IETF Logo Mail Archive

[MLS] Re: New Draft - PQ Combiner

"Hale, Britta (CIV)" <britta.hale@nps.edu> Tue, 28 October 2025 19:18 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: mls@mail2.ietf.org
Delivered-To: mls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8AE5E7D9C01E for <mls@mail2.ietf.org>; Tue, 28 Oct 2025 12:18:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9U3NFDwJKzgZ for <mls@mail2.ietf.org>; Tue, 28 Oct 2025 12:18:24 -0700 (PDT)
Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010023.outbound.protection.outlook.com [52.101.193.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EAA487D9C017 for <mls@ietf.org>; Tue, 28 Oct 2025 12:18:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PCydssLrMUH6nV+NzA0ppCiGv6RDvd3gKET/6TwNsswHwsLp08sCG9l1fa1+Sc9SDm1Q0KT+B//EexWuIlDYcv78frpF3JA9CWKEMEYuZmSodnc9cQCVP0X7HJP7O8p0KWqFuYCatHMTagj/NSLdx6GOTN0R3C7m87XB4aO5z9PPRG0L/yOVZ8ESd1jO0SuVpA2Kw42ROnohxc68pZmyoXmfFeEUXLC9eGRsRDSLSnj8vNnaqLyHx3Jwy7yioPuBUTo3sNhZSKUZJ6lvEtFtX1C701dIpM4EMPlLp0j7KeHZqQz5Gwadfc7KjHGYQ+iZSMKS5mFH73SKDS23FdZXPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=elHr0aBG04xvmMhq/3Q9hmmMFbXIAsDa6gr5wzG/9DM=; b=S3+8jzFf5V8aFNyzA7xEZq523qQwApPewV/1yn+S2CIrJZtuHrH8Sypv9mSCXoHYzpT5O5GCCFd7/VqG5uidCGHyezMR9lm0INpB3xA5vJNO6weOBDPJHP3GEvfuHE8TqqXnYrOEw1R3i6I3FP8N+rYQ7H96wmDMdn8PXV62sMGiWM79M5mWUv9Kf4oHO0rcuoCb6dKH0IospLvEt999f5KrO2PcnIg+F2K+SYjgBc3A1zoTdWgUNw4wrZdBybKgGW0e0jJolCJ+n6qSAVzdaFSzeRqKTlOiAhFQdr1i/1LNFsTjaKDRMso0YC/7pRnUvBgVyG0P0/mtFe5fs57aRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by SA0PR13MB4144.namprd13.prod.outlook.com (2603:10b6:806:97::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.20; Tue, 28 Oct 2025 19:18:16 +0000
Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::e4c7:c5b3:6a81:8232]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::e4c7:c5b3:6a81:8232%5]) with mapi id 15.20.9275.011; Tue, 28 Oct 2025 19:18:15 +0000
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: Brendan McMillion <brendanmcmillion@gmail.com>
Thread-Topic: [MLS] New Draft - PQ Combiner
Thread-Index: AQHcQ7fDNsukOjvxSUKmIJHnB5SSZrTX2ZSA//+o24A=
Date: Tue, 28 Oct 2025 19:18:15 +0000
Message-ID: <9335508B-BB8A-4974-B06E-1D4D6D69023D@nps.edu>
References: <6E30DD69-90F0-466C-A604-8E0EE10A9CB8@nps.edu> <CAJTd26+ydDX8Tw8t_GeFz-dGy-VHXXwvW6dqLyY7=g58OAYeZw@mail.gmail.com>
In-Reply-To: <CAJTd26+ydDX8Tw8t_GeFz-dGy-VHXXwvW6dqLyY7=g58OAYeZw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Enabled=true;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Enabled=true;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Method=Standard;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Tag=50, 3, 0, 1;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_ActionId=05a1aa5b-8e22-4a9e-8eb2-f709275313fc;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_Name=No Label;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_SiteId=6d936231-a517-40ea-9199-f7578963378e;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_ContentBits=0;MSIP_Label_acbbd4a6-dc2f-44d9-ad2c-c28d4679873f_SetDate=2025-10-28T19:01:05Z;
