IETF Logo Mail Archive

[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 18 April 2025 21:27 UTC

Return-Path: <prvs=8203995776=uri@ll.mit.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A6CD61E4F3DA for <tls@mail2.ietf.org>; Fri, 18 Apr 2025 14:27:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kk-emI2xepCO for <tls@mail2.ietf.org>; Fri, 18 Apr 2025 14:27:28 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) by mail2.ietf.org (Postfix) with ESMTP id 06E6D1E4F3D0 for <tls@ietf.org>; Fri, 18 Apr 2025 14:27:27 -0700 (PDT)
Received: from LLEX2019-02.mitll.ad.local (llex2019-02.llan.ll.mit.edu [172.25.4.98]) by MX2.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 53ILOWs1142403 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 18 Apr 2025 17:24:32 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Uk/jruO9U58IDhCx0Aj6FfplWlxPfvkpZ/BZVTlju4nlIZcbfhWUuGpQ6198pmdwIAUPyK2CAI90kmVNsqfHxhbe3BGBQoUzhSc3pxdh6dy5gLIj//nIIq+vJq4Bst0trlGTE51OQDRoYMOC+CJE616jZagFJ+inxhVBxgY1GP7A5XDTXdeqNuVno0ja/g75UhkXs8kV+H89BZXxpiDwVmmJMJssAmoSU/uLcsBhgL7nMSfTO6dLDzw6Dltivn5ahpIBaHDTabgi9XB/oAb1p2slQM2+fDoRThpAOkbXSFugySlo38Fv0KllpPjlsTWjejAc4F173nJClP4NWqr3JQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x2BeDcDQ46DdTSv78hlq6lFnPpO1/xQcATAAQtiqwWI=; b=0VqHyEsXesnMbnevnyFo1vZ1859AXMRVPpXIfxIsNYp2DXZUsq4WQCd1hKPm8odSwE19R0lflnia4BzoHkMEkkdCIOrI3s7CjWS4vJuY2EjtymRn6Yl/HF22jRfZRAfZ/F3Nh0XBJFO4ZwWKBkDRK2ofK78iSPg+9rGEcqp1px99n4Aqj7GNUwSZBDILl77sNrBRA7tLON1DdFGw5QAdrr56dKatRGu07gQy5rGNpt4O/O0DHkitla+g9W4Wjo2eyGYICRICi/TAvWMgSG5uZ2jeShjszFvEUGcwD7TqRGgCpxy/i7wB6Besyih86gVWPlhqPV+vhCWocrXBGF4Ivg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Benjamin Kaduk <bkaduk@akamai.com>
Thread-Topic: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbr8D1fIeuFLcEp0qEAoezR6xNsLOoWY+AgAAIKoCAAY45aw==
Date: Fri, 18 Apr 2025 21:27:18 +0000
Message-ID: <BN0P110MB1419804C8272218B2B229D0F90BFA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <5dd1e81a-c37a-ceff-b89e-b4335fca07b6@nohats.ca> <56e646395f67e27ff11a092d5989c1c85eba2563.camel@aisec.fraunhofer.de> <CAOp4FwSJpvn6f=3utd4yBE=ftkXQ4h38FT3VQ1XOhrubqgu0ng@mail.gmail.com> <BN0P110MB1419E8DB9B38B33F41A6234590BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <IA1PR17MB64212A6A5AC34467EB83F2A5CDBC2@IA1PR17MB6421.namprd17.prod.outlook.com> <BN0P110MB141930A9829053013376FF7C90BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <aAF0FxjVgb7EGdGR@akamai.com>
In-Reply-To: <aAF0FxjVgb7EGdGR@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|PH1P110MB1020:EE_
x-ms-office365-filtering-correlation-id: 24c618cb-4f75-4872-28e1-08dd7ebfcc20
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|38070700018|4053099003|8096899003;
