IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Thu, 06 November 2025 12:57 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D662A844A09F; Thu, 6 Nov 2025 04:57:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="TFtDl07Q"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="Y43uDKlz"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fwr6zhK-jUN; Thu, 6 Nov 2025 04:57:05 -0800 (PST)
Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A317F844A08A; Thu, 6 Nov 2025 04:57:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1762433824; x=1793969824; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Wrj8EKQvZw/s7NaPeRoVYg0nArhkxATVzY4UFfH5UN0=; b=TFtDl07QgaOslOv6S+ZH3e3u33818ULXQW/vkJ15/GIETmg0AwJa1j9R Q1mt8YgQ+pJz3FcdM2fJYMfDYeADmCbnzv6fz8/CvFLmmy1qBSTVj4BlG u6SwMiVmJCHiIqtniEm4CwzjYV1pIAPbsJWrynRlwWchW2yH7K1myCWFd ics0NxwmHiO2P0uvw21zucStlH0cFvR67SB7Z+CsB3Vch+oIweu6LDHH8 gVdDeXGbme3Li2DaAdInqME0xffWWGGzqE1ZwwPHqNKq+0f1K3F/Nqh/j Qcrhm/H4RwoSS0AonKpytaJntn9mqnq9+UenYtHBg90fnHOLC1yN+Dke+ A==;
X-CSE-ConnectionGUID: OXHPpAkPSb65alr8SXbjEA==
X-CSE-MsgGUID: hRYv8pnDRrWzja/ABW7V6w==
Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-ThreatScanner-Verdict: Negative
X-IPAS-Result: A2EFAABmmgxp/3KjZsBaGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBgXwFAQEBAQsBgj9AAUEvgTqEVYgciVgDgj0BmjGBK4ElAy4pCAcBAQEBAQEBAQEEAwEBNB0EAQEDAQNDhD0CjFknNAkOAQEBAQMBAQEBAQIFAQEBAQEBAQEBAQELAQEGAQIBAQEECAECgR2GCUYNgluBJwV0MAIBAQEBAQEBAQEBAQEBAQEBAQEXAg0CJgwqAQEeAQQBIx0BASwMBAsCAQhCAgICLyUCBAEgBoJvgiQEEgMPExQUBrFzgTKBAYIMAQEGgVgBPwHZERiCQAcJCQGBQAGBV4E4bIRXAYFcEnKCGnSDfXuCDEOBFTWCIlM+gQWBXAIDgTRAg0SCaYIRFXoUhieTE1KBFANZLAFVExcLBwUlexAzAyAKNC0CFA0QEg8EFgUtHXAMKBIQHxgRYD0XQINJHAZoDwaBEhlJAgICBQIrFTqBaAUdBh8SAgMBAgI6Vw2BdwICBIIZfoFyGw+KLAMLbT03Bg4bklcQIQ2CCRmCG2APLyYEKCsgAg0gAXUZDTwFk3CTOZ9ZAwQDgjWBZ4ZdgzOCDpVTM4VbkgWSJGeZBiKNZpYAGYR1AgQCBAUCEAiBaIFlGw8HcU+CMwEBMglJGQ+OIQwLC4NeM4Rgtxh4AjoCBwsBAQMJkWo0gUsBAQ
IronPort-PHdr: A9a23:FgOLzhBSj8R8O//aPy8xUyQUTEgY04WdBeb1wqQuh78GSKm/5ZOqZ BWZua42ygeVFtyLtaIdw6qO6ua8AjdGuc3A+Fk5M7VyFDY9wf0MmAIhBMPXQWbaF9XNKwEcI oFpeWQhwUuGN1NIEt31fVzYry76xzcTHhLiKVg9fbytScbdgMutyu+95YDYbRlWizqhe7NyK wi9oRnMusUMjoZvJKg8xgHVrnZHdOha2GBlKFOQkhrh+8y8+IJv/zlKt/8u+cNNX7/2c7g2Q LBdET8rL3076Mr3uBbMSgeC+mESWXgMnBpSBAjF4hD6XpPvvSb/q+FwxiqUM9DoQL4tQTis4 