Hi Authors, This is a friendly reminder that we await answers to the questions below and your review of the document before continuing with the publication process.
Thank you, Sarah Tarrant RFC Production Center > On Mar 9, 2026, at 10:00 AM, Sarah Tarrant <[email protected]> > wrote: > > Hi Simon and Deb, > > Thank you for your inquiries and suggestions. We've done some adjusting and > have been able to add both URLs. See > https://www.rfc-editor.org/authors/rfc9941-auth48diff.html. > > Old: > [NTRUPrimePQCS] > Bernstein, D.J., Brumley, B. B., Chen,, M., > Chuengsatiansup, C., Lange, T., Marotzke, A., Peng, B., > Tuveri, N., Vredendaal, C. V., and B. Yang, "NTRU Prime: > round 3", DOI 10.5281/zenodo.13983972, October 2020, > <https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf>. > > New: > [NTRUPrimePQCS] > Bernstein, D.J., Brumley, B. B., Chen,, M., > Chuengsatiansup, C., Lange, T., Marotzke, A., Peng, B., > Tuveri, N., Vredendaal, C. V., and B. Yang, "NTRU Prime: > round 3", DOI 10.5281/zenodo.13983972, October 2020, > <https://doi.org/10.5281/zenodo.13983972>. > <https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf>. > > Please let us know if this is acceptable. > > Thank you, > Sarah Tarrant > RFC Production Center > >> On Mar 7, 2026, at 6:22 AM, Deb Cooley <[email protected]> wrote: >> >> I will confirm that the working group asked for a reference that was >> perceived to be 'more stable'. Using both would be ideal, even if that >> isn't really typical. >> >> I guess the reference could be split into two entries, but I think that >> would affect the text of the specification itself. >> >> Deb >> >> On Sat, Mar 7, 2026 at 7:07 AM Simon Josefsson <[email protected]> wrote: >> Hi >> >> I'm reviewing the changes, and noticed that you removed the DOI URL in >> the [NTRUPrimePQCS] reference. >> >> Adding that URL was requested as part of the WGLC process, IIRC. >> >> Was there any strong reason to make this change? >> >> I think including both URLs would be better. Suggestion: >> >> OLD: >> [NTRUPrimePQCS] >> Bernstein, D.J., Brumley, B. B., Chen,, M., Chuengsatiansup, C., >> Lange, T., Marotzke, A., Peng, B., Tuveri, N., Vredendaal, C. V., and >> B. Yang, "NTRU Prime: round 3", DOI 10.5281/zenodo.13983972, October >> 2020, <https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf>. >> >> NEW: >> [NTRUPrimePQCS] >> Bernstein, D.J., Brumley, B. B., Chen,, M., Chuengsatiansup, C., >> Lange, T., Marotzke, A., Peng, B., Tuveri, N., Vredendaal, C. V., and >> B. Yang, "NTRU Prime: round 3", October 2020, >> <https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf>, DOI >> 10.5281/zenodo.13983972, <https://doi.org/10.5281/zenodo.13983972>. >> >> Compare how it looks in the last I-D (a bit buggy hyperlink though, so >> fixing that would be nice): >> https://datatracker.ietf.org/doc/html/draft-ietf-sshm-ntruprime-ssh-06#name-normative-references >> >> /Simon >> >> >> fre 2026-03-06 klockan 19:15 -0800 skrev [email protected]: >>> Authors, >>> >>> While reviewing this document during AUTH48, please resolve (as >>> necessary) the following questions, which are also in the source >>> file. >>> >>> >>> 1) <!-- [rfced] FYI - We updated the abbreviated title as follows. >>> The >>> abbreviated title appears in the center of the running header at the >>> top >>> of each page in the PDF output. >>> >>> Original: >>> NTRUPrime+X25519 for SSH >>> >>> Updated: >>> NTRUPrime and X25519 for SSH >>> --> >>> >>> >>> 2) <!-- [rfced] Please insert any keywords (beyond those that appear >>> in >>> the title) for use on https://www.rfc-editor.org/search. --> >>> >>> >>> 3) <!