x-microsoft-antispam-message-info: OXHfowSyBRWF6kiuHpMqu7UMrAqQL9nSwjUvBTJxl1vqhprfF6jsiUiZpJ8n3bszd4KvnMe/wtOc7GmfhwAkNjtep/KxWdgSFpQ5SY44v96sqXXTcrS5sjs/9GBpfs69xD8IcR7NzJmLnvaUZtM87agTyqn2him1GQa0TO9ut8DT7qGgsESV7ILu57dVZ1Kf/3siU0E9Iy8w5m30H4CuBk/fb24neJF9J79w6zWd7Klb39YGbwjzA4HMuWMT7Q3OvCl1fVhbj+ZfLUuhMKOmfdQK/UTNJSWfTl2NhXcUj2U7LGvzqEZ+oRVFOrtbmBkXJhQvbvlwk0KNN83VBxJNYwG2aM818JYl7FDLouPmdq4AnDblq4nzwjsuJnZrm4dX1mdWPsYoTnEu1vNZyEJ55OBGNFx1Whwvp2rysHSBbGsianRmnqXCqZFo+89UheqI6gmdgR+cwihn6Zz7LiszDqIXJdEbcnh8O/YFr9NU+jiLIkwBqdWRPR4EivbhmOzCGmCSGyQiB3JGXTVunVuHcVwoqaBSpVStwjDxiHYNoTHKXXkwXxNV7CQs/vNuT3HYKOSH3kLwA4E522ZtHDE5wYeKBSfRp5xfz1rmPcHgVk2n3epvHik9BrqdvsMVyYvHhaN/e6NYemvGcz4nDJdt2txVH5IaivRRdRc4iANcD5JHfTPv6pSYHnWC4pyFktMOFZDq4OqxxdKawAXEpoO2oaRKeUtL5gV3iCDM/7MpO611cHSYccLSOKdk2fgpk3LvKxwRpk3ePd8SQ+sLUa2DLcZ5vIEW9gCiJ0B7svfIeiB+2MyAfOroSWF3RjoRVIkRSM0Ww7dr9UYrf/i5dkFZP/5w4N8fOPb35SA9MvyacMcnSXN47dwdXQKLNLgzdN64ZqE/UvXE6I1dOlrVp1famnLiEawPcBMqFc2OS/9HYy7HyJNSxNWiGyzVyuKFsd5iJhubL5NNdgy+e8pDmS4MXYB25VA27M+oiXHndm26PY8znMxHlCzHxIgX6nUXli/w7wQxo88hFbp6jkjoLpuJIDRhB3Et9H5m8Exi/kjKwedE0uYb8UQrMKQ/3JhO7dG0FsIWHtA7hnb8EMk870gKF2Cvt1YqRIgEKx95lT5EdMznthPZLsKIYv20Xgz1fgsD6y/GtTI9A1U6m/FGkMVdMujoh+OjlcrZ6uHlfmqIe5jxGOwF51sW311ltqLfgwvE3Y4N5CcBjHqP+PQGH3teprL81PsK+0tnhXHlcG/ZENgEQXyUBzqQGWWhMGfrUwHjoLdPo8V8jMOa8ShiS6cEWujstjS2YPYWGjIH9Ax2EZKUpq4bjs90gRUdD6My+gWXd8PZuUHNMcubtl5ePDhfuskPXSdjSdzYPcbh0CXlq8chvUQ5wdMEIe7eTNetSVWKU7SGrXc/bW6ABaEnVE6M4RLffwkj7esy9HN5C6uGk3s=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(38070700018)(4053099003)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Kkqc3vMR/L655yqsh90YepCr3m0MPdRrUfW7NjFZhSiDa/dIgYEKlYNUnfGhBy7zMT1mVIxZsNRHf6gLzraae2v9vxury2tyQpwQA0WUR4TpvXzV6VHSKn8AS3E9XWDbt88OCHqG4t3lXpOkERs9TNuFF4LCGX3kaem+TeRUd7C6wvJe/HLNRCBN8+P0rTseBHJCXlnUt7fkeIzQA9UA7zYCqQ7lak1L+GMI6Z8Y71t/eEym8BChAnRsflJC2YNtjtRajcNdn1hlZJk8hDm7ANe+Y88L3Gxcfxxi8DpzhmcOkmG2LN3zUV22NgE8qzu75Dsl+v717GpjeiotgrUgmrbbOhZq2STwhlpIKd8+yqEY708c8s+m+C8saeYE7Xu1iuoWZbM3HG6UCBzMIJdMgbfPg1zxNodhZCCjczn2kpz3GAGuuiCpB7on7W/FF8vyUxiDiWqhm/OT6c7xr4wx0krWyYb3dCImBqt4s0PavBATIXtv+5nIleGPx0U9smARVpV1giimrF/czI//2A0KK0WY7KssFyK4q9X7aXOMjkOMEAyYNSjmJgLqmxIWl8DuMRiXwtjUiJW2glg4b7gp56j2/DGOPI6SNX9qa3yEWY4SLNqdznfRp3WcPv/Riv88YtGr1eug743d/yf78EahadBYLXV+Ex+u5Fac2/68Lbi2luYdw4/rx6fF540lplkPnm2dull39RpJa16rmKtRGEjBcnfouXuA1KxxmnqyArRHbq0BE9jktdMbUV5VXB6dEHDn5RBqqNEGUmK0h7VsH6ESVy7+tMYV+lUh80aO/CBbzJi9yXVVJ5GBHtU8mQC2tMD3PzVscoj0qHV16tNuk8ZIcxGOArxgAaNtRXupUGa8Z+D9LGYyQ9c4mF4B4Z+s2KHnV4KglVXDSlxtkohC6nSU13eO6kREaZXp1HhBinf/7RAu8KcDutcPcihsl2pc+4nKjmww9EdWstGXgKxfIZtYgm87xSM6T68UjkGkja69jYG7oavgPDBbdv+zln6ss14bNZesgP6Ts+UNlU8e2Z9qyFT2NIaT+lmUTFTFXzZIC/1RdPH51mj6VFZvpc+BfLrFQC1ANSgAzaLuHZWxDq8dCrzQBmeSoKCmzWtumt62mQX61XaSfl+NF7XXmzPHt0tx9eN0rfPiT9OV9BzfJUbUG2Od46SSFS8qfaS2IzYRJRuw60BxRKDzmkugT31hir0NxzLou8v2azx7K9+A0Y2RQeMKtz9vVx44V4ELbgeFZ/qE0FtJor5TJtNJEFn5JhnyCQzJvi/hIJ3FpWtdaLE608zB+kxE9YUe8o9BVUKXJWKU+pjccn/zDKGLQKtZILLak5Vm0JDMBitCTcrZjX2psgxNiYWtIkx9L4YQOlJ5C5DsV5jWmCIhFdLxZe6YRUVzQnekO0XEdJutAjkZ9x0Fy0WmoD5Hgk/O3AmKLdA3mkR7mrt+vfRaYz/0njsm5dtPpTcfjL/hynaeBAmNitP6GNNLSRFUe27Evg+iCwcu20OFnrBZXg4Z9tvrtGu4
