IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 15 April 2025 23:30 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4DFA41CA0204 for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 16:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6O8kvZQNJ9B for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 16:30:54 -0700 (PDT)
Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazon11023126.outbound.protection.outlook.com [40.107.159.126]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C01B01CA01F8 for <tls@ietf.org>; Tue, 15 Apr 2025 16:30:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ppv7UqzqdWh8GqEr09EHkhaa+NdMG5OztHUQKzsGXi1F3xS6F+UeWY0NrjLKbPJIVFs8imzdJ1MmX3N9zgzUGnAcldqOPjv05JQgoBVqkECd2sTVYnAIC6Gf/K3vmxGYKsa6etKMBGQ5I6IiLQFZtfwglr8xs/lA/BA2eziI1/m2EF2+O8CaW84hFJD/OA1FN/uStLaTeKZY/732yfH7JwccoWRyK9gA/DIgUT/9UoskpOIpwIt1uoN7fakHti7in5DmdOZNoDZPcAhzDouUr3kwhTQn41Ogwo5pGbxIh8erYCGGx8fpulXzjAFC7GVjMAnxWziVUqTo8ZawQ6sibw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n9RY1ol98IZOwwmcdRSKU3I4WZoZelg3hPrQWGkyRiI=; b=uap7IBcCBJs/hNPNxUzyWd2AVkfq2vAq3M5TpxWDb6mIl55fHf4vskaIJaWkSHAmTO6Hj03CjHD5I8ytU1lQaZNgXgMt9w94B5HRPtSoBIe1pTJ89V7T4KtCPcJXRK6uEgbr6CS+ZlInMB/KVyN/CDV+e/wLbF672NUUlpm524aUF2nSIJN0kIt6WYdiGpmAWyCbp8s4gAlxA0/EqIR0//6Y6nTSri+CQ+qQC1sEGTent4+WY30jpJ3tdb14taPQlW2fIqAq2k5TLUzeadQyq1WgpU8SkBDaCNxFXRlhwdI/hDvBvfa642Ead67OnQLgfoqI1DrCxMLlqYJY38pXXw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n9RY1ol98IZOwwmcdRSKU3I4WZoZelg3hPrQWGkyRiI=; b=aTZILv6peOUK1syT9NUj3Fk2WVxHptKjNGyKRtxogIhfnhsGCsnXEXsB5kzra1Lz/29NHQkGdp1RXQftZPLanZ2C/z92uIbz3wajkujQ5ib7QjzDFWLQhrISiZiqehEtt7AP7W3uJ+hfbW3gKaRZv+ajDEbeZlm2qAQpYI/0gLwEmCJL6t07kseQowipomubpQqgZZtM+pmsRe8lHt+WnUcfbR5OKkOiQyqIoHoCHlXoM56qUZYPMusdwyYAUTARS0QF4vwvXc1K9T9rLP/eg35cjVnAPyhROCWrV+SY3af+RhiMWY3KVUHZbtd6sykVVjIGkh/UUbYvrXgD6LsZjg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16) by PA1PR02MB11125.eurprd02.prod.outlook.com (2603:10a6:102:491::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.32; Tue, 15 Apr 2025 23:30:52 +0000
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a]) by DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a%6]) with mapi id 15.20.8655.022; Tue, 15 Apr 2025 23:30:52 +0000
Message-ID: <05bd6aa6-4b41-4bdc-8875-d380924031cf@cs.tcd.ie>
Date: Wed, 16 Apr 2025 00:30:49 +0100
User-Agent: Mozilla Thunderbird
To: Benjamin Kaduk <bkaduk=40akamai.com@dmarc.ietf.org>, Sean Turner <sean@sn3rd.com>
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com> <F347DA21-EB06-4FBF-B357-871A0FFA8DB1@sn3rd.com> <Z/7lbXqb8QHruMS2@akamai.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <Z/7lbXqb8QHruMS2@akamai.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------9g1rsag9EER0CKERXhvC6cLT"