-- [rfced] In the text below, may we either update to use >>> complete titles of >>> the RFCs or use just the citation? Note that other instances in the >>> document use just the citation, as does similar text in RFC 8731. >>> >>> a) From Introduction >>> >>> Original: >>> Secure Shell (SSH) [RFC4251] is a secure remote login protocol. >>> The >>> key exchange protocol described in SSH transport layer [RFC4253] >>> supports an extensible set of methods. Elliptic Curve Algorithms >>> in >>> SSH [RFC5656] defines how elliptic curves are integrated into the >>> extensible SSH framework, and SSH KEX Using Curve25519 and >>> Curve448 >>> [RFC8731] adds curve25519-sha256 to support the pre-quantum >>> elliptic- >>> curve Diffie-Hellman X25519 function [RFC7748]. >>> ... >>> This document was derived from SSH KEX Using Curve25519 and >>> Curve448 >>> [RFC8731]. >>> >>> Perhaps A (full titles): >>> "The Secure Shell (SSH) Protocol Architecture" [RFC4251] is a >>> secure >>> remote login protocol. The key exchange protocol described in >>> "The >>> Secure Shell (SSH) Transport Layer Protocol" [RFC4253] supports an >>> extensible set of methods. The "Elliptic Curve Algorithm >>> Integration >>> in the Secure Shell Transport Layer" [RFC5656] defines how >>> elliptic >>> curves are integrated into the extensible SSH framework, and the >>> "Secure Shell (SSH) Key Exchange Method Using Curve25519 and >>> Curve448" >>> [RFC8731] adds curve25519-sha256 to support the pre-quantum >>> Elliptic >>> Curve Diffie-Hellman (ECDH) X25519 function [RFC7748]. >>> ... >>> This document was derived from "Secure Shell (SSH) Key Exchange >>> Method >>> Using Curve25519 and Curve448" [RFC8731]. >>> >>> Perhaps B (just citations): >>> Secure Shell (SSH) [RFC4251] is a secure remote login protocol. >>> The >>> key exchange protocol described in [RFC4253] >>> supports an extensible set of methods. >>> [RFC5656] defines how elliptic curves are integrated into the >>> extensible SSH framework, and >>> [RFC8731] adds curve25519-sha256 to support the pre-quantum >>> Elliptic >>> Curve Diffie-Hellman (ECDH) X25519 function [RFC7748]. >>> ... >>> This document was derived from [RFC8731]. >>> >>> >>> b) From Section 3 >>> >>> Original: >>> For consistency with ECC in SSH [RFC5656], which define the packet >>> syntax, we use those names in the rest of this document. >>> >>> Perhaps A (full titles): >>> For consistency with "Elliptic Curve Algorithm Integration in the >>> Secure Shell Transport Layer" [RFC5656], which defines the packet >>> syntax, we use those names in the rest of this document. >>> >>> Perhaps B (just citations): >>> For consistency with [RFC5656], which defines the packet >>> syntax, we use those names in the rest of this document. >>> >>> >>> c) From Security Considerations >>> >>> Original: >>> The security considerations of the SSH Protocol [RFC4251], ECC for >>> SSH [RFC5656], Elliptic Curves for Security [RFC7748], and SSH KEX >>> Using Curve25519 and Curve448 [RFC8731] are inherited. >>> >>> Perhaps A (full titles): >>> The security considerations of the following are inherited: >>> >>> * "The Secure Shell (SSH) Protocol Architecture" [RFC4251] >>> >>> * "Elliptic Curve Algorithm Integration in the Secure Shell >>> Transport Layer" [RFC5656] >>> >>> * "Elliptic Curves for Security" [RFC7748] >>> >>> * "Secure Shell (SSH) Key Exchange Method Using Curve25519 and >>> Curve448" [RFC8731] >>> >>> Perhaps B (just citations): >>> The security considerations in [RFC4251], [RFC5656], [RFC7748], >>> and >>> [RFC8731] are inherited. >>> --> >>> >>> >>> 4) <!-- [rfced] Please review the following phrases in the sentence >>> below and >>> consider how to update for clarity. >>> >>> - "security considerations of Curve25519-sha256 [RFC8731]" >>> - "is used bignum-encoded" >>> - "hash-processing time side-channel" >>> >>> Original: >>> As discussed in the security considerations of Curve25519-sha256 >>> [RFC8731], the X25519 shared secret K is used bignum-encoded in >>> that >>> document, and this raise a potential for a hash-processing time >>> side- >>> channel that could leak one bit of the secret due to different >>> length >>> of the bignum sign pad. >>> >>> Perhaps: >>> As discussed in the security considerations of >>> [RFC8731], the X25519 shared secret K is bignum-encoded in that >>> document, and this raises the potential for a side- >>> channel attack that could leak one bit of the secret due to the >>> different length >>> of the bignum sign pad. >>> --> >>> >>> >>> 5) <!