[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

[Sean Turner <sean@sn3rd.com>]

> On Apr 18, 2025, at 12:47 PM, D. J. Bernstein <djb@cr.yp.to> wrote:
> 
> Sean Turner writes:
>> Joe and I, as WG chairs and with Deirdre recusing as she is an author,
>> declared consensus to adopt draft-connolly-tls-mlkem-key-agreement. We
>> did this because there is clearly sufficient interest to work on this
>> draft.
> 
> Thanks for your message.
> 
> "Sufficient interest to work on this draft" is ambiguous (sufficient for
> what?), and in any case clearly not the correct criterion for declaring
> consensus to adopt a draft.
> 
> As an extreme example, this criterion would allow a draft to be adopted
> over amply justified objections of almost all WG participants, simply
> because the chairs and a few participants say they have enough interest
> in working on the draft! That's more extreme than what happened here,
> but it shows that the criterion stated above is procedurally improper.
> 
> So I'm guessing that you had some further points in mind in deciding
> that there was consensus to adopt this draft. For transparency, can you
> please, without omissions, say why you declared consensus to adopt? Or,
> if the above really is the complete explanation, can you please say so
> explicitly, to enable an appeal saying that this was improper? Either
> way, can you please clarify what "sufficient" is referring to? Thanks
> in advance.
> 
>> Different working groups have different styles with respect to
>> how much work is done by the individual author, versus how much work
>> is done by the WG after adopting the work.
> 
> This generic background information about WG work allocation seems off
> topic (the topic being the disagreement regarding consensus). Certainly
> this background information doesn't say anything about the draft at
> hand. If I'm missing some connection, please elaborate.
> 
>> Now that the draft is a WG draft, we will follow WG process by
>> discussing concerns, already raised and new ones, under IETF change
>> control and progressing after there is consensus.
> 
> This also isn't addressing the consensus question, plus it seems to be
> denying the existence of the active RFC 2026 Section 6.5.1 procedure
> challenging the chairs' decision to adopt in the first place.
> 
> ---D. J. Bernstein

Daniel,

"Sufficient" to Joe and I means that there were enough people willing to review the draft. WGs groups have adopted drafts with much less support than this one received.

Now that the document is adopted by the WG, consensus, as judged by the WG chairs (minus Deirdre because she is an author), is needed to progress the draft.

Joe and I have reviewed the WG adoption call messages for ML-KEM Post-Quantum Key Agreement for TLS 1.3 [0] and stand by our consensus call. You can appeal this with the AD: Paul Wouters, but also consider his reply here [1].

spt

[0] https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/
[1] https://mailarchive.ietf.org/arch/msg/tls/nqouPVfPtU7hm-RF0lSDHCfze54/