L9lRxDxhCoZODA37XnbhcNsgq1VphKhvAF/zJXPYI6JLvp+f7jScs0cSGFcQ8teTS1BAoe7b 4sSE+oMOPtToofhq1cSqxa1GA+hD/7txDBVnH/7xa003fo8HwHa0gIuHNwOv3bIo9r6L6oSX vy5wbPSwDnfc/9b2zHw45XIfBA7pvGMWKp9fcTMxEYxEwPFikufppf/MDOI0+QCtnCX5Pd+W +KvjG4nrht+oiOhyswxjYTJmoIVylfB9Spj24Y5P8a3R1B/Yd6gDpRfrDuVN5ZzQs45WW5ou T06xaMatpKhcigK0o4oxwPZa/yHdIiI7AzsVPyLLThlmn1oYbSyjAu9/ka80OPzTNW00EpUo SpflNnBrm4B2gLc58WaV/dx4EWs1SqR2w3S9uxJLkI5mKjfJpMhzLA9lpsevFjNEyPrlkj7k a6beEok9+Wr5OnqYLTrqoOaOoRphA/+NaEulda+AeQ+KgUOXnaU+fiy1LH5+k35WrpKguU5k qnYrJDaJdkbqbWjDwBJ1YYj7hCyBCql3tQAhXQLMVZIdAydg4T0J13CPur0Aeq+jlmiijtn2 u3KM7L5DpnTL3XPjLnscLNg50JA0gU+zNVS6I9JBrwCJf/+X0Hxud3ZAxI/Lge62fzoCM9n2 YMbQW+PB6iZP77MvlKQ/eIvJvWMZJcSuDbgN/gp//7ugmE9mV8aZaSp2IEYaHG8Hvh/JkWZf WDjj8oCH2sXowYzQ/bmiFOYUTFJenayWaI85jY1CI24F4fPXJ2ij6KZ0Ce6GJ1ZeHxGB0iRH XrsaYmIQeoAZD6MLsN7jzAJVLasR5U82R2zuwL2079nIfDV+i0cu5Ljzt915+jLmBEu9Tx0C MGd3HuWT21uhWwHWTs23KRhrkNm0FiDzK14judCGtxS/PNGTBs1OYTSz+xgEd/yRwTBfteOS FaoXNqmGys9Qc8vzNMWeUZyB82ijgzf3yqtG7IVjKKEC4Yy8q/HxHjxIchwy2zb26U7k1YmR c5POXW8hqFj7wjTG5LJk0KBmqa2caQcxzfB+3uDzWWUvUFYShVwXL7EXX8BekvWo8715kTYT 7+hEbgnKBdOydaeKqtWbd3klUhJRO35N9TQf2K9gmawCgiUxrOCdYbqZ2Ed3D7EBEgBlwAT/ miJNQ0lCyegvW3eEDJuGUjoY0P2/ulysGm7QVMszwGWc01h0KK4+gIRhfyHUP4T36wLuDsvq zluG1a9xd3WB8KGpwV6ZKpce88y4E9b1WLFsAxwJpOtI7h4hlEAbQR5vFng2g1yCopakMgqq GomzA9uKa2Cy1xBdi6U0Y3/N7HNJGny5gqga7PQ2lHe19aW9LkA6O4ip1r+og6lDlct83Zm0 9lQy3aS/InHAhcPX57pT0k38gJ1p6vGbSQl/43azGViP6bn+gPFjpg1APBgwRapfs1EGKKJC AG0FNcVTYD6NOgx3lOpZxMeJ8hT+bI6ecS8eK3CkOSnJu9ugHengHhJpZx5yQeJ8ylxT8bJ0 ooLhfaC0UHPAzvmhVm998H6hY4BeTUJW2+7yiXhLI9ceqM0epwEXyPmadGz3f1/ioLjHXlC+ xTrU08Cw+eodAacKVvn0lsUnQ4MrHWhsTC+lCZ41Touq+DXiDfDyuLKbxxcIGINT25n2wTCO 4+x2powUUysYgIgiR7hrXr6wK1Sv+43e3XTRkJBZG78ImVmX6G5q7+qas9U5Zhuvz9eTeK8Z l6XUPjxrk1JgGvYA2JCyWVjJHmRsZLjkkki4IrgBGgm9SmRcJRq3h6a/9zVH6MPjXINETN1j TDHC1T7JdSt9MWZm8Sm0KiyAmy7X4BVcS7lwJnGsy2+5GZwBga4kez1kdriQkAhhDT209RhS SLS9lPyeID20aS9P+99O05uAV738c1hHY9i14A3gcJ1uzAa07uP+n9VvW7vPIdgxKj8YXERF xsG2MXc7wWg+WExBXWP24//SjCh09NsNfybR05T5C8n9MFNDvWkqZl/2AZlqVqxqw3cJMNwm DsQ09ICw34XiOJa3WhlxCXIPaoQTWR7BDLeiFOTsPa3lKhtY1iefuC2/VB+nsCIMI+Qk11hd njZJ6oERXoji6c3Ogf9jCbuxqLgatOMVdc3mAGtkSjPn7VkK7UuteMvpwVrCFjDuXgC6s0br EZ/05KDn9WLAk9X5pCXHEQIBCWka9sSqxHOqp9/ztm85Y6QRp9kSj5RQJ23EdiGQWIotO/FL 1mSNj4Ws3uhIYjOIgGjx05bjnjRSM6LNSC8CXkV59I+SDyALXBWvhozWmgmsbNgMA7xnerGI R9lwS5A6XmnlyFP09hUFkenfX3TuyL9OX8kDZmFKxxO6Rteol3YKtGa8rdrFjpDrfVJzSSII 22fIglEAmwKUxbYQV75N6So5d7O/vLeCuftZ/fNYLDbseVFTL/I3pOg1IJ64iyBftuCJHhsD vA3mwJDUHl1Ft6fmmAnRTYeiiTNaMCWvlG7/Ch2pdq46/PlRETk4o7nNg==