-- [rfced] Artwork/sourcecode >>> >>> a) We updated the <artwork> in Appendix A to <sourcecode >>> type="test-vectors">. Please confirm that the value "test-vectors" is >>> correct. The current list of preferred values for "type" is available >>> here: >>> https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types. If >>> this list >>> does not contain an applicable type, then feel free to suggest a new >>> one. >>> Also, it is acceptable to leave the "type" attribute not set. >>> >>> b) The lines in the figure in Appendix A are too long for the TXT >>> output. For >>> sourcecode, the maximum line length is 69 characters (the current is >>> 71 >>> characters). Please let us know how to update to fit this >>> requirement. >>> --> >>> >>> >>> 6) <!-- [rfced] Please review the "Inclusive Language" portion of the >>> online >>> Style Guide >>> <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> >>> and let us know if any changes are needed. Updates of this nature >>> typically >>> result in more precise language, which is helpful for readers. >>> >>> Note that our script did not flag any words in particular, but this >>> should >>> still be reviewed as a best practice. >>> --> >>> >>> >>> Thank you. >>> >>> Sarah Tarrant and Rebecca VanRheenen >>> RFC Production Center >>> >>> >>> >>> On Mar 6, 2026, at 7:12 PM, [email protected] wrote: >>> >>> *****IMPORTANT***** >>> >>> Updated 2026/03/06 >>> >>> RFC Author(s): >>> -------------- >>> >>> Instructions for Completing AUTH48 >>> >>> Your document has now entered AUTH48. Once it has been reviewed and >>> approved by you and all coauthors, it will be published as an RFC. >>> If an author is no longer available, there are several remedies >>> available as listed in the FAQ (https://www.rfc-editor.org/faq/). >>> >>> You and you coauthors are responsible for engaging other parties >>> (e.g., Contributors or Working Group) as necessary before providing >>> your approval. >>> >>> Planning your review >>> --------------------- >>> >>> Please review the following aspects of your document: >>> >>> * RFC Editor questions >>> >>> Please review and resolve any questions raised by the RFC Editor >>> that have been included in the XML file as comments marked as >>> follows: >>> >>> <!-- [rfced] ... --> >>> >>> These questions will also be sent in a subsequent email. >>> >>> * Changes submitted by coauthors >>> >>> Please ensure that you review any changes submitted by your >>> coauthors. We assume that if you do not speak up that you >>> agree to changes submitted by your coauthors. >>> >>> * Content >>> >>> Please review the full content of the document, as this cannot >>> change once the RFC is published. Please pay particular attention >>> to: >>> - IANA considerations updates (if applicable) >>> - contact information >>> - references >>> >>> * Copyright notices and legends >>> >>> Please review the copyright notice and legends as defined in >>> RFC 5378 and the Trust Legal Provisions >>> (TLP – https://trustee.ietf.org/license-info). >>> >>> * Semantic markup >>> >>> Please review the markup in the XML file to ensure that elements >>> of >>> content are correctly tagged. For example, ensure that >>> <sourcecode> >>> and <artwork> are set correctly. See details at >>> <https://authors.ietf.org/rfcxml-vocabulary>. >>> >>> * Formatted output >>> >>> Please review the PDF, HTML, and TXT files to ensure that the >>> formatted output, as