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_13770FDF-697D-9842-9872-087C29B984E7_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 24c618cb-4f75-4872-28e1-08dd7ebfcc20
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2025 21:27:18.4482 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1020
X-Proofpoint-ORIG-GUID: 45eWWviWNxuQGf6GrB9mVQvWpS6K5P1y
X-Proofpoint-GUID: 45eWWviWNxuQGf6GrB9mVQvWpS6K5P1y
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-18_08,2025-04-17_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 suspectscore=0 spamscore=0 phishscore=0 malwarescore=0 mlxlogscore=980 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504180163
Message-ID-Hash: UNSU6NIIBWEYBJYRI5BYOHEGNMOJFSQN
X-Message-ID-Hash: UNSU6NIIBWEYBJYRI5BYOHEGNMOJFSQN
X-MailFrom: prvs=8203995776=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1rEYZjUy2dhRyzvYqO-eBS3p510>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> There’s maintenance of the code for both parts of the KEM and ensuring
> they’re properly integrated, maintenance of parallel PKI structures, need
> to allocate the costs for two moves [1] instead of one which already makes
> some users argue (which can be a royal pain in a large deployment), likely
> many other things I’m too lazy to concentrate on now (besides, there’s
> that feeling that I don’t need to convince “my” clientele at all, and
> there’s little chance to convince this audience anyway, which dampens the
> eagerness to strive).

Thanks for writing up this list. 

Sure. 

Just to check my understanding: the PKI only comes into play for signatures,
and there is no PKI needed for ephemeral key exchange as is used in TLS 1.3? 

An interesting point here. For the current approach – indeed, ephemeral KEX does not need PKI. 
However, consider AuthKEM proposal, and KEMTLS – while ephemeral keys certainly won’t depend on PKI, the static ones will. 

And, frankly, my work is standardizing a similar-to-above approach for other protocols (which is not that novel – e.g., think MQV/HMQV). 

That’s the approach we’re following. Though we plan to submit only to other WGs, and not TLS – because, in our opinion, KEMTLS addresses the PQ needs quite fine, and ours would just duplicate that proposal. 

(For the specific case of ephemeral key exchange in TLS 1.3, it seems that the
"move" is just a software update, albeit one that needs heavy testing and in
your enviroment qualification.) 

Essentially, yes – except that “just” in reality (for us, at least) is a lot more involved than that.

v2.30.2 | Report a Bug | By Email | System Status