user-agent: Microsoft-MacOutlook/16.102.25101829
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nps.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR13MB3348:EE_|SA0PR13MB4144:EE_
x-ms-office365-filtering-correlation-id: 1c9669eb-547c-4eb0-d50c-08de1656bef1
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|376014|366016|1800799024|38070700021|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: y9uPH8y0Ukje5O3jw0SO77Mf5KzlGGmF3H02ByOlxTyAzYPldTybvjlOLmZ2QVJJ/TTSYdSumihq4XOuUFgOWq2NByJV0lDH3FrV0HiqOwyxbR3OGG53/+rUpKMlgYjc+jO8mBXkPGKJyPU2lw4yHQ+bqO8l+qhYaavDoD2XzoviatdYMZqJSrAPlYk4Ps6evmmGwBcQinAsADM8OTcYxsg9aHi8MMFn/CiEWMFtTKuy7qn2hAuCLfa/KiS8iMvuVEPzju64w7BB7YOIjNCmYeRy2hKVqk69dZz1ygFB0elTdaUUpDvIshneGAj3mvvoU686Ub4LDIXYIlmMvFJCoCfAnrC63+wBVkG3UO21U5T8saKv5aEK/el8SXvamhrLqVbIj4Gk8U2Dun0a3AqTTEYcj3wHvbgJk6ul6hWna12r5elGWOMMRPSvBfcJOUzWVC9i/N8lSz4cIqIuQeuzxTNu4z49OeJ0Y98YmVHMSIANmUdzO4zvEM3wNIq01oWP90WV85bwZdMb+auR1+M6OmEmJbSVPTtW2kMe0POeUocJZFTSoQzforT1lHRNO5vWiofv+qdhikBvDZhdl4QAYBDULVQqtTts4d2B2cA8Z6o5VLAQPUmM+w5PDLsRyVgYlp9dHGTm4LfCKAuD50KO0ybj8qzKzqjTKF8p9ZJ/J5CVHXfP2Y6aKvtqQwJ2tH0sGAjNnIfFp5XPzsBgmCTzxy+tOJbpeYBAGI1opRQxKOIFlykhmXIzVDdLPF91l8/PG8dWTxXpny00tl1D1XtSw5b6oqecPUcP6oUNDQkAIaGhkK9HlrNARwvDjKDCFv7Ivf2tC2XebThD/NisNmXfnLG4OcYkJQAuwblCKPlhIkw5eyxO508IXq8OI/bc+AprKiSAOQhAPY7VFOOYyMWOoSPPwoZakbMFrwfu4q3KsoLlsAjmDE17tZGfse+wXKfF9LxhBPLLDCbIINL74tKlI7986gzf9VbcRVk8BoM+H0gOVQh36dQyJy5eMDzfHKpA13vArBwEepru0eIBqh+buOFl6KVAEGYMxKbtO8Mm9Gloqx6k0CLQ/HPnOB3xbVGk+4jl306pgkSgx1ni0AttJUfawtuNNRc3gbto+qyJKjPTHzi16+k0ssFlmzqIxizr4uBu+PhWWdEKGz0i2n/S/i9/3Fg9sJnSZxjgYGAIRKbMp3t2VLRXQdSp6Wke4f6QBMMj5LoNZ0yS1U+c+H2CjakNbJ2Sb2Krsnc6oJklbIS1WjHTl3lWnXAdF6tw+WjacgbU4ZcuJ1k07/lFf6rlkJc7qdJ8X6Z0pQqU+1hhS8aKWIUR4rdoQ0FV4JWshodUocANEww/mOKLFxPMtY8Tj2rUMg2WqHcRGNgxzB1UCeyVj+TPIIWHVGBAstE5wmlEGGnOvyNS8aiyH9ZWrLWmIUjnh5OUnHzZyKTqlU1qWT3w76AK1qs7AnhMhqE09mRGJoiE2x9VCXS9b2V3s4NS78ie87okz3p2wri+CxrW7NBLNmG7NP7c9amrjTMlrT9p
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR13MB3348.