X-Talos-CUID: 9a23:/GQUrm8E8U3MKGOQuvOVv2kkOvg9W37l932Ofka8EzZSeLeXZHbFrQ==
X-Talos-MUID: 9a23:npftBw5gD04bxIMrrXR1uB+Dxoxo2ZWwWFgLva8chNuGPGtZEQjCsmqoF9o=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.19,284,1754949600"; d="p7s'346?scan'346,208,346";a="34092122"
Received: from mail-mtabi114.fraunhofer.de ([192.102.163.114]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 06 Nov 2025 13:56:55 +0100
X-CSE-ConnectionGUID: x8WLyvNVRSeYj63IWkXmaA==
X-CSE-MsgGUID: TPIHVz/yR+6u0yiOQjq3bw==
IronPort-SDR: 690c9b17_y51r6cb3fb2Ltkz9qN778Ov1HO7i1FhFH+o2TJc9Chp6Nik jIkQyO4ZAu2zh1DELV1tyJgrHGJ95KPZUSMFYVA==
X-IPAS-Result: A0AgAABMVK1o/3+zYZlaGwEBAQEBAQEBBQEBARIBAQEDAwEBAWWBHAQBAQELAYFtUkABQC4ugQmEVINMA4UsiHYDnG+BK4ElA1cPAQMBAQEBAQQDAQE9FAQBAYUHAowmJzYHDgECAQECAQEBAQMCAwEBAQEBAQEBAQEBCwEBBQEBAQIBAQYFgQ4Thk8NhlsBAQECARIRHQEBLAwECwIBCEICAgIvJQIEASAGDoJhgiQEEgMPExMCAgIOrSgBgUACiyWBMoEBggwBAQYEBIFQAT8B2RAYgkAHAwYJAYE/AYFXgThshFQBgVwScoIZc4N8e4IMQ4EVNYIiUz6BBYFcAgOBNECDRIJpghEVgQIUhA6CKol9gxOHFVKBFANZLAFVExcLBwUlexAzAyAKNBUcAhQNEBIPBBYFLR1zDCgSZ4JqgSuEHytPghtygQF0QRk/g1MeBmsPBoEVGUkCAgIFAiwXPoFxBR8GHxICAwECAoEQEAJuQAMLbT03Bg4bkloSIUaBRBmCTWAPLyYEKCsgAg0gAXUZDTwFk3CTOZ9ZAwQDgjWBZ4ZdgzOCDpVTM5dgkiRnmQYijWaWABmEdQIEAgQFAhABAQaBbwQxgUMPB3FPgjMBATJPAxkPjiEMCwuDXoUTtR1FMzwCBwsBAQMJkWqBfQEB
IronPort-PHdr: A9a23:v5FfoB30jsouQ8vQsmDO+QUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodPBLHvDzZZ4nDrWzh6cx04CSgOvPHQugycC6i7 LdCdCH6uXs6GTAZrVzx0pkj6cATqkeQ+0di763QcovJDP9aUL/kf+wVVTdwXeFOdDVkIKywX rExC+8mHMV4jtPsqVg3jkayLCOWHtHB1GUYtGen0bU7gsQCNjjnjBMKJdwx6H7R/N6vKKFND cqbnfnyzC7hd6xK/zTX8YTySiIwnv+wcrtNUMDPkhcPFVLuo1Wcg4u5MxaI39gEjXK86bd8e s/2rWB88idW82Cz4dl9ha6Wu7gW02r41Hsh75w5OvjtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZE7zjT+MqXbNYaS6w/lVOGfLC0+iH82ML68hhPn6UG70aW8Tci71l9Ws zBI2sfBrHED1hHfq4CHR/Jx813n2GOn2Rra9+dEJk45j+zcLZsgyaQ3jZ0drQLIGSqepQ==