X-ClientProxiedBy: DUZPR01CA0314.eurprd01.prod.exchangelabs.com (2603:10a6:10:4ba::21) To DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB8PR02MB5946:EE_|PA1PR02MB11125:EE_
X-MS-Office365-Filtering-Correlation-Id: d0526701-f711-4563-68d7-08dd7c758f9d
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|10070799003|376014|1800799024|366016;
X-Microsoft-Antispam-Message-Info: 0l5ilTQDrDKhnzb8OnJED1FKPTqrQBe6q7TKOcdaBJtazVBjuByj39JRicOr8nhccgdKmfigaz+XYpU8tF7Msw5yhgqKCDTLdX0Z+3cucCK1vOozGxIw4VIATTjnl1P+PTnIDzf0TswDx5nmqcjCtRF1U2Cmbyl9tJoHUw7pNH3bQk9fW1h7vL3LxJCeEbSMaMahhjkbsIPdDqUR5j+x4CPYD/rzsR9nYHRgSj44xI9vHRRPRLZ+O2fEgE3o7TpjRIOwVDU4W338mUwFJ3BAI7U365ARMbkCeYPLuXfWBQwbUkBb8OjgMG/+U8bU0VaDQZtWLO+hc6pzaVOa8HjFJUhZI8cJFq7h088Tf0TSUfn+sQyuD/ZPRc1WB51vbhc4iunGDlzthAdXGQZL+fkoDp6rFgKShZB21asWSny9QbjzzIGz38CElUwb1upvVVrLXYClbe00x2QUwor3hZGcMrmU6fzCC5q9FECuLDCG7gQ991B2RcCywGNPzWNsvZ3didSLgPqlJMwdup3RjBIfLmGyZTekFDD5HlfFxsB6+grlqKFOA0paatexOwTe6hhZ1V6REuHbQF3165eIeYQQnsHmiKiehCrvfLkgZXX5sfBBqOJH3jA88L+jWiChPdKQ8oQUtklG11UWHw6951siTHKk35gt6mtPyLLI483V+JPc4rURc0hbAlYgMRNO5hZS3MuqavwBEXV5pkeI1KHi7iCJQBX0Q/j4f0msaP2TfIHTxTKI1ujtD9PBMQwPpUFKgSgfJgy0iBAQKy7f6bELo6OoruVX6JW37ODg9ssBNVOWaUudkUFsWnB/JtQy5wGmJ7cJxoMtr70uTy30cq7vP2tX/LbuEkBy3QSxd1xz6nJSsZWtjdoLVzPd9cIYEw/BAhYH9pN1kDglGFs1kPl66Zhccgi/bejVfpIb7y1DkZgyQvTY4AXV5FTE5zQG/ChU0e2jgKlIcWqQ5dn2KAtM50ZdkUE5ebk6PLRL5QNrcFTnsYQSdAx8wKDHIWGjr6FIwnZQ245mFrWyBR1lXlAuP5mUvohpLIteaVE/gKttKufkE3Ms8u7BVOlVerIP6qDvzIvkX22JAUsfoGsc2Vy4Xp48IhTmQTm18L0xYHYq/cEVg8i2vxoFLh8mdrNrKgPsMN7fbSw7qn5rqvesEWVG1azRdYU5Yt/cJL+RmG7IuxJyVNKO39TKfSxQ5OnMxkJUEssSzUBEWCOBVuZotH33gKp0Yau0K345ZtuTTfVghOkLwIXbN+0J+oZanujJJz209gVS3+MZnhubTzqp10nMoULjZIGy5PPAzmOycZtIJ3p0Gw4zXC4a0ZZpm9uvVhqvDgJWsa8qO6ycB0iez6SikTEueXR2pbmWengyS68YTUky8oZlQcRQN601aLMzzPlDsNAB5RgXUoU36xx/TfPgQ2lWAA2aMYizypw4zfjhJp4=
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR02MB5946.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(376014)(1800799024)(366016);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 89LI/+xsW5gkdOSxxvSNuo/Iy/giR2wzzc/z/EonGHyhgl3n/AlZIxx5KxTUrOPbC071o3ObT/LRZArXJ4iqZgrIh4J7lVBi2t7RQzipqqWftuqsMUnviws5iw9fQpD7iukbB7iqTcxP25quEoESSJfnr143O9q4CIOWXJkA0ENVlOyx8L9UQs8xEQs9aX3No3sv/1QXF65xLsJjsLxlgS2VwuUz2TWsvbUqiRt0sArMpXOH1DP3FqKtXA8+OgREiXRTd021xC7W3bLFqU8cKw+x80GrKi3g9TKYFv33z87H83zBvGitLuQlMrG2m3m5ks5Uil//+nUraD/fBb27r+L1cXZ4Nem1FifXjw9N4UAss6Jx6k/PjqDMzxEMo/g+bob2zJjIcRKIz+opUN4pWxJuCufZKfo/JWh7veq9hCxb3RSaHYWFblEqsXLZClkiWKtdjnug7U0yOP9+x3zeHQbrnKOPJGxb6USMjYkeWB15fxX7LC0vmTEUMXyMy0M3L1s3uV5Sxom0n/OHZad3NZnexLL0Cfn3QSLKiWhPy49p2TZ4cWhjLmJCvVH4OJJudrhjBH/gEB4JAzHxHr4zM9khEFmKYCYZZMLbPPxVmhuQtrlwrLNBPRKyXBNVKH8s2FCER8cH6jdw/7mxtWj9U1MAafFl7f5glYWoL3a40uurumIhfs+k3iVZWBB9k/GPrat985NsG+IgsoGVzo76IGLwwvupCFiS9qbIPR67wlXu3VjMhd2xm/fnkFRCmemuLSOzim1/TQzXzoFwRzdgPE8z/onAgSg2TvJnR1G8QUXTrcpyURPwaoFDqMinvmdxu6xdTFf9fbhpxFg717r7pVvbUMvUL3QEDtWWag/nSn/kPQZxZZFfIq+f93BUT5TTVy8P8hkfqvmiEIdKY0eCmxQPRO5ZnIY+eVeOT5TrHrjOR/LnZZZhXmYKx/VJxlPAxvSmi/hWf2VGHwKDikCGOVPn8Y2XO8m8/vFU9QCMJQgznzv+CKi1cTqIWszvTusdRn9gSYf9rTC3aSGQFd0bjvUT94r+D9ZFbbMQSkRekOZWhfy9dkqr+Ud1vLX5YcmSGnOm3ySAFBTl/p95vqZoBANU4zGwtH5PI+9JtVLqxFmSCwqzT4Jkf1ES4sulHq3yHZOJW5qpbJd//dFmrYnU9p07Z4w6MIMoXqOEjT5djoIjx+S6Gw0je3d9a5W81fLZAzyb1+DpIJ/6Z77I5Vu/VdASEZSGXltaltDwQMaaxIcbi7MwTYzhyLm0jEriMxjTLUWr+JHgxLChOjRj/e2PTJMkF7dHYMEqNyma3kuJE3O0+XWCLUlWRlxc7B7WFu7Yj/vpI4UneTp+BI4vY5avs/R3b9q8JwfsS/T9Y8fFZrpgalAVarpOVHRTnpk2VMcmq7jPfJ5rCblb3qj7m6j91dEfsxibf7ybBN1LrKKDjlWaiezxkAO/m7COjFG5ClFTguFyhW0VAgj5PevtPfEqAfUSAeg9xWi1YArCYzB3nFRm8X8/CsQKGfsIYx7F8eILFdA6Zp88p9u5qlP8cG3iixrsVUMtMXdhE8C0W4KuQDugXG/2lva4cq0tdB8UsF0KZ5rwQaLgJFzmtnCAv2PGBa/iWut7UiOkYn78dhr/QqtrAZPScug9fj+oc036KRb6
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: d0526701-f711-4563-68d7-08dd7c758f9d
X-MS-Exchange-CrossTenant-AuthSource: DB8PR02MB5946.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Apr 2025 23:30:51.9962 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: jqbDeSpTwrQAoi0vo1CNympYQg2c8xBjgKBY3IXW5ocu5U1vRpgqnIf9CHBWZwjv
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR02MB11125
Message-ID-Hash: DCJ2FH2JV2JU5JYWIPBPRWGIHYCZW5VI
X-Message-ID-Hash: DCJ2FH2JV2JU5JYWIPBPRWGIHYCZW5VI
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5KKm5GArczidO5bzorjjiFHhgQM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hiya,

On 16/04/2025 00:02, Benjamin Kaduk wrote:
> 
> I can see a case being made that this draft does improve the deployability of
> TLS if we start with a baseline of draft-ietf-tls-ecdhe-mlkem and note that
> that mechanism is not deployable in some environments (I guess, ones with some
> kind of strict FIPS-only requirement, though I'm not conversant in the details
> of such an environment).

A question (not necessarily for Ben): Are there any concrete/specific
environments that we know about that will need non-hybrid PQ KEMs for
reasons other than national regulatory reasons?

If so, I'd like to understand more about why and don't (or have
forgotten:-).

If not, then a) adoption of this draft really does require us to
figure out what we'll do when the next country's choices are
proposed, (which we've not) and b) I think does argue for pushing
this to the ISE rather than adopting.

Cheers,
S.

v2.29.0 | Report a Bug | By Email | System Status