On Mon, 28 Jul 2025 at 19:10, Peter C <Peter.C=40ncsc.gov...@dmarc.ietf.org> wrote:
I don't support adopting the draft at the moment. > > A stronger applicability statement and reducing the number of parameter > sets would be steps in the right direction, but I'm a "not yet" because the > motivating example seems to be DTLS. Unlike TLS, I'm not aware of any > experiments using SLH-DSA in DTLS and I think there are still open > questions about amplification attacks (https://eprint.iacr.org/2023/266) > which are potentially much worse with SLH-DSA. > The draft has been updated to include an Applicability section, please see https://github.com/tireddy2/slhdsa-tls1.3/blob/main/draft-reddy-tls-slhdsa.md. While the example refers to DTLS, it specifically targets DTLS-over-SCTP, which is a reliable transport and therefore does not face the amplification issues with DTLS over UDP. The draft does not use the “pre-hash” variants of SLH-DSA. We are open to feedback from the WG, including suggestions for reducing the number of parameter sets. We look forward to further discussion on progressing this work. Cheers, -Tiru > Peter > > > -----Original Message----- > > From: Sean Turner <s...@sn3rd.com> > > Sent: 25 July 2025 08:26 > > To: TLS List <tls@ietf.org> > > Subject: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3 > > > > Hi! Just a reminder that this call closes on Monday. > > > > spt > > > > > On Jul 15, 2025, at 00:05, Sean Turner <s...@sn3rd.com> wrote: > > > > > > We kicked off an adoption call for Use of SLH-DSA in TLS 1.3; see [0]. > We > > called consensus [1], and that decision was appealed. We have reviewed > the > > messages and agree that we need to redo the adoption call to get more > input. > > > > > > What appears to be the most common concern, which we will take from > > Panos' email, is that "SLH-DSA sigs are too large and slow for general > use in > > TLS 1.3 applications". One way to address this concern is to add an > > applicablity statement to address this point. We would like to propose > that > > this (or something close to this) be added to the I-D: > > > > > > Applications that use SLH-DSA need to be aware that the signatures > sizes are > > large; the signature sizes for the cipher suites specified herein range > from > > 7,856 to 49,856 bytes. Likewise, the cipher suites are considered slow. > While > > these costs might be amoritized over the cost of a long lived > connection, the > > cipher suites specified herein are not considered for general use in TLS > 1.3. > > > > > > With this addition in mind, we would like to start another WG adoption > call > > for draft-reddy-tls-slhdsa. If you support adoption with the above text > (or > > something similar) and are willing to review and contribute text, please > send > > a message to the list. If you do not support adoption of this draft with > the > > above text (or something similar), please send a message to the list and > > indicate why. This call will close at 2359 UTC on 28 July 2025. > > > > > > Cheers, > > > Deirdre, Joe, and Sean > > > > > > [0] > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarc > > hive.ietf.org%2Farch%2Fmsg%2Ftls%2Fo4KnXjI- > > OpuHPcB33e8e78rACb0%2F&data=05%7C02%7Cpeter.c%40ncsc.gov.uk%7C2 > > 01c39c6390f4576286708ddcb4c9e26%7C14aa5744ece1474ea2d734f46dda64 > > a1%7C0%7C0%7C638890252124042183%7CUnknown%7CTWFpbGZsb3d8eyJ > > FbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiT > > WFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pKHJhIxCE1%2BWnwU > > wbXT7ze1ACjY95T2MZg%2Fo315EjPs%3D&reserved=0 > > > [1] > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarc > > hive.ietf.org%2Farch%2Fmsg%2Ftls%2FhhLtBBctK5em6l82m7rgM6_hefo%2F& > > data=05%7C02%7Cpeter.c%40ncsc.gov.uk%7C201c39c6390f4576286708ddcb4 > > c9e26%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C63889025212 > > 4069084%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO > > iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C > > 0%7C%7C%7C&sdata=v6vIitoNnT1s2sYIN8GARL6e0DDV2gdI36%2FXaPsf4dM > > %3D&reserved=0 > > > [2] > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatra > > cker.ietf.org%2Fdoc%2Fdraft-reddy-tls- > > slhdsa%2F&data=05%7C02%7Cpeter.c%40ncsc.gov.uk%7C201c39c6390f45762 > > 86708ddcb4c9e26%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C6 > > 38890252124080664%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOn > > RydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ > > %3D%3D%7C0%7C%7C%7C&sdata=0IFzKvjlnSxwi0Sm2nFB9%2BpezAqrADail0 > > 7tqlShQyE%3D&reserved=0 > > > > _______________________________________________ > > TLS mailing list -- tls@ietf.org > > To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