generated from the markup in the XML file, is >>> reasonable. Please note that the TXT will have formatting >>> limitations compared to the PDF and HTML. >>> >>> >>> Submitting changes >>> ------------------ >>> >>> To submit changes, please reply to this email using ‘REPLY ALL’ as >>> all >>> the parties CCed on this message need to see your changes. The >>> parties >>> include: >>> >>> * your coauthors >>> >>> * [email protected] (the RPC team) >>> >>> * other document participants, depending on the stream (e.g., >>> IETF Stream participants are your working group chairs, the >>> responsible ADs, and the document shepherd). >>> >>> * [email protected], which is a new archival mailing >>> list >>> to preserve AUTH48 conversations; it is not an active discussion >>> list: >>> >>> * More info: >>> >>> https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc >>> >>> * The archive itself: >>> https://mailarchive.ietf.org/arch/browse/auth48archive/ >>> >>> * Note: If only absolutely necessary, you may temporarily opt >>> out >>> of the archiving of messages (e.g., to discuss a sensitive >>> matter). >>> If needed, please add a note at the top of the message that >>> you >>> have dropped the address. When the discussion is concluded, >>> [email protected] will be re-added to the CC list >>> and >>> its addition will be noted at the top of the message. >>> >>> You may submit your changes in one of two ways: >>> >>> An update to the provided XML file >>> — OR — >>> An explicit list of changes in this format >>> >>> Section # (or indicate Global) >>> >>> OLD: >>> old text >>> >>> NEW: >>> new text >>> >>> You do not need to reply with both an updated XML file and an >>> explicit >>> list of changes, as either form is sufficient. >>> >>> We will ask a stream manager to review and approve any changes that >>> seem >>> beyond editorial in nature, e.g., addition of new text, deletion of >>> text, >>> and technical changes. Information about stream managers can be >>> found in >>> the FAQ. Editorial changes do not require approval from a stream >>> manager. >>> >>> >>> Approving for publication >>> -------------------------- >>> >>> To approve your RFC for publication, please reply to this email >>> stating >>> that you approve this RFC for publication. Please use ‘REPLY ALL’, >>> as all the parties CCed on this message need to see your approval. >>> >>> >>> Files >>> ----- >>> >>> The files are available here: >>> https://www.rfc-editor.org/authors/rfc9941.xml >>> https://www.rfc-editor.org/authors/rfc9941.html >>> https://www.rfc-editor.org/authors/rfc9941.pdf >>> https://www.rfc-editor.org/authors/rfc9941.txt >>> >>> Diff file of the text: >>> https://www.rfc-editor.org/authors/rfc9941-diff.html >>> https://www.rfc-editor.org/authors/rfc9941-rfcdiff.html (side by >>> side) >>> >>> For your convenience, we have also created an alt-diff file that will >>> allow you to more easily view changes where text has been deleted or >>> moved: >>> https://www.rfc-editor.org/authors/rfc9941-alt-diff.html >>> >>> Diff of the XML: >>> https://www.rfc-editor.org/authors/rfc9941-xmldiff1.html >>> >>> >>> Tracking progress >>> ----------------- >>> >>> The details of the AUTH48 status of your document are here: >>> https://www.rfc-editor.org/auth48/rfc9941 >>> >>> Please let us know if you have any questions. >>> >>> Thank you for your cooperation, >>> >>> RFC Editor >>> >>> -------------------------------------- >>> RFC9941 (draft-ietf-sshm-ntruprime-ssh-06) >>> >>> Title : Secure Shell (SSH) Key Exchange Method Using >>> Hybrid Streamlined NTRU Prime sntrup761 and X25519 with SHA-512: >>> sntrup761x25519-sha512 >>> Author(s) : M. Friedl, J. Mojzis, S. Josefsson >>> WG Chair(s) : Stephen Farrell, Job Snijders >>> >>> Area Director(s) : Deb Cooley, Paul Wouters > -- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
