IETF Logo Mail Archive

[TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies

Kris Kwiatkowski <kris@amongbytes.com> Fri, 07 March 2025 10:43 UTC

Return-Path: <kris@amongbytes.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9E20B8C3CEE for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:43:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=amongbytes.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKpuHdLDBU9w for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:43:11 -0800 (PST)
Received: from 8.mo580.mail-out.ovh.net (8.mo580.mail-out.ovh.net [46.105.52.207]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A4A4C8C3CE7 for <tls@ietf.org>; Fri, 7 Mar 2025 02:43:11 -0800 (PST)
Received: from mxplan8.mail.ovh.net (unknown [10.109.176.40]) by mo580.mail-out.ovh.net (Postfix) with ESMTPS id 4Z8NDG1CD3z17Zw; Fri, 7 Mar 2025 10:43:10 +0000 (UTC)
Received: from amongbytes.com (37.59.142.101) by mxplan8.mail.ovh.net (172.16.2.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.44; Fri, 7 Mar 2025 11:43:09 +0100
Authentication-Results: garm.ovh; auth=pass (GARM-101G00482ae12e1-0ce1-4c60-b572-801d3d493f42, 685CF3531FD2174D5C0FA6439DDC8F4106C68226) smtp.auth=kris@amongbytes.com
X-OVh-ClientIp: 88.97.253.244
Content-Type: multipart/alternative; boundary="------------wQ0ZgUMyrPLbaRI0diJi0oBo"
Message-ID: <db2b732a-cbe9-4385-87bc-259facd69ead@amongbytes.com>
Date: Fri, 07 Mar 2025 10:43:09 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Tim Hudson <tjh@openssl.org>
References: <ecbe460a-578e-4c2b-a58b-adecbe63abdf@cryptonext-security.com> <Z8mdhmuunvsHEhkZ@chardros.imrryr.org> <AS5PR07MB96758D66E90B56568326199089CA2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAMjbhoVhWt6bS0GeMqJDu6goQ=zNXQ_yHLXYukN6Q4O6ij7AtQ@mail.gmail.com> <Z8pv88GK2t_95t2a@chardros.imrryr.org> <3e3c6310-984d-4288-9bca-afdaf187b892@amongbytes.com> <CANKrMkhzfjuLqYEMu122bRM609TFmCdDrJmV_ZkgnUuurCz3GQ@mail.gmail.com>
Content-Language: en-GB
From: Kris Kwiatkowski <kris@amongbytes.com>
In-Reply-To: <CANKrMkhzfjuLqYEMu122bRM609TFmCdDrJmV_ZkgnUuurCz3GQ@mail.gmail.com>
X-Ovh-Tracer-GUID: c9e12c8b-ac98-4285-a4e0-f9d97fd7b48d
X-Ovh-Tracer-Id: 14825287026753060762
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdduuddtgeehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpegtkfffgggfuffvvehfhfgjsegrtderredtvdejnecuhfhrohhmpefmrhhishcumfifihgrthhkohifshhkihcuoehkrhhishesrghmohhnghgshihtvghsrdgtohhmqeenucggtffrrghtthgvrhhnpeduteejfeduudehuedvkeehhfehvdettddtheehueejtdeufeevgffgueeukeetudenucffohhmrghinhepohgrshhishdqohhpvghnrdhorhhgnecukfhppeduvdejrddtrddtrddupdekkedrleejrddvheefrddvgeegpdefjedrheelrddugedvrddutddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehkrhhishesrghmohhnghgshihtvghsrdgtohhmpdhnsggprhgtphhtthhopedvpdhrtghpthhtohepthhjhhesohhpvghnshhslhdrohhrghdprhgtphhtthhopehtlhhssehivghtfhdrohhrghdpoffvtefjohhsthepmhhoheektdgmpdhmohguvgepshhmthhpohhuth
DKIM-Signature: a=rsa-sha256; bh=/yKnn7f02MB4ANr+SfjRronHVeLYTr3o06ccmv45Ddc=; c=relaxed/relaxed; d=amongbytes.com; h=From; s=ovhmo2671616-selector1; t=1741344190; v=1; b=JT2BJ4kEn56NTcvNz08RKUptMFZ3MoRxW6VkVZr1ojRLZA8hoecIZdLCy9XPDmAr1hmLDLuO T9EB18HqAmLFI7bRVX/8OCGip4B4Xa2QcX+8JFCF2fQWFamfSD6fy+W3Ay6A8VJu17qr5HgZwhP JjefffQgCCy00FS2OybsP9u06P3Dk8rkU4pq16smop8v/9KO1PtmqATPXp4xvVjbcFcR9QjnNV9 QvYDXNLGxDGLQZaFlc4a/gbQNAXIcx9s3NHI68EWaZPzQEEcK9CCAY4zHW+VLJwdCR2S3LBM8TM OCus9G19N+5HhW9DbU7huLSlyuPlyJ1sU/rfnElvxGWpQ==
Message-ID-Hash: SFKQTREEJDRH7TIEVZMPNFB4MYLZSX64
X-Message-ID-Hash: SFKQTREEJDRH7TIEVZMPNFB4MYLZSX64
X-MailFrom: kris@amongbytes.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1wMfc0co5TftAQNhiH2IOujz3dY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks.
Sounds real good.

On 07/03/2025 10:22, Tim Hudson wrote:
> On Fri, Mar 7, 2025 at 7:01 PM Kris Kwiatkowski <kris@amongbytes.com> wrote:
>
>     May I know if you have a plan for FIPS certificaton for PQC after release?
>
>
> Absolutely - OpenSSL-3.5 will be heading into a fresh FIPS140-3 validation 
> in April once the release is final - and that will include the PQC 
> algorithms that have been added.
> Our testing for ML-KEM, ML-DSA and SLH-DSA uses ACVP published test data as 
> the basis along with some interesting scripts to get the test data into a 
> format our test suites support.
>
> There is also a multi-vendor KMIP PQC interop running this week that has 
> vendors using OpenSSL-3.5 and Bouncy Castle Java 1.81 (beta) and that is 
> exercising the same ACVP tests via KMIP between KMIP clients and KMIP 
> servers - but that is in the context of the day job rather than OpenSSL - 
> see 
> https://groups.oasis-open.org/discussion/kmip-tc-interop-process-2025-for-pqcpdf-uploaded 
> as a starting point for information on that activity. That testing also 
> covers X25519MLKEM768 for those vendors which have that capability enabled. 
> ML-DSA certificates are not within the scope of that test activity.
>
> There is also on-going discussion between vendors about a PKCS#11 v3.2 PQC 
> focused interop but timing and participants for that haven't yet been 
> figured out.
>
> Tim
>

v2.30.2 | Report a Bug | By Email | System Status