IronPort-Data: A9a23:78unRK8Rkvbek9mZxCuaDrUDdnuTJUtcMsCJ2f8bNWPcYEJGY0x3y jcbXWmBbqrbYzbxc9snPI+z9hlTsMDQyIMwHgU++ChEQiMRo6IpJzg2wmQcn8+2BpeeJK6yx 5xGMrEsFOhtEDmE4E7rauGwxZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2LBVOCvT/ 4qiyyHjEAX9gWMsYjhJs/jrRC5H5ZwehhtI5jTSWtgW5Dcyp1FNZLoDKKe4KWfPQ4U8NoaSW +bZwbilyXjS9hErB8nNuu6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTaJLwXXxqZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I0DuKxPRL/tS4E4eLd0n3vdpJ190z vEpKm5WTy+At+e/6efuIgVsrpxLwMjDJ4YDojdt3TrZS/g8SI3FQ6LE6MUe0DpYasJmRKuFI ZtGL2MwPVKZOUIn1lQ/UPrSmM+0hn76eiYeol+Roac96nXW5AVwy7XmdtTPc8GMRcJbk1zeq m+uE2HRWEFAbYbAlmDtHnSEutfuvR3pH5MoV+Olru9rp2SR3zcZF0hDPbe8ibzj4qKkYPpDL 1dR8SonrLIp3E2mUte7WAe3yFaIpBcSR59RHvE0rR2J0e/R5wWUA0AFQyJPLts8u6ceWTgx/ l6Eg92vAiZg2JWORHub3qyS9im+fyMSKAc/iTQsQBsCptnyqpsyglfFT5BqHLXzgMf8BDfwx D6Htm4yit3/kPI26klyxnie6xqEqILAUwg14QvaRCSi6AZ4b5SifIum9R7Q6vMoEWpTZgDpU KEswpDBvLI9HtuWmTaTQe4AOris6rzXeHffmFNjVd1pvTik53fpL8ga7SBcNXVZFJ8OWQboR 0vP5iJXxptYZ0WxYYFNPomeNsUNzIrbL+rDaMz6VNR1T6ZUSB6m5wBrPE6Z4HDsmhMjkIY5I paqTvyvBnc7V4Vh6ia6Z84A448rxCkVmGbYQL6ixRGnz4ibWm+xTI0BEVqRb9IW6LGPjxXV/ u1+aeqL6UR7e8/vbhbH9bU8KQgxEkE6IpTt8epFW/WmIDc6KFo+CvTU/6wtS7Zlk4tRiO3M2 HO3AW1c93bSmlzFLl+sRk14SbayQ6t6k203DRYsMXmsxXInR4Slt4UbVpkveIgY5P5R9uF1Q 9YFave/LKx2EBqfwAskbL75sIBGXzaoj1jXPyOaPR4OT6Q5TAnNotLZbg/j8RcVNRWOtOw8n qaB0z3KSp9SViVgC8frMMiU9W2ThkREuuxOXBrvGOJxKWHM64lhLhLjgsAne/8sLQrx/RrE9 gK0LypBm8zzjd4Uyvfri5qAjb+VKMplP08DH2Dk/be8bibb2Wy4wL5/auWDfBGDdWXO/6/4P OVe3qz9AsIXh2R1kYpwLO9C/J069enQgqJoyCZkEEqWaF7xOLdrIySF7/JurYxI/KdS4iGta 3KM+/5bG567B9P+ImEzJAYaNv+i+8sTkGOL7f8kAhTezw1m8IWXVX59O0G3txVcC79uaqU37 PwEuvNK2zegixEvDMmKvhpU+0uIMHYEdact7bMeP6PGlSspzQtkTaHHKyqr/qyKVcpAAnMqL hCQmqDGobZWnWjGUngrEEnyzfhvvosPtD9K3W09CQywwPSdvcAO3TpV7TgTZSZWxE8e0+tMZ 05aB3csLqCKpzpVlMxPWl63ID54BTqbx1fQzmUYn2iIXmiqUW3wdFcGA9ivx3xA0WxgfWl8x oq6mULFSjfhef/j0hQiAXBFr+PRdv0v1wngtv3+IeG7McgUXT7XjJWqR1I0kDr8IMZohET4t ehgp+lxTqvgNB8vma4wCqjE9LIqTxrefWxJUKxgzpwZBlPjWjG+5mGnGn+1aPFyAuH49224B /MzIcgVZRC11XuNnAs6Ho8JGad/x9Qy1eoBe5TqBG8IiKSepTxXq6Dt9jDyqWsoYtd2m+A/I ZP1WxPbNULInlpSuWvGjPccC1qCedNeOTHNhrGkwtsGB7cokb9Kc3hr9pCWon/MEg9s3yzMj TP5f6WMktBTk9V9rbDNTJdGKR6/c+7odeKy9wu2jdRCQPXPPerKtCIXslPXBBtXD5RAR+VIk amxj/Cv0HPnpLoWV0Xrq6uFHYRN5uSwW7NzGeDzJ394gyCDeZHN5z0uxmOGEqFKwehtvpSfe wiFacWOLI9fH58XwXBOcCFRHioME6m9PO+quSq5qO/KERQHlxDOKNS873LycGVHbWkyNobjD hPv8eObjjyCQF+g2Ddfbx2+P6JFHQ==
IronPort-HdrOrdr: A9a23:qWnb7qAqULSE+kHlHemk55DYdb4zR+YMi2TDtnoddfUxSKfzqy nApoV56faKskd1ZJhNo7+90cq7MBHhHPxOgbX5VI3KNDUO01HIEGgN1+XfK6eJIUHDH+dmpM NdT5Q=
