IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 26 February 2025 19:09 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1EB0E220161 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 11:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.538
X-Spam-Level:
X-Spam-Status: No, score=-2.538 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4OwCJo2IjXW4 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 11:09:26 -0800 (PST)
Received: from CH5PR02CU005.outbound.protection.outlook.com (mail-northcentralusazon11022097.outbound.protection.outlook.com [40.107.200.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5DE7F21E614 for <tls@ietf.org>; Wed, 26 Feb 2025 11:03:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B33Bv+qeIxASihu8cNwFfRtbkyiNfZ/5CVoeUPHIw5P+EhAaQhqNmuX6eZyf7hGmaa0jHsDiJz7tRlPK3e/KBGHiU/JLBQCfrZ0jPH9kL3iIIY1iS4KxNSwFr0Jl3yl/Js4jMFvUfsUOW1Kj0BLR2pDc6nd+Vbk1sTDHb90aOwmAvYNOqwPM1B6tVZSCClUC30HKV1GJujeP9vUQ3mZ9IbH+M+unMIMTt9BSAtPtUekXEi+8gaefEHfFPuEShx/x+gal7nA/2vv6pljJNo53un+A6VCrLh5viWhHCL7pjMRDVCimBK6tqm1dFxKeL3q/yQK95fxjeh0pvumxXiFWcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fNhO+fIDhgcOnli+XnDogYi2kkLMRGTggKWD92qdckg=; b=r+c54aUOlb9KFSZalbtoL7rqLHab/2w85ZwGuDMN3LQ893wSIaruki+F80hVhAKQnIO9Aonq4LKtzjH8Re5oO62e+tKpauYzxsTyxuON3yc9SWsM3xD2XMAoD7z9EWzyyjXne7EaXBJ9kQiYHOabNMjb3rBwGvrTqyK7/JVTfKyVyJJGPd5gKr/c14L0LYDQVog0eWAS0zwnO1F7BP61pSo69NaJ7jqXxbcFEGlb+8LFRHmZzFr0qnSAVRRtrWUBYUCtX7FYJWG4hBbkIPQK8N4GAC9Xt2zYCAYUn3mDt05eXi727bJ/NCy7Ni3lJ2J6H7UMSWbQPRjRZ055Or3s8A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fNhO+fIDhgcOnli+XnDogYi2kkLMRGTggKWD92qdckg=; b=GstaOEpIPmRR9Vw+q0sl06zFhzoV+QgT5RGoNxALiny+IhVgohIxN8/jEE5TjZ1T1tU/+Bk8XH8ZniwlcW5muZiEUfDx2Yro3z8G9LPpQp+B/SbVgXiYwgTPrXUyG/MlyitqdWdbOHgJ4zVqoB3TtoE3lIyGNm0yQ3xMQDGKCww=
Received: from CH3PR21MB4645.namprd21.prod.outlook.com (2603:10b6:610:26a::15) by CH3PR21MB4447.namprd21.prod.outlook.com (2603:10b6:610:218::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.4; Wed, 26 Feb 2025 19:03:30 +0000
Received: from CH3PR21MB4645.namprd21.prod.outlook.com ([fe80::1500:f463:653c:c1c6]) by CH3PR21MB4645.namprd21.prod.outlook.com ([fe80::1500:f463:653c:c1c6%7]) with mapi id 15.20.8377.004; Wed, 26 Feb 2025 19:03:30 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Thread-Topic: [EXTERNAL] [TLS] WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHbiHz4xjCF2Em+CEe2dYvFSZQ1ILNZ8Pwg
Date: Wed, 26 Feb 2025 19:03:30 +0000
Message-ID: <CH3PR21MB46452030B67D920ADB12FDB38CC22@CH3PR21MB4645.namprd21.prod.outlook.com>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com>