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(376014)(366016)(1800799024)(38070700021)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: C80hAIvZo7YBh1SiiFaRzsXiMc313qZxT2DjTtglDnBsMFcsgR6jhUpfYJyIQBF4vnvuSQzU1T+QTFkXS6tVwrsvy8sztESakzrhK7N7ogTgdStqMJ0njnxXj25FJ8kqdvAWm3D6F55ElwPbfCAaAApCN11WVlAna0z2yO+DVWsBGllc7bpnWHYM6a2eGXGso1KuDDY1HOgpIcjpsGlceVaolwobCeofkYSTimIFZA6WMkMsN8e9nn9m2U9mVWpWv6ZDZdnNjvcy51wwcgw2x+IOQRUkR4vhmmR03e/5ApfF6KxIcJVF4hNH2Wl23ZEGpsWtxZAzCunfC2YV9C3tXqN61l073Je+aBKQB7t7o3NjPFldxtGU5yphjyIAS3Zv2P55BdceX7Fzlgl5CscipwLT3QYncVqJ40fYL3gbZp/srtzoRcaQORWrwXpoiBxJUTgGtUyfch1AH+RCMOxTTnl2WGIlAo4JXPsn1OWQUFLrQsiJTfF4XWz21wfcuLmKj6plQdCYhhHzvYyHwaBmqzn7n1UcQS++WccsqNGF3rOappUD+mNNQDllJagOQotmZ7cZvayM2nkeEvEePNkt+sNrLfD5ex03zlYbsWI5z5EiUDMQWpfNfjoGSmGchYpRkXWdOKa1hJvOOKxGQ9hB6XaNYsUVs/wNVdmKBigrQPmifDS/MoYwvdPJBS4IwLkhahPmoxdJqeILBp12T5iAZ/aWgmpiwvVECPm+CQ4so9ML/GTzEAQOrqRD7OSgGZlLVS7Cqx0o3axwIj+H5WKKET7lrVwDojbC7GhR9jJv48TIj9PoY3La/VvirHcxBNNX9A/fvLa7QzrVpq4dRpB+yfIh6mRnSCtXnLopGSEtuX71dPnrQMzYWyaHYe0qBIlnq+pic+L4xVlnFJMccRGo2McCH/FIUThEJMU/FPc8GpCmAU+Wc0NFFhh55HWthL/LQU2AMm8VGZCoZ2wSPNNwBkuB7oNvlChfV7Bh1L7PytMh9jh8rHhGV01P7XaJxl2x/yR757S5GKtpDdH3vzwdcUtyfi1N+/jkDHacny1OalChRZmvga+R2caRMkBEJLXplEnILWh/q6Fm13Yq7eCXERyqTGSstqQRp6zoF3ufBt01nsnGyN2Vm3+FyO98z7fakTyW5Al3T6JfcA4YiE9iYyJ2vm7e2jaQhIOPcn7UFn9VpAIY6d7z+0/zUd7RwMXrHTTI7WOrTAB163Zt86r5pbYmXTvKIJ7UegEBwS6ex7rvkQ3h8VFCEVL+aJpYeJkVgWeVszeLv8JPcbi74wHS4D6L67yBB9KlvuACq8v7M6sE2xmuqXS0EHtZLVCOc63YB/TRy2I0FP2AcVIpfXElE7jxrToXrfSqYLcUKIXn3wFzOQIIwcuXQ+LlxFlH64a5o3Q6hjdDBELbnz3jMXTZVtekts7zcqKogTwRwla6DHEhfZbXioS0WFHM/BP1IyKvJJ5IebWlRJOLrNGS/JCvSLmXhNd63JbIlQefgHbbqVN0WM1l2EVq1nlJCuPhOUvb29gQvemo1At9LmNFEPZJR+f+TeRN49TpeLrMGq5c98l8OeEhjIFYNP5oCs1dROtxUZuEJINfmE0lItbUigODAA==
Content-Type: multipart/alternative; boundary="_000_9335508BBB8A4974B06E1D4D6D69023Dnpsedu_"
MIME-Version: 1.0
X-OriginatorOrg: nps.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c9669eb-547c-4eb0-d50c-08de1656bef1
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2025 19:18:15.9393 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: q5n6Dgq5bUpnJs84ka8ypgLzmz8YOFJ+z4jhhdON0idL+h/WGX0nQX4xSVlRcZZZu9YjcD/dKiHlGsRsT+Usgw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR13MB4144
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 205.155.65.226
X-MS-Exchange-CrossPremises-transporttraffictype: Email
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating;SFV:NSPM;SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: SA0PR13MB4144.namprd13.prod.outlook.com
Message-ID-Hash: QIKRSU72ZRRBLCFMWTVY2BEBPM3AUXF7
X-Message-ID-Hash: QIKRSU72ZRRBLCFMWTVY2BEBPM3AUXF7
X-MailFrom: britta.hale@nps.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "mls@ietf.org" <mls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [MLS] Re: New Draft - PQ Combiner
List-Id: Messaging Layer Security <mls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/A5Zn1AJ9SUBKac8_0eDfNHHJHlE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Owner: <mailto:mls-owner@ietf.org>
List-Post: <mailto:mls@ietf.org>
List-Subscribe: <mailto:mls-join@ietf.org>
List-Unsubscribe: <mailto:mls-leave@ietf.org>

Brendon,

Thank you for the feedback and review/catches. We will take a look at those places and update.

To answer your questions:
On group context extensions: It is certainly good practice to have the context extensions committed to in both groups. Technically, the combined group has a single identifier so it is probably redundant to enforce it across both – I would be interested to hear people’s opinions on whether it is worth doing or not.

The line in section 4.2.2 is to require that a joiner’s first commit is a FULL commit (i.e., one cannot just start the protocol on a PARTIAL commit). We can clarify the text on that.

Cheers,

Britta



From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Tuesday, October 28, 2025 at 10:30 AM
To: "Hale, Britta (CIV)" <britta.hale@nps.edu>
Cc: "mls@ietf.org" <mls@ietf.org>
Subject: Re: [MLS] New Draft - PQ Combiner

NPS WARNING: *external sender* verify before acting.

Hi Britta, some minor comments:

- You designate the "pq" group in `pq_session_group_id` but I didn't notice anywhere where you actually verify that the PQ group is PQ.

- Do you have thoughts on whether group context extensions should also be required to be synchronized between the PQ and traditional groups?

- I was confused by the line in section 4.2.2: "After joining, the new member MUST issue a FULL Commit as described in Fig 1b." which I read to mean that after doing an external join, you have to do a second full commit, which I think is probably wrong.

- In this line, I think (signature) is meant to be (symmetric): "More precisely, it provides PQ authenticity against "outsiders", that is, against quantum attackers who do not have access to (signature) secret keys of any group member."

- There are a couple of places where you say "is NOT RECOMMENDED and MUST be rejected". This is duplicative. NOT RECOMMENDED means generally not advisable but may be done if you're smart, and then you follow with "MUST be rejected" which precludes the possibility of "may be done if you're smart".

On Wed, Oct 22, 2025 at 5:56 PM Hale, Britta (CIV) <britta.hale=40nps.edu@dmarc.ietf.org<mailto:40nps.edu@dmarc.ietf.org>> wrote:
All,

Thank you to everyone who provided reviews and feedback on the Amortized Post Quantum MLS Combiner Draft (formally Hybrid Post Quantum Combiner Draft), and especially to John Gray for volunteering an extensive read-through since IETF-123. There is now a new version of the draft available integrating feedback:
https://www.ietf.org/archive/id/draft-ietf-mls-combiner-02.txt

We would like to proceed to last call. Any final inputs prior to that are welcome.

Britta

_______________________________________________
MLS mailing list -- mls@ietf.org<mailto:mls@ietf.org>
To unsubscribe send an email to mls-leave@ietf.org<mailto:mls-leave@ietf.org>

v2.35.0 | Report a Bug | By Email | System Status