X-Talos-CUID: 9a23:zVvV8WFkjJvDD5y8qmJ3pHEwC94DTEfmwUbSfRSZNmVZTbS8HAo=
X-Talos-MUID: 9a23:pgC0TQ6c83su0SV65ZLqoONuxoxU24WONlJKgK9F5dTcJC1XAjWE1z6oF9o=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.18,214,1751234400"; d="p7s'346?scan'346,208,346";a="28212772"
Received: from exo-hybrid-bi.ads.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaBI114.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2025 13:56:54 +0100
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Thu, 6 Nov 2025 13:56:54 +0100
Received: from FR5P281CU006.outbound.protection.outlook.com (40.93.78.49) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Thu, 6 Nov 2025 13:56:54 +0100
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Sy0h8y+5VXJweQ/jIKoBl0aVN/oc3bikZzsj7bWE7KYpCgnNbfqBec7GMplRFQCpNOHTr4AhOAGeikuCyXsGYB1cXqbx7HvQgrzwkJa28duYgm8oXg38so52DjQHDMfzMdQpqqfhW9vPzTf/rVebVBc1M4dZi8Ybqn7ubTCKJ4E5jXn98vgiV5AadNUoC1mB6dGC7CCz/ToNK2cs31IQ6lw+9hQnFW0/KP9SHtUKeHkoFgq6yPkCFAhzIs5l/Hv+jN1oENmht+j6OA2zzmmd0vHzlCi1N/uKihprHNFG/+g+BtXjSoXXOMzObY43NfSMQlxMJLhIrGUZ5z8vSX3JkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Wrj8EKQvZw/s7NaPeRoVYg0nArhkxATVzY4UFfH5UN0=; b=en5JE5bVLowQdMmLnH3u/9K4V4pVr6PU5ue4j+LkfIMxdmzKQzUTS7VICQwvWW7ZLqwYgn+Sbmch8EITJ6xau+YhsVMILo2utR7TZDnlzPxDFDnko6v+JQb3GuQvlOTacEPrQUG537b0ujgPIgI41O67v5yvllhPOqnlNWawG1ri3h9YAgrCKvcR51su/Eocdv5VcGJ3CXsIG5KK/sdQRpYF6l6VfmRruudq0CkoLHkbgoWDW0xbisXkhtEzCME10mMtpkXzVnQyOZoGIEAdj4+275BmMfzobAVmyEULLx+Gx/n/NDvGNLz3fyGfEOfjHopikiGU0yjFT1pVu1Uklw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Wrj8EKQvZw/s7NaPeRoVYg0nArhkxATVzY4UFfH5UN0=; b=Y43uDKlzb4PmLFtQjWgx5YkOwKqMJGdYRVlmOIKHI2yfkQK5dABRrZFv28Zp9dpi9HKOQI8wBRfW0bm8c2tn74BF98RisJp7tNkBqdRPZyWfTGaUIbv36Hj9CEhdBo4dMuaTaVrOn5tGE1Nf31NO90tOv9gO7URkqRTI60GrdwM=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by BE1P281MB2100.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:39::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.8; Thu, 6 Nov 2025 12:56:53 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6%3]) with mapi id 15.20.9298.010; Thu, 6 Nov 2025 12:56:53 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "draft-ietf-tls-mlkem@ietf.org" <draft-ietf-tls-mlkem@ietf.org>, "tls@ietf.org" <tls@ietf.org>, "sean@sn3rd.com" <sean@sn3rd.com>
Thread-Topic: [TLS] WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