In-Reply-To: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=cfb64d99-3787-4a1b-958f-84a7b0c0b000;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2025-02-26T19:02:28Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Tag=10, 3, 0, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR21MB4645:EE_|CH3PR21MB4447:EE_
x-ms-office365-filtering-correlation-id: 41ab41fd-2928-4aca-8d25-08dd5698424f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|376014|366016|38070700018;
x-microsoft-antispam-message-info: WgrVpFOJkRXDYEwSAWA55bcEv51QFh7p2cFUlZ+jDb3Vqq6HuigBkPOq3FKYFO+Pg4jW/HexBw/VvsEjOFjL0tttB7NYKZ0I/me7RLx/oSPMcAl+wo7r/z8vnDvhR9YpcuYbAwukYzdE5ITOzn4O+6kO7MKj/qOBXEh1mcDRPeAc+kDX+jrta9+qwRIIjVIVfQoVRCbIF0ZrKCh8PSyzlFQx7zXrQ65fsxsX/pN9XQgO12AeRB6r64FePVQGHAnB90nk6d7WKxeMgQGlyJUFV59K8A3809KhDatIGlJhJ3adAUdXA00LqsYJpqifD9lNntwEgxWfUfi/Tqaj9DhGZ5v4vqYgP2+Q0h5sXC15x8j7dPrMmgTjcvVRVERQsrei5KCh5gf1SOsnnGrImHN+XPEqF+uTJ6Dtq5H2aH/ikBMbmj6FQfmZC3lqDMATfXQadz1uM+xeOXCYt4AiXbNYJDjgGY0r7HVgsGHePc+cnOXNeiFgdBxCc1rtLe0NMBJ89ZZpo1LyH+a763IBje2yyP+jpWDetpBwqD/A3pEzE2oXZwFMuFQCtOriUIDjm91/ULDuF3nSwkCV5PICiJFB3g9wl41fgy2iewrkbW3oja2p9a85L1iaA5djeQ4iWF2oO3Qj7lfW6a7/CBbXyS4XLqT/wzJxzy/GD8Xx4TJaTTp3jP9vo0uo4fmWNtXNS81imw/LdxPAErdBs5Ft1X26xgNfJhdf5y0HQ2w5apTj//T7prIolVgVBlJZZT06ys9koXs9lRlRJLBokG/lNn6EPcg3yUJD4FchVWmaig2d3xgG4xPlNfFBd3tHN1E840V6UZsbtnGuZF32t9gz1ZtxIyU3UWNwxhAORMrMfp1Qhuz+XJ/FgtuBtgMKvA31G3pzy6ZoUggwIMjg/ZMk5ctigtNFsrJUFeSIFvKmCmXMvDZsESJiJU6sGR72PGcBdhlHUbZSMyJYUClplqDv//l5H3cGUBa0CNclXugGaFp5qmjsLF0ZouKe8O68nMVZsTPWm+cStrMSNPTmj4YJW+acEhpRV4D1fS2kZpm0BpzBoaNr1Qx6mjB32jzEVtKy3DiiWQz7hMNi+QOS+3tSCgWLLWsr72CbxMAGZMsx247LmW1GMR9iTWSCJtrNGW100h4AVopydFCSObwGN0oPztyMRKEWgzTF17TO31fa4ASuZ4wWRtGxY31ZNSVMLqiK7fO78uaPM75dXeWaUmn5bdDKri/ed0wvotAOB8sE3SIa/pI0A7x/BwVoA3MxVMNHIubTnxwvE2JtaHZdJfplufmNtaRSZ/0ivYCT4/vsO5jnoK1mdiSnozAZ9OSFmmQFyLWsg/K+SjwBDSFkUNcF3O5UpiPXZlM3Hqc/4tQ57tpyE23GyGxnybPZu1otnWQjeW163xrBRYPltTAhtdJTF/SH+Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR21MB4645.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(376014)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: e5EouXPDQd6Rbgt9UtQYJRXlvw3d/98RlPaDy4ho088iRzV/+xLgjZBAdgJRj8CP8RF6wUDRO8sZ+1B0sUcS2dLadWZ3n7Vot+NklTbc+VA9vahMxVMWii6oGyjZHJ9U7dz06/0e5MM8aE2gvzOvpRrcUdsl7tdBpW478NukmUM44wWhGyqd7anyJyp6vKFQfRwV5w9fRjlBlM4S2tW7dv+Hm7RdVihm8Qz1nbtJzOr6Sb/fvkvEEX36pb3hGGWpe29gIdPKnEy1XhY1KriNWwlzzoWU4MF1Bpt1p0iTyouhoRRVSGWwTQUCqbedRX9j+FduLCnGwEr8rBhed3F8wCxf8j+EWZ+E+FNfUCQINLZhoh5Qbzzb5evUsAJp1rgMUg/YkNvpkqXGCOzGYJJNwAuqCGswZ2VzcdZm7AMMsvy59b/awXH/mIEmwCA429XUsCIfG9FyaXm9Jn9R9tNPfAt9+DjHa3yLD7t5c73au0KoN/VCWlxWXAeMn7cTFPdl2bGy1FYDHoUmQi4DOm1JDI6I07tpFTHRm4z3ibNYIhcipglDp+EpRlmJnVQNqt2SI9Dw1cgyeeu0CcgsPqwsdBr1uGtc9iM0tg1bBdL9iX2B9y7Fxpr/kRBgrNiNByavZPSpzx0EYQnf+EeHZoDv8P17uNoaG5lFYzu3C2kunw7sAt42sv2OUspqlrBSSp/WQJF3X9DqNG5AfBu40hy5xZqMvEqe3vrk80wJ4cYATpPCxIVclQPcbI33kx6/qtdRvopvm/7nSlzIl3SrHRq0d76/7t0IaBh14cNHyEhHm6TtbY8eo7b16s/CakrQsHc050Z2pHLQlSJ+nVdQv1IMKjd/ywlvIU7qQoB57BiADjVy4NcRdfeoJr8myVEHglugu5iT732ayr7J8k1mPtsyPhNT+QSIhTF3LfU5i6SFYMdg3J9l4QUEphcnM2xvcjDqZ+PmA1yNyiUN88qBbab6o10Z8Um7QLNN+nYxPZY84GOopx3gCZALbo2yVFLA5C+uJPk/z6T3a5l0kFNycREJXl9wP3JIcfl7r0vR/a2HctBEhhd0gkHqXll6jn+W5Ax3sZg8knokBCRIsutsSQU0v6DirpaNmVGG/HG4jm2ZixxgrSG6LbKzndHw7OG8lQpt3KGoS64uQlalgCMo5ibey975oe6pLJqhVg3l2EJzl3h2tWNUpc8/BDNFznlyO+8ems2j3X5mGgbR1fNB+sgFCJsHANgVhqRFKRRTFU5RKUV+BUNc5D9s3grSURRxF8oJqZA1Vuxkjx69B5OTBOG1MXIxEvO8DF2zTmmqGdC8nnvGWychWaXGVn+h3yrraX2D5TyMxQDK3OWQjkSfkTKabrzDOzxfXbNLjOY3S4d13BI51nznJE+6mCz+f3mCrNs+l8wZohYE4l+oIJhxCPcvMjvFcfE2fhTVpZ6CQ02g2aj190P8+gNB5rZB6DyvtL2WaEQF8eWhYdE3iQaulpaPPu6mDJQwkrM8QU8caLYdmnnm4KlxWwWS+6FIq+f/AU3dDrrCksvh75gHTZIsJl3rRHteCbtCqo1iMg78QL3n39k4BQz7WtSSEAYc+UXOs6rB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR21MB4645.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 41ab41fd-2928-4aca-8d25-08dd5698424f
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2025 19:03:30.3560 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R2zeFn1FwfxeXfzW8aG5JbdaAOKGmNt7k+DNWIqdI4rslQr1gtrzLvFK234wg2GxLP3124x8dmXmXFfRaiW0EQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR21MB4447
Message-ID-Hash: UB6HGUSFDTZ3IHH3R5MD5N27CJFXMUYK
X-Message-ID-Hash: UB6HGUSFDTZ3IHH3R5MD5N27CJFXMUYK
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2WvZM4UURU-IYonAT_mNqAiseqU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I support adoption, am willing to review and contribute text, planning to implement.

Cheers,

Andrei

-----Original Message-----
From: Sean Turner <sean@sn3rd.com>
Sent: Wednesday, February 26, 2025 10:26 AM
To: TLS List <tls@ietf.org>
Subject: [EXTERNAL] [TLS] WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

At IETF 121, the WG discussed "Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3"; see [0] and [1]. We also had some discussion in an information gathering thread; see [2]. We would like to now determine whether there is support to adopt this I-D. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this I-D, please send a message to the list and indicate why. This WG adoption call will close at 2359 UTC on 12 March 2025.

One special note: this adoption call has nothing to do with picking the mandatory-to-implement cipher suites in TLS.

Thanks,
Sean & Joe

[0] Link to I-D: https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
[1] Link to slides: https://datatracker.ietf.org/meeting/121/materials/slides-121-tls-post-quantum-hybrid-ecdhe-mlkem-key-agreement-for-tlsv13-00
[2] Link to information gather thread: https://mailarchive.ietf.org/arch/msg/tls/yGZV5dBTcxHJhG-JtfaP6beTd68/
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status