Comments (5)
I remember arguing that the FIPS suite should be MTI at one of the interims. The argument (iirc) was that people that need FIPS are going to implement FIPS anyways, so the MTI should be the one that's subjectively / widely-considered best. "But then wouldn't a FIPS-only client not conform to the RFC?" Yes, but the people that require FIPS will not care.
from mls-protocol.
Well I know from IKEv2/IPsec, that we do take this into account and do ensure there is only FIPS MITM.
I also know we are discussing this in openpgp and also for that reason are adding AES_GCM there.
So if the only reasoning is "FIPS will force people to break RFCs anyway", that's kinda weak :P
from mls-protocol.
... do ensure there is only FIPS MITM
You mean "MTI"? I don't think the MITM folks care about FIPS :)
I think @Bren2010's summary captures the state of the art pretty well. Note as well that X25519 and Ed25519 are slated for inclusion in the relevant FIPS standards, so this will soon be moot anyway. (For some government-speed definition of "soon".) So yes, some FIPS folks might be sad in the short run, but things will even out.
The working group had a robust discussion on this, and landed on this as a compromise that could get consensus. I don't think these FIPS concerns are worth upsetting that consensus.
from mls-protocol.
Realistically, most folks using end-to-end encrypted instant messaging today are already using a variation of the DoubleRatchet protocol, using Ed25519. Many of our largest customers normally use FIPS, but have exceptions to use Ed25519 in this context and have no problem using Ed25519 for MLS.
from mls-protocol.
(yes MTI :)
That NIST doc is from 2017, so I"m not sure what you mean with "soon" :)
I personally think it should be fixed but won't block it. Let's see what the IESG says though :)
from mls-protocol.
Related Issues (20)
- Section 17.6
- Section 10.2 HOT 2
- Section 12 HOT 7
- Section 13.2 HOT 3
- Discuss metadata privacy HOT 3
- Section 15.3 HOT 2
- Citations to security analysis HOT 4
- Section 16.2 HOT 2
- Section 17.1 HOT 2
- Nits HOT 1
- Clarify that AS needs to see both signature key and credential
- Create an IANA registry for WireFormat values HOT 1
- Faster remove? HOT 24
- IANA considerations for signature labels? HOT 2
- Change log missing for -16 and -17
- Consider greasing your registries HOT 10
- Loosen chain requirements HOT 5
- Figure 14: "Derivation of ratchet tree keys along a direct path" don't correspond to the prose HOT 1
- Minor problem in transcript hash message formats HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mls-protocol.