IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"Salz, Rich" <rsalz@akamai.com> Tue, 01 April 2025 14:52 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BCE9015D64B2 for <tls@mail2.ietf.org>; Tue, 1 Apr 2025 07:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com header.b="PF5WpaMY"; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=akamai365.onmicrosoft.com header.b="jQYgMipL"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id khRG3quLqytc for <tls@mail2.ietf.org>; Tue, 1 Apr 2025 07:52:22 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) by mail2.ietf.org (Postfix) with ESMTP id 214E815D64AB for <tls@ietf.org>; Tue, 1 Apr 2025 07:52:21 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5312CdfY027259; Tue, 1 Apr 2025 15:52:21 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=xb8zjUUdcadTy1MrfNA6fH on217692o5OhHRh8yQBkQ=; b=PF5WpaMYp5Z8Bb0NABVO7EnoV+aJ9dxvSynyWr J8fXChr8xVFtpHhcbLxpbh2q2VYC6qCp8NeqXfVNUC0INLzRG+ZISHOYNgiusKG2 HgSgsOQjz7qCstzv1Sj3cZG2SxmbR1rRzySP96eHS7UwQPI6MyN2dnv0r7IP+y7L yobqB4quVHQpGryMMm5bBEwPgYMZ09QOpAM+J+WJJ1R6zGH9LxIHR/qmfgLrhRgq XYYj1W+3LiMMEtkcqA0R5+wiAXy5KA437BUtj5JlIfqGulYbJLqwQO+paxGj15vH SQcFPV2TjVFiSv5G2EWQmqwu03Xq2hav/VUT/xNh44jPbEeA==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by mx0a-00190b01.pphosted.com (PPS) with ESMTPS id 45p9swxu5m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Apr 2025 15:52:20 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 531DC7ae030915; Tue, 1 Apr 2025 10:52:19 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.202]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 45pc6wst54-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 01 Apr 2025 10:52:19 -0400
Received: from ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) by ustx2ex-dag4mb3.msg.corp.akamai.com (172.27.50.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 1 Apr 2025 07:52:19 -0700
Received: from ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) by ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 1 Apr 2025 07:52:19 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (72.247.45.132) by ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14 via Frontend Transport; Tue, 1 Apr 2025 07:52:19 -0700
Received: from IA1PR17MB6421.namprd17.prod.outlook.com (2603:10b6:208:3fb::14) by SA0PR17MB4426.namprd17.prod.outlook.com (2603:10b6:806:ee::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.52; Tue, 1 Apr 2025 14:52:17 +0000
Received: from IA1PR17MB6421.namprd17.prod.outlook.com ([fe80::895c:51c5:a4ee:93d0]) by IA1PR17MB6421.namprd17.prod.outlook.com ([fe80::895c:51c5:a4ee:93d0%4]) with mapi id 15.20.8534.043; Tue, 1 Apr 2025 14:52:17 +0000
From: "Salz, Rich" <rsalz@akamai.com>
To: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Thread-Topic: [TLS] WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbowXkvURyJnTizki5g7SAj+PdT7OO5K/K
Date: Tue, 01 Apr 2025 14:52:17 +0000
Message-ID: <IA1PR17MB6421C147672325BAFDE3C7F2CDAC2@IA1PR17MB6421.namprd17.prod.outlook.com>
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com>
In-Reply-To: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: HtC/tNT/HykUSbzaSX2W8j2WuF0V8gOi0xs23FtjIIieXSH6SpYQpNNTPFdDxeY9RdJEGbfvBLOtXMyhpv29q2m/ItTBlpx+z9rlpZ37hSsHjGjVIKIUnPrzSEQFewCGYvYZkcC+VdY46e6LHg/lNIt3wPhCy8XzaXk2GaDG5GGOGBAawtGd2/3JoO6brbC0/7ebot6EmCyfv/CvEyqITt8kBJDty8qklPk+Md/tQL8nW2bPl7OVyvrWs9zy+fJCXwVoW7n0SoGZfuCz+byrnnZQavn5ixlNFkf68+bUAaeHYrajh0xQnQwqmnOUP5d4R60ehhJDlGNFeJ9vsCYtbogKNcuL9dVebHRoyYWzBjbBsDH9sAYl9lkwxRBwWSA3jhTtNItE6RIIhXdNrmjPCW2/hR5eEUmhqK1MoqvEBiKwt+CWiXzVcjF/opnaYEI6Jm/sdXE3eBTpzcV5QdX5FW6JmRev1d99AZHZZuheo+tgO2GAopbm4h1hwWrKPAeVy+R+orP6n4LcGHOMTbZfFEqxO1aHSQWb+VlmR5LdjktggUR/hPZC68POuZ5GU37gkq9Hu7nbrqIe1YkZJxW7AkT1rW45J5+kbtEzyEAXMUz0m5Pw5k6RdQUiIs2A0kgZTSkqR5RMTZEPoZvE/3+RZnGwTyRBNC3Ih4XU3Y21c5/4L4/BYbdz4s37soMlwDOl/lhYA5FM6qTmb5KwkFJoOdXYofRMnim9u/JxzWfI5+zQr0l0wymlBGxmQ0Ju/sYnNJn+PvypLP1Rsgu6WTEosKds8Kz/V4d+NynrnIs9J+ZPf/HrzMpPmtW+xWvzAyrboJ3N+Purbzjyli8URF2Li5jhKT7Hv7X/7di9hgvMDzpZgM9jR5lcmeONDvxk4RuNpWSqmNZlOFSbPO/oXMcMd/3HBe2zbES97WzE6KSskGa6xmRM1ygMbTVJ/MuUU/JyvAMzK8r79agNjPt3hEz3MRyWqlq0sOU/kYlTZS67dx7IatqpT4Zrq13GK5NfwK8NV5HIxmGAbvIIzrQbzusVApbq0Hm2fEWuimnCeJK4SEg9qaouzREcws8QuUF/KQFn41gA/nBhUTWHCSu8FVHNrSlo95IOVcpplvODkzSCnIMVBD71G0APcTAT++xCE5yk4kbNB3eLu8kofQmgcbH/9d1FgOCMZFYJwGhGQbMOwvm+JApjGS4PblOyCSJGshdXjMTQTdFiTAvPH13xvJf9+54XuoH7UD8rA/u45Mot3PvW1NJJcLIZ+SqW9rPZyig7JSDHO4350YydShJ4BlWX+GJnPu32FNN6snxfaSu/3RoNfT327mxDHhXgEj92BCc7WRJbw0Mg07iLcvB9i9LG+hk8MU5hcUZN15i+IKOo45/kxQuHAaMsqG/c6cHVG19hqP/1NXUtMizJAUdmdmTjwAYlekMi4O7D7axwpe9JsmChPcvC0jQ6OwuhQipLODFH
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MK0bPnqatObc7d/44IXfYS1o+Y4+rYQny7IDTtMsHJ2pXmLwxgTdKzcuk2mmMFSsu9C68dVIiH6fjSQqf6m5WvZkWnAvamBfb9kzURDbW5hX3DAYGJB3z+FPDwqnj6SLXfJqtWcSOfKnatcxuClqtNvgoS+HDMxwkL0GgLAjauGTpuOdsM1f4GL+8urpGYBY8GPR3kBjl0FEoAUkpHrVFQqLofXRgZtLG+81NgeIznJrlePmAvMkc69xOqMwIpRpcuPFbcIn3W5lL4h+JxsW46DKJ54PDyaR7fj2o3OkC7bFFMCZSvAqCRFcpZypEkxWthbS7b8LDlcvZ09WaBgfn349eYktNqdKoCAPpTm0tvBVaHNt7U4EU7676GkFD7I5F+MWAE+Jvbo/ifjGdlmPAZ8BzCyC1EPiGN+FYpIvLVsB3y8nyoQEttSKzHVw5D6wgZcBToT8CabO80HCr/tD6qghMlG8AScV5Y2gsOkkQl2gjbGIa2d1dx/4orUcxPKuVvE/vj9s1RGUmdPYTcb8YGwfTd5tl3xNvx12TEXOepd6xYWYph89MnIIfJPkvR52k3iV6xrDwEWnGMGTyCT+VZY0ch41f5UiCmFFFxrwgLQDttmAVC1HejBvDwEC+m8J2QW13H9xztN4d2C6STGrhxZiHJEBEXrWvU+RPqxKIh69IMapMXQFNONdSEM9F7Op1X8N/RDABTqZBbew/zThtXUNTtbUUHixI9BW00P+Vrk3l+oQr5nPM27gCdnkCcrFhCCAcn/hPaEW54Uy3hw2fZPhneo2BWQtoXRaB3GbZTTr91q+jBV0YD3AM1ArwsYDKg38uO9cjWcD4usQJihY+74p2NtiRYb6uufZU2csOa0UPoEZgB4BPL4x4mWGI5BcIXq6YVo5NLSf+mP/PnVB9DMWDC7YNcFlIg4t8zewSUKoLhp3BbLrn+o2Kj+0NxGWeH6uDXTPGMAECKWtRSe2DbOvOW0Jb5Ou/FNIhNU/HdUxdja9M/vzm6vAFtQpLDzTyBD1IOiwdnsQCmJAUQA/9daXC81O7yoHIzdTb1ZN0Mm2lHX6m/1n2AqVY34Ks3Lwib9kMAQWAYbKoYHwNl5FxBreXsxfUBUDNcrN5Iq3XY9TX5aZJ1hu4xkRzGkdabB2VLopBnQ1s81aZzdKAxoqk1Tuybe1XuwakUgsrlGoNVVzU0GiDGRRz90A/0xaMs5U+EBV2kGJDPxdqmpR/WazqdhJqCz2KzuoPcxizowXM7XqZZKA6A4fxkmWKZG+hIHyn5in9Mx6XSR0ZUKZ/93h0rdXYUsVy0xTF+C6n2v/Dqw0ZM7PhSU9Kyin1X1SkbqiBd/aehFXBegtf2CEWYnzk3Vs8a6gVaYzMqKreiOj3bs+aGRPcICDP7I4hesl3wp6q4yKLZ7SZuYguDVpP7Jizxxt5rZg5oglncGktysaR+QFoX4n2/SnQzCO/AbSd3o9D7SbsBKzJkoYLPz/oNhC4S4FMlnMudDKB98/aH34Ol//p4dr007SWDjlkopO1KLjrH2rvmowSTW5m7ZfC2b0P0p5lAH7w+9V0r9UWAGcGv/UwGXiBbrxU20nsMUsOBQuJdzvmSog+Q4FOxPk5VOFABSUxX0b4q/E7ZOZVyXqyhN9XWGBu8CaqzqnANL2jYRP+KV1Tsh7ZtJnvkPq/Zvdcw==
arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Z3hA93zs0WWoHlh7hZFE7+U2kKInXTTPglANv2h2PZbO6mxAxm5AA3/kQPDEJTIhGQEzZw3vS2SKPQ0O+ZP0yLwPhENRClCVuSdZwJoyyh57Y51lLD8bfZ9O4aL5RgO7WkuCGxJzc7OBL5N5NK/jqCyZ9aPGHRL4SPh/ja3OuualRWYn8qJFLgiAZOb4LWGhdVODzLnscvD4ngRUDLBlZmkgMtzE73nQE/CTFbiNGe6dnsJqLAfvaQJpTlHXyz8s3gTeJKh0WzeHjenj0Xb3b5trbyI4Ykgw7i8qLUFdRethEPGbwoK4S+wyMhpc98wFm61lmniF7TaI0U7gE4TlwQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uRSvQf97sZcQgfhQ2m72YvpYKmEkD6YqxwaT6TgqBmc=; b=MNH84lK1sTguUp31X04QJIEN3Um/yz/d1OY6vU7vboTG0xUoGKQGjWuOM0XIdF7ZeyNqu82tgXaH8NOcZMP6mDQXsOe8ObVa1ao7ozahpNls+L/BZ5qcLgsYwm9mUr/A081EfiRA2trEUqOIY4DY0blXIlg4pleXAzspSQ3YaE94slzQ8MzHSfFBpw5XjpHn2TxHB3b18PvbwQo8aA8efoN2j3wxSU8zF6XG9WCIB1OolGIxmqgAWvimSddTxr2hAyU6gePYKgCRPtWgOKmk4za3D1P00il11FtcoUrnYtlVgbq2yG/oEUySNMRRiRoplMW8hNHeNsM/eA9tP9iwew==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=akamai.com; dmarc=pass action=none header.from=akamai.com; dkim=pass header.d=akamai.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai365.onmicrosoft.com; s=selector1-akamai365-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uRSvQf97sZcQgfhQ2m72YvpYKmEkD6YqxwaT6TgqBmc=; b=jQYgMipLvogbhXe9P9NTsCrtO1m8h0nhjJQvpNZKAjtLUiWNf7kCwFtABdg/cEO6Z2Z8tamOz2ef2JqlRBsHffOevDM8eCbLjxcjB/LeW3uz3tKt6KzX5f/J1BtkGaiN6L3eHSUDq9x3EOs8iGYQurbKH14D//jMnVXqka5EcW8=
x-ms-traffictypediagnostic: IA1PR17MB6421:EE_|SA0PR17MB4426:EE_
x-ms-office365-filtering-correlation-id: 9f955daa-86a1-4463-ca1e-08dd712ccc32
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|10070799003|376014|366016|8096899003|38070700018;
