IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

David Adrian <davadria@umich.edu> Tue, 01 April 2025 15:30 UTC

Return-Path: <davadria@umich.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B9B2F15DCB3E for <tls@mail2.ietf.org>; Tue, 1 Apr 2025 08:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCS-9_EKvf-I for <tls@mail2.ietf.org>; Tue, 1 Apr 2025 08:29:56 -0700 (PDT)
Received: from relaxed-dwyfan.relay-egress.a.mail.umich.edu (relay-egress-host.us-east-2.a.mail.umich.edu [18.219.209.13]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4807615DCB21 for <tls@ietf.org>; Tue, 1 Apr 2025 08:29:56 -0700 (PDT)
Received: from helpful-cyclops.authn-relay.a.mail.umich.edu (ip-10-0-74-213.us-east-2.compute.internal [10.0.74.213]) by relaxed-dwyfan.relay-egress.a.mail.umich.edu with ESMTPS id 67EC0673.2E045688.191BCDBB.304508; Tue, 01 Apr 2025 11:29:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=relay-0; t=1743521395; bh=F1X0UaKmFnus+VB+kYxLXJjXx/hdJnHrhyGUs4Ora3Y=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=soAtsG87Da1s0/+5GWG7ar006lHP3dmczPr+E0tt79IBTSVDNe77HXysmrL9z+kFF dRr+jkFspWvO1Ug6jGFGpSeHdaEfd8bxFbpue+DP9jz25sbmTM1rlNc4P1O2Bargqg WAizFshhcpwnse8tZeYRhkcEqXUvEms/yTBaznhCauoYAfUY/VnTpyrobX9v5zT1Tn CndxZk3m5zxffphyRMtp5GOaRU2+VFszdXC+cdltr5IxAChTb2jmQexL8o6CUEDQnG 0Z2ipoJ4QtaSL+XMtctuCnO15xA+DzZ1HYxSFdAR5nnD0O2nW+GzggQbwvw9Bcq41o demk1iivRBJOg==
Authentication-Results: helpful-cyclops.authn-relay.a.mail.umich.edu; iprev=pass policy.iprev=209.85.222.43 (mail-ua1-f43.google.com); auth=pass smtp.auth=davadria
Received: from mail-ua1-f43.google.com (mail-ua1-f43.google.com [209.85.222.43]) by helpful-cyclops.authn-relay.a.mail.umich.edu with ESMTPSA id 67EC0673.19CFFBFA.63A92C45.2329675; Tue, 01 Apr 2025 11:29:55 -0400
Received: by mail-ua1-f43.google.com with SMTP id a1e0cc1a2514c-86fbb48fc7fso2187155241.2 for <tls@ietf.org>; Tue, 01 Apr 2025 08:29:55 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCUPbrA/RLhdTcEHJizLbNfoQoZLVgGniJLTGjJWd2MO/K+6lRwF4Sr1jash14tcLRMEa2c=@ietf.org
X-Gm-Message-State: AOJu0YzbxAhJldctGIM85OpZB1WegyfuWLsjizSkEvaQpNQeN58sbmDe OIO6Y97eWurz4E6JeicePX6QoJuE7B5EEMbN0z6OTMY0R8pkPxx9V1pjJ3UyF1iv/hFjBPYYQXa PS6fniIa/9XltVULIkHWDw9etl5M=
X-Google-Smtp-Source: AGHT+IEGa9/C5nCcab5NPc6kZ+oWSWHbRKVgO28OdaApNPPwZH8MKOZeYiFqXkcfDeinHzH8ZigVxRKwJV2r6kHO87o=
X-Received: by 2002:a05:6102:3f14:b0:4c1:935a:2446 with SMTP id ada2fe7eead31-4c6d3960923mr9409565137.19.1743521394499; Tue, 01 Apr 2025 08:29:54 -0700 (PDT)
MIME-Version: 1.0
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com> <CABzBS7=W8QidMeEofda-C+chhEWekQTrJ57ELoy2Na3oaCP-gQ@mail.gmail.com>
In-Reply-To: <CABzBS7=W8QidMeEofda-C+chhEWekQTrJ57ELoy2Na3oaCP-gQ@mail.gmail.com>
From: David Adrian <davadria@umich.edu>
Date: Tue, 01 Apr 2025 11:29:43 -0400
X-Gmail-Original-Message-ID: <CACf5n7-7v3BgVYJ708uChktN4k-Se9d_v7daD0fQyQHobR=Jfw@mail.gmail.com>
X-Gm-Features: AQ5f1Jo893cxoZzFu5youPwUg1zcIRDr6onCqMgXuGPeO75sScOvZgcsE68E5Wo
Message-ID: <CACf5n7-7v3BgVYJ708uChktN4k-Se9d_v7daD0fQyQHobR=Jfw@mail.gmail.com>
To: Thom Wiggers <thom@thomwiggers.nl>
Content-Type: multipart/alternative; boundary="00000000000060b2380631b935ce"
Message-ID-Hash: E7LFP7SUPRFJXYNIEQJUGPT5J6GOK7SW
X-Message-ID-Hash: E7LFP7SUPRFJXYNIEQJUGPT5J6GOK7SW
X-MailFrom: davadria@umich.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4KsD5rbv0xYhcin78CgtWuzdYLA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I support adoption of this document.

- I suspect we will eventually need pure ML-KEM-1024 in browsers.
- I find the argument that we must use hybrids extremely non-compelling.
Lattice cryptography is "boring" crypto at this point, and I find it to be
cognitive dissonance to simultaneously argue that the quantum threat
requires immediate work, and yet we are also somehow uncertain of if the
algorithms are totally broken. Both cannot be true at the same time.
- The NIST competition was international, and Kyber was developed by an
international team. I struggle to understand how adopting this document
would somehow be "favoritism".

-dadrian



On Tue, Apr 1, 2025 at 11:11 AM Thom Wiggers <thom@thomwiggers.nl> wrote:

> I support adoption of this document.
>
> Cheers,
>
> Thom
> PQ-enthousiast
>
> Op di 1 apr 2025 om 14:59 schreef Sean Turner <sean@sn3rd.com>:
>
>> We are continuing with our pre-announced tranche of WG adoption calls;
>> see [0] for more information. This time we are issuing a WG adoption call
>> for the ML-KEM Post-Quantum Key Agreement for TLS 1.3 I-D [1]. If you
>> support adoption and are willing to review and contribute text, please send
>> a message to the list. If you do not support adoption of this draft, please
>> send a message to the list and indicate why. This call will close at 2359
>> UTC on 15 April 2025.
>>
>> In response to other WG adoption calls, Dan Bernstein pointed out some
>> potential IPR (see [2]), but no IPR disclosure has been made in accordance
>> with BCP 79.  Additional information is provided here; see [3].
>>
>> BCP 79 makes this important point:
>>
>>   (b) The IETF, following normal processes, can decide to use
>>     technology for which IPR disclosures have been made if it decides
>>     that such a use is warranted.
>>
>> WG members can take this information into account during this adoption
>> call to determine if we should adopt these drafts.
>>
>> Reminder:  This call for adoption has nothing to do with picking the
>> mandatory-to-implement cipher suites in TLS.
>>
>> Cheers,
>> Joe and Sean
>>
>> [0]
>> https://mailarchive.ietf.org/arch/msg/tls/KMOTm_lE5OIAKG8_chDlRKuav7c/
>> [1]
>> https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/
>> [2]
>> https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/
>> [3]
>> https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/
>>
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.30.2 | Report a Bug | By Email | System Status