Thread-Index: AQHcToVyppZVmskikEGAJEYUGqhoqrTlnJiA
Date: Thu, 06 Nov 2025 12:56:53 +0000
Message-ID: <d8ee7e39c24d31457298b0a3deaafe501e31fbe0.camel@aisec.fraunhofer.de>
References: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5>
In-Reply-To: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|BE1P281MB2100:EE_
x-ms-office365-filtering-correlation-id: 738de964-ba58-4d30-5486-08de1d33f579
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700021|4053099003;
x-microsoft-antispam-message-info: lv3eXpzIOX7A7Y7JT6GnaH5c7xXiTWvZl/Q5/ROG24l2fnxaGZPuixh3o8/Yxa/7xzZM2YEOg5qEdCsPgihGgNsIzYwTCNUWweIVOC2scFoS/VwvyuoM5rJolvCYqRurQ68BRXqQn/gLrEPZLNN9Be91EoaxnUD/K2Mhvp1S5n2pZIRqLCSGZ117592qdUEhAGJTj+OtoMl3wXS29a9YL+aI1yUq/IJe6GRrM82oOJYn1rWlod6AwhJyy3fofTqmlS4/vXe+2s0Nqy1fW01ZuSkohGvbjs/FE0yUg84SDQyA0mOR7mJ49c3oNqt/3xZu3rRgmW6imqCZ1M9NW5Ak5Qn6dRlrgAJZQMPFNrkfZ36N0ZqxUDLr52FCISZKXZ+HYSwS5YE1iDucc/kOr3XRNSCF8/GGG+5lNf4mkI4iBZEkHAVBAnUAIqs0PzEmtdqBBjqmA5TebyiDEzzD5hNZttstWOEzWGFgOeoJCPGJitWTxuxFhHZ1X/y8DTYu9pTXlYMW5deDGFCjkLiT0PjsNtVABPr+jRe1GFndoRiR50RqxT3HU/C6+UU8jfiZbfXmHHtj2RvvcrYWwOdymZwYAtOimDap4M2dtP6oFVQr8EYFTyEewfNHF35UKReD24Xnb5FEO83hKagrcAFEucTgmfnFaM0U3f7uizTV7x8i22J7AQ/UpUzTA8kK0eei4AQy6QEPTXLYqrVyDrE6NLAGWz2XhgDOZMZar9cnjjiSW1WKWytP5Q9Y2dc4bKYjDg0hyH9OyHvgVlOlvG+BFxxR+KnIfAmT/n3H1mv9Wjzs/jcagwkg81mxl/6wSlGE0/T0LpwONdDorZALKVhbGAYMTyQZDCNvYL8pGuZ/udDcUYSKF/YSfbIwyLvbgFSNNLTWByJRMHpX+dSwJ3TaZJkKm5emMdWK+IXdy7ItctYvHfhEsOz8moqhNgj1ne1wOcCXKi4+dtv6L6ZO4Mu00Pkucb4nIsSLt2cobpg0v5f+HDe99AwmLcVLpr9nmRploiGCfBmadm3bvILyMmqFANDS8hkcuJ9vm0X6+D/Di6Z29DFns5ZcMqnWbZEF0Pq7l5b83FKgkW9rs3FUE5hH6Fn3vh7hvDnQm76fMrGanIpsiN3kKugCms1lkQJHv2YfGGVhyq+6yUbHSZjQi10zwxDzd+kYfrzOgze+KpJAoPydWQvXSEUy+71/hFpffu5JUCYOBI+kGPSuZe9OT1cHdu1lKGDboU+KFnWvOY/+cfgs8zkFMRZfgNSmkxJFzOsJJgT4bDvZKW9sg3TYLebbMX87DHTxUCgv4Pjzws7cwHE1Xv7pFhrYpuMc88i+WyBxA0USJuXc1GIRgPcyYnHP/zFCZVrsdoSifSwfiBHDfWib0mATphkix23infB1mnQzMSDT+s2STS1HL05hMR/XepEOLlpCH1yHawP4AIdGT/m7LzqYiaorWW/LxYs+h3+vAH6X7ljMnZTTegOJYsPTO3UgHi6PbvG+iz1X5Zvjlzibw2ekvrZRSXYE0C9TXWTlbl+2yRm/LPn3laWpWhi3nCN/jg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700021)(4053099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ic88mqHbBiYFGKU6Xl75WOoj88/8kXi1MhNvPT0RzhbpTgF2pZLrijAoqLrOOGeit+gwbfnlxooMnZA6/AA3ZcPP4n8LFCoLO2XnTx8F5kbqTJAEZ1v44uosazfZvda4jPS6LIAJC0dEngqjjJhHreuIcSTgKYON1R1wiUynY38jg7I2clzBRhFZzgMH2T80NHWn3HepXMvzAyjAcqz5J3Fr7HEiWulqBqOODVV50faeUXhuwUc48SgM9zxGiMzIsPhsc94A6BQ3LdLz9mp/OMAjVC1ptJO+rcAxi2an/uRbAWEIXhiEtElUzg7Yt6/Kk6iWj+L3gRMkY8tVPeMaCuhx6fiRoKUnaSRAucZEBAK58qbIYfJ6n0Nd1j9zu+tVOI1uxVg7OD1CVVSOmY3r3QkC3R9UnX/n7GPTZ1bKQHm14C/o8pyQV/65bAw2+LhTNXsJRiL0zpi9B97lg3XWxylnKax8StPlh9Tg0KYEtEDTPqrmz417uA/9GWf48QY7DXDC7H7SIgfINtBn58d3L1EHSKEsR+lEW2NiViQui8HQ/ro+PDYlBBhchc+YhJEwqlIqczW/v8q6VwBtdWLLyD4cm6YTf0Cok+J9EWqdRlRGySOEXZ0yyFj5bHxI7eXFPwVm4iM/dArx5DhKco+My9yvyceNJls7CBXV1bKYt2b/s8wE1ofzmJGPjnZylf9CQuV0skfD5/Z9borc+sF4npVGidr56aTcS2CVn7ppQWTOtthWneCEWofaxDfXqSPEg9r/mC6pI3bYxUXAMz/dMlGU0N/GH2htpdYwhITSjz24cLSvc4aJOldGigbZZUBsC5TPoaF6aD31Z8tw7i+o/Rv8eT5EDJKz0xN5UKHR8bN6nbPZuhv232Sh6sQUP3OZdSG9aU/EIysrOGrkl8V01STczOL5uhFSsKrsq4rjPD8nmOqrNzLGMHjzMPoV3xfyAmhxrj4waL7jeNohfZFcvGRQtqIRMmhJJa0xugnCZllG6ncHAqeDuqsnz+gwYeGYm2AT81WnDT+9jGiS9qKv5WtMnfemK3NeCNsTvHlm/zXsNNYFWC52tv17TSyAAVeNDIoODg0IkI/6UcZlFqGXqyIwK2pPNtJV7AdAx47jEwOrcZd0hO6xVvKQbIC8ojocRQuDFh333+9bI6mB1rzx7dFO/rTdXRyictC1eZrdE4yDwnEO0Mt83b2k48bpfSfxNLcBBg0yNwEUXPCfXTTDn2ga2JqpWz/0U3Vkcv73f3bIUSGVInRn/v5b1N8ugZnf/xZZfzdM0x/ebWJj5aw3OwYnRrORYWdMOBFqf8DCqnWTMadjH2kyHCOA5XL/3goO4QsKCT4anSBxTAgWFWI7pVwmDit7Q28SEyBh7nZo6XIU4f9i4J6HnALSe+NgVTiRdEdU3FMcw0MLGAa4yAVH7oWqfulKeEXWuy9m158RuPu/Z6Iyfn38G2Dg8Pxmut55GTcAFG6UpN7YKXunxr9yHQFFFTvsHNMzvh1miFRCQoALPVebqrj6+pjMKOMdXRte2pAyXyOl0Sb/QvPAyxz6FuCidgovwEWhgUgWhtmohrJVLb4ox1wDVfkgiXPGgyguwEzL22Kn6LvsR/Pq/FqufgMmK++bZ7QiQ1oycsPZnZU=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-XNlofRVbkXVKEovKYiLK"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 738de964-ba58-4d30-5486-08de1d33f579
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2025 12:56:53.1983 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B27xEBY2Ja2vi5qzTfN00Pw8fFUDq925XHMkTKPtw1rChPwtX0I9Bvgh2AS1ucw27S9S9eYKXyoNsgB+PntcoNet9vYca/e1XQi64e1tmDyRCDxui1kgMv9IAnhv1u3B
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BE1P281MB2100
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: NIBKHHFHRBE57FZYDD3WIT5RUKZDU4SQ
X-Message-ID-Hash: NIBKHHFHRBE57FZYDD3WIT5RUKZDU4SQ
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5LMR6kxLiBfpaPo6YUQZ3b9khhQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I **strongly oppose** publication of this document as is.

In the seven months since its adoption...

...the draft raised several concerns ([11][12][13][14][15][16][17][18][19] to just link a few, there were more) during the adoption call, regarding its comparison to hybrid constructions such as [1], its lack of proper motivation, its focus on a national standard, the possibility of key reuse [101], potential IPR problems, etc. While some of these could be resolved, others could not be brought to an agreement yet. [102]

...the eventual consensus call has triggered an IESG appeal [21], repeatedly [22], the discussion of which revolved around procedural matters more than it did on the question at hand. This has cost time, with the final response being published less than a week ago [23] and refering back to Paul Wouters to deal with the actual question.

...one person [31][32] brought up "Experimental" as the right track for the document, and one (me) advocated for "recommended=D" based on the above concerns.

...at IETF 124, the only GitHub pull request adding considerations around non-hybrid use [41] was rejected without ever mentioning that the pull request added such considerations. Instead, the presentation there was reduced to the (controversal yet discussable, as the PR explicitly mentions!) "recommended=D" change.

...a GitHub issue asking for better motivations was closed with the sole comment "No one is happy with longer motivations, keeping them shorter is better imo" [42], despite several people asking for motivation on the mailing list by that point.

...AD Paul Wouters wrote a summary of the arguments during the adoption call [51]. In the five days since, given the above, the following two quotes have not aged well:

> And people have proposed extending the
> Security Considerations to more clearly state that this algorithm is not
> recommended at this point in time. Without an RFC, these recommendations
> cannot be published by the IETF in a way that implementers would be known
> to consume.

> It was further argued
> that adopting and publishing this document gives the WG control over
> the accompanying warning text, such as Security Considerations, that
> can reflect the current consensus of not recommending pure MLKEM over
> hybrid at publication time.

Publishing a document which has caused such controversy without even mentioning the controversy in the document, let alone dealing with it and writing up appropriate security considerations, is not just a fatal signal to the community, as Stephen puts it. It does fundamentally not live up to the IETF's standards.

-- TBB

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/

[11] https://mailarchive.ietf.org/arch/msg/tls/toxVUv_d1pdDspbfo8OxcJeC_QU/
[12] https://mailarchive.ietf.org/arch/msg/tls/lLeVwL-GhfuEPmHM3dVJJ4Kh2As/
[13] https://mailarchive.ietf.org/arch/msg/tls/YyemGJF-4-hRVwOcJ47Rw4Nu8Js/
[14] https://mailarchive.ietf.org/arch/msg/tls/0R1IKE3_7vOVGKvf-UgO3BG2Wjk/
[15] https://mailarchive.ietf.org/arch/msg/tls/0f6XBGPElMLNoiS1Eh3u7EhzoGc/
[16] https://mailarchive.ietf.org/arch/msg/tls/2Dfu4x678DEKCzF-fkdvJHJkS-8/
[17] https://mailarchive.ietf.org/arch/msg/tls/EzKcwjagajQqcRpH4TDTn70W9hc/
[18] https://mailarchive.ietf.org/arch/msg/tls/YNSu6ZO5e0JMJ1cRlnxh6oIjyZg/
[19] https://mailarchive.ietf.org/arch/msg/tls/6DEv0wZpIkf_DNh8NR5RG6Vud34/

[21] https://datatracker.ietf.org/group/iesg/appeals/artifact/141
[22] https://datatracker.ietf.org/group/iesg/appeals/artifact/217
[23] https://datatracker.ietf.org/group/iesg/appeals/artifact/220

[31] https://mailarchive.ietf.org/arch/msg/tls/tLCzbjetxlFmlEnS2m_B5mGvXDs/
[32] https://mailarchive.ietf.org/arch/msg/tls/YjYKiztu3JmWiaAUz0O3szeMHMQ/
[33] https://mailarchive.ietf.org/arch/msg/tls/8K5t_3kktN2RJSGsxam4IWF01Xw/

[41] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6/files
[42] https://github.com/tlswg/draft-ietf-tls-mlkem/issues/7

[51] https://mailarchive.ietf.org/arch/msg/tls/dzPT8KQe4S-_pZROLUJMvS9pM0M/

[101] It was noted that when ignoring ciphertext reuse (which also used to be called a "key" with ECDH) this is not a problem with IND-CCA2 secure schemes, which ML-KEM claims to be. One critique of this argument is that IND-CCA2 of ML-KEM relies on a kind of "re-encryption", which an overly speed-minded person is incentivized to omit from their implementation. However, a speed-minded person would also reuse keys regardless of an explicit argument against it, so that criticism has limited value. Another threat, to forward secrecy, is addressed in the document.
[102] There has been some limited constructive discussion on some of these matters. For instance, https://mailarchive.ietf.org/arch/msg/tls/-pjWkZhvhABqEfn685AEs4WoIhU/ helped quantify memory requirements of KEMs, which was one _assumed_ reason for "needing to be fully PQ". None of these are reflected in the document, where they would be helpful to application developers.

v2.35.0 | Report a Bug | By Email | System Status