...@gmail.com> > Sent: 21 July 2025 05:53 > To: Simon Josefsson <simon=40josefsson....@dmarc.ietf.org> > Cc: TLS List <tls@ietf.org> > Subject: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3 > > [You don't often get email from logana...@gmail.com. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > I also support adoption of the draft. If there is a use case for 3gpp, I'm > ok with that. > > On Sat, 19 Jul 2025 at 22:49, Simon Josefsson <simon= > 40josefsson....@dmarc.ietf.org> wrote: > > > > I support adoption of the draft, and believe SLH-DSA in TLS would be > > useful and that a stable reference in the form of an RFC would be good. > > > > I think the people who have concerns with the performance assume the > > intended use is for regular web browser HTTPS use, but TLS has broader > > applicability than that. 50kb sizes is peanuts for the majority of > > applications today, and you may compare with 1MB handshakes as for > > Classic McEliece [1] which is still performant for many use-cases. > > Performance on modern machines are negligible, slower than what RSA > > was in SSL 30 years ago on then typical machines. So I would disagree > > with the notion that SLH-DSA is slow, and suggest that we let users > > decide how to balance performance to (perceived) security. > > > > /Simon > > > > [1] > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cc6e3804471cb437ac51f08ddc90243f7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638887733753195174%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=H8DztUNNzMNxaulvcyxeZR%2BDaEbu5WUI%2BZm4hjiNQ3M%3D&reserved=0 > . > > wolfssl.com%2Fannouncing-mcwolf-classic-mceliece-support-with-wolfssl% > > 2F&data=05%7C02%7Cmatt.g1%40ncsc.gov.uk%7C658ad8d442be497c63ae08ddc812 > > a2db%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C638886704564536777%7 > > CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlA > > iOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Dpu3n > > srM9sPaWFv4sQnnpibD8l19opMipusegEuI3wc%3D&reserved=0 > > > > Sean Turner <s...@sn3rd.com> writes: > > > > > We kicked off an adoption call for Use of SLH-DSA in TLS 1.3; see > > > [0]. We called consensus [1], and that decision was appealed. We > > > have reviewed the messages and agree that we need to redo the > > > adoption call to get more input. > > > > > > What appears to be the most common concern, which we will take from > > > Panos' email, is that "SLH-DSA sigs are too large and slow for > > > general use in TLS 1.3 applications". One way to address this > > > concern is to add an applicablity statement to address this point. > > > We would like to propose that this (or something close to this) be > added to the I-D: > > > > > > Applications that use SLH-DSA need to be aware that the signatures > > > sizes are large; the signature sizes for the cipher suites specified > > > herein range from 7,856 to 49,856 bytes. Likewise, the cipher suites > > > are considered slow. While these costs might be amoritized over the > > > cost of a long lived connection, the cipher suites specified herein > > > are not considered for general use in TLS 1.3. > > > > > > With this addition in mind, we would like to start another WG > > > adoption call for draft-reddy-tls-slhdsa. If you support adoption > > > with the above text (or something similar) and are willing to review > > > and contribute text, please send a message to the list. If you do > > > not support adoption of this draft with the above text (or something > > > similar), please send a message to the list and indicate why. This > > > call will close at 2359 UTC on 28 July 2025. > > > > > > Cheers, > > > Deirdre, Joe, and Sean > > > > > > [0] > > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fma%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cc6e3804471cb437ac51f08ddc90243f7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638887733753238286%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=J0FeB4Xe%2B7zL0bwiL9q8cS24YSAx4zUecAMBnlmDP8c%3D&reserved=0 > > > ilarchive.ietf.org%2Farch%2Fmsg%2Ftls%2Fo4KnXjI-OpuHPcB33e8e78rACb0% > > > 2F&data=05%7C02%7Cmatt.g1%40ncsc.gov.uk%7C658ad8d442be497c63ae08ddc8 > > > 12a2db%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C6388867045645618 > > > 08%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwM > > > CIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sda > > > ta=%2Bp6skyMbRIIBoCtVOq8S7lscwywomTgz18nze8bVsak%3D&reserved=0 > > > [1] > > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fma%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cc6e3804471cb437ac51f08ddc90243f7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638887733753267328%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ADn9D72C6c7GvTuMrPI9ZjH3mWYNkFiPZxz%2BsMwq4HM%3D&reserved=0 > > > ilarchive.ietf.org%2Farch%2Fmsg%2Ftls%2FhhLtBBctK5em6l82m7rgM6_hefo% > > > 2F&data=05%7C02%7Cmatt.g1%40ncsc.gov.uk%7C658ad8d442be497c63ae08ddc8 > > > 12a2db%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C6388867045645759 > > > 96%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwM > > > CIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sda > > > ta=SL6FFCWDmn%2BxnhzGuoJjdV0HqbkrDL%2Bx%2F8Ra99MQinI%3D&reserved=0 > > > [2] > > > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fda%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cc6e3804471cb437ac51f08ddc90243f7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638887733753285746%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YFrpnHjAiApfP%2BMfpbVTQlzkwepu011wTLNhoUHjLRA%3D&reserved=0 > > > tatracker.ietf.org%2Fdoc%2Fdraft-reddy-tls-slhdsa%2F&data=05%7C02%7C > > > matt.g1%40ncsc.gov.uk%7C658ad8d442be497c63ae08ddc812a2db%7C14aa5744e > > > ce1474ea2d734f46dda64a1%7C0%7C0%7C638886704564589656%7CUnknown%7CTWF > > > pbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiI > > > sIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=j3AEujdi2W7kFT6 > > > A6nD2JFPMHqskoPJ196TiKWErguk%3D&reserved=0 > > > _______________________________________________ > > > TLS mailing list -- tls@ietf.org > > > To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > > TLS mailing list -- tls@ietf.org > > To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