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA1PR17MB6421.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(10070799003)(376014)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: IA1PR17MB6421.namprd17.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 9f955daa-86a1-4463-ca1e-08dd712ccc32
x-ms-exchange-crosstenant-originalarrivaltime: 01 Apr 2025 14:52:17.4766 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 514876bd-5965-4b40-b0c8-e336cf72c743
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: Io+KvNALndqDRBUiS7dahaZh1/WA0MCTXhcNvMytM+HR6xmlaMNt403h8BzXS1qv7CUvaTljSEILZVffCHJncg==
x-ms-exchange-transport-crosstenantheadersstamped: SA0PR17MB4426
Content-Type: multipart/alternative; boundary="_000_IA1PR17MB6421C147672325BAFDE3C7F2CDAC2IA1PR17MB6421namp_"
MIME-Version: 1.0
X-OriginatorOrg: akamai.com
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-01_05,2025-04-01_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 spamscore=0 mlxlogscore=813 adultscore=0 mlxscore=0 phishscore=0 suspectscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504010092
X-Authority-Analysis: v=2.4 cv=JrHxrN4C c=1 sm=1 tr=0 ts=67ebfda4 cx=c_pps a=3lD5tZmBJQAvN++OlPJl4w==:117 a=3lD5tZmBJQAvN++OlPJl4w==:17 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=XR8D0OoHHMoA:10 a=g1y_e2JewP0A:10 a=__9qHhQw0bKZI81_fW4A:9 a=pILNOxqGKmIA:10 a=7jBqKnKQzRwA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=uWcwX45A3lcR8WFU:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10
X-Proofpoint-ORIG-GUID: Y8L7J5qNWfXXtLrdr-AcfXdzUNSc8rps
X-Proofpoint-GUID: Y8L7J5qNWfXXtLrdr-AcfXdzUNSc8rps
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-01_05,2025-04-01_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 spamscore=0 mlxlogscore=635 malwarescore=0 impostorscore=0 bulkscore=0 priorityscore=1501 phishscore=0 clxscore=1015 suspectscore=0 mlxscore=0 adultscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2502280000 definitions=main-2504010091
Message-ID-Hash: 4YBBRBWP6V3UO55QR6NQVFEDKFEXQVJC
X-Message-ID-Hash: 4YBBRBWP6V3UO55QR6NQVFEDKFEXQVJC
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0f6XBGPElMLNoiS1Eh3u7EhzoGc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I was all set to say that I am in favor of adoption, but Stephen’s post changed my mind.

The conservative and safe thing is to stick to hybrids and that is what the IETF should do for now. Codepoints can be assigned, and an ISE RFC is fine. The only thing that is missing is the IETF recommendation for “Y” and I am opposed to that for now.

v2.30.2 | Report a Bug | By Email | System Status