[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 02 July 2026 07:00 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E82F110C4BF2B for <tls@mail2.ietf.org>; Thu, 2 Jul 2026 00:00:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782975643; bh=KYZsGzWtupjVw0LQoD/9KeKm7r4SYTJKcl1V/i4aAT4=; h=Date:From:To:Subject:Reply-To:References:In-Reply-To; b=v1Jorlb/8SmUhtwQmcMKreo8EXodf+sfYmsJK57Q72FIUmR8Z+Zu3qHSGHHUQTiYX 8bd0ToWTbKhFVqcQ6+gDTnTuCAnPvc2S32Fk/92esO+J69vPelldVt09+qpm5TbXw3 3JFutcxcdYZcuVckLg0OOh/NgLlMYriRenRPgYDE=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juHpFScXyiKR for <tls@mail2.ietf.org>; Thu, 2 Jul 2026 00:00:41 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0CF2C10C4BCD2 for <tls@ietf.org>; Wed, 1 Jul 2026 23:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1782975532; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : content-transfer-encoding : from; bh=KYZsGzWtupjVw0LQoD/9KeKm7r4SYTJKcl1V/i4aAT4=; b=ni70GE43/Ufo7yS88vcEyg4g4Fjj++OkFC0vCnbplDQpaRu9cV44OwrXWDwFvhJWzI362 3sF7+90AugIfG3e9YdfVbV208TKEzMP9UbjnrVM9gl2SIo2mO3uyxsAwFeWeSjA0sJwci1j k887sbUBz//WZhLi7Z1758aAYUH52U4=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id 46E9293559D; Thu, 02 Jul 2026 16:58:52 +1000 (AEST)
Date: Thu, 02 Jul 2026 16:58:52 +1000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <akYMLLfqPU9LqUyw@chardros.imrryr.org>
References: <178231320760.1520243.5914961961176039994@dt-datatracker-f9b87776f-8pmmg> <LO0P123MB399432655F4343DDCF3991748FF62@LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM> <359785FB-9811-415C-8C62-BD1DF25B85DE@symbolic.software> <FAD9FCF2-217F-4AD2-A065-B633F2F26780@kamilner.ca> <2EA38F5C-9516-465F-9AA5-4413C229673A@joseon.com> <CAMtubr33cd_fw23OnkGTXDTKaSnU6KxDNbOMwC-WXi9Hpu6XqA@mail.gmail.com> <A56DBAD2-C386-4235-A798-6FC1CEB126D5@joseon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <A56DBAD2-C386-4235-A798-6FC1CEB126D5@joseon.com>
Mail-Followup-To: <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KTSXZKFAZ2MVACVPUAUQUKMWP634PSCK
X-Message-ID-Hash: KTSXZKFAZ2MVACVPUAUQUKMWP634PSCK
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3kinZuVbix6CvafPH5E5r5qzFxM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Wed, Jul 01, 2026 at 08:03:29PM -0700, Andrew Lee wrote:

> To be clear, every single one of those implementations, as you said,
> does not enable solo ML-KEM by default. Publishing this RFC will
> change that.

I don't expect publication of the RFC to have much bearing on the
default key exchange group list in OpenSSL.  Even if pure ML-KEM were
added to the list, so long as CrQCs capable of routinely breaking ECDHE
are still in the indefinite future, are unknown to exist, or are very
scarce, the hybrid groups will be listed first and will be negotiated
when mutually supported.  In closed ecosystems, Users who control both
ends of a TLS connection can opt into pure ML-KEM if that's what they
prefer.

A couple of SMTP servers I manage accept pure ML-KEM as a fallback
from the default hybrid options:

    $ tlsGroups() {
        printf "$1=c\n[c]\n"
        printf "ssl_conf=s\n[s]\n"
        printf "system_default=d\n[d]\n"
        printf "Groups=$2\n"
    }
    $ /opt/postfix/sbin/posttls-finger -o tls_config_name=conf \
        -o tls_config_file=<(tlsGroups conf mlkem768) \
        -c -Lsummary $(uname -n)
    posttls-finger: Verified TLS connection established
        to dnssec-stats.ant.isi.edu[2001:1878:401::8009:1dfe]:25:
        TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
        key-exchange MLKEM768 server-signature ML-DSA-44 (raw public key)

The only connections of this sort I've observed are my own tests.

-- 
    Viktor.  🇺🇦 Слава Україні!