IETF Logo Mail Archive

[TLS] Concerns about the current draft.

ma bing <bingmatv@outlook.com> Wed, 30 July 2025 09:17 UTC

Return-Path: <bingmatv@outlook.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2911D4D36F6A for <tls@mail2.ietf.org>; Wed, 30 Jul 2025 02:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1lva7ZbJTnaw for <tls@mail2.ietf.org>; Wed, 30 Jul 2025 02:17:20 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12olkn2088.outbound.protection.outlook.com [40.92.23.88]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AE36F4D36F63 for <tls@ietf.org>; Wed, 30 Jul 2025 02:17:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Tlx8df72sf8qSZx6NnkgHJ6dV8j0g/zndQfrreYUj+1savAVcOiiiYNc+rIycajiPmPZPp2Lze1mkw4ZfKvr+NRdyfkTIKikFoLm3xAz8ghP0L/Nym/nF5FMTCPT1AMuisYfHalARpjRnBEfkDgMn2ZwnZZlQlYQBSC9UxUlodD8iZJtFQw6IwRMQNrR9f6itI3Q2BZRFGTfZk6dD2pQIgl0VQdnGzQuFr3pB04KR688wsSRj/p2spthiyTRVvFh4DYMQoVEBmYZMVecpRFSEh31APoQCFxL5wgnDQGbvIE3RQpX1EpxQpu164zbdmCp2jI5QeBM3HC3mcMyVdvdVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SpqdKYl67ZqIsgXCj3oDtoUSXYpe7vBuemQmJXwT/Nk=; b=tTo2xqGxOXGQhgobXcuwEGCaRWifAX/icuIn6p7I+7VMjINyqKbWSVwCYTQud+fHAl7wPynaaN1pOeErlgJxaffnP+okvPzeEb7WHgnDnuoddtDEdPwFPa6d7l4Pm67+4MCIq6WXvtZ2i6w76bsiZCN+aJOODROY1SSfDW7Srrr2wUbnFBZizawdTU3myQPjbdu5RSzTXNdpsLhAyvlYRfqM73j1V/d//U6g12AYDDhas9Fpi32lE7c8zh4WXpgDYFizB/Eus1Pt0U4Mx5eIu7PT3iKh4Uffa91wExk53KxOkzwgk9o1TQYDOhpvX1xkQO6DsShBW0aNxed1fHVQmA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SpqdKYl67ZqIsgXCj3oDtoUSXYpe7vBuemQmJXwT/Nk=; b=kp4t46FmjQX2LuHyUwTd7UBZjqqsNDfG9OUQYbQ9H9MaYM9eR7772eyGAIfWaFpGDOeFADXy4K0AzxQXx26n4mX6I/qLHGH5eGdrMneTKK2CvM4otG5zyHC5IwDLK7lzzil6/QioBV3jho0vDfMI23jUQPrQrQIDltXULuogX3U/F3bSMwX9JO9k2FKywt4P/Ez5S7KYl8PG2U/2Ag3aQlqPKaq+7t+X3A7Q+YhJrMOXtEInTu6YReDzebd7yQ1lZ36mGaaFI+pEE5zL6Vn0HKUHTQuyvCSCXWkesbPhRsOmM+/GI29LZL0vtr9ahvv/Y0kQD3P2eLkDeDq1JDAglQ==
Received: from PH0PR07MB9683.namprd07.prod.outlook.com (2603:10b6:510:291::11) by SA1PR07MB9085.namprd07.prod.outlook.com (2603:10b6:806:1f4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8989.11; Wed, 30 Jul 2025 09:17:18 +0000
Received: from PH0PR07MB9683.namprd07.prod.outlook.com ([fe80::371e:fbb6:ba70:6a46]) by PH0PR07MB9683.namprd07.prod.outlook.com ([fe80::371e:fbb6:ba70:6a46%4]) with mapi id 15.20.8989.010; Wed, 30 Jul 2025 09:17:18 +0000
From: ma bing <bingmatv@outlook.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Concerns about the current draft.
Thread-Index: AQHcATD03sWs2BJdtE+pJgVO7rWscg==
Message-ID: <PH0PR07MB9683AED41B66451E26CBC84AD024A@PH0PR07MB9683.namprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR07MB9683:EE_|SA1PR07MB9085:EE_
x-ms-office365-filtering-correlation-id: 1e7225c1-d7d8-40f0-8733-08ddcf49e1e4
x-microsoft-antispam: BCL:0;ARA:14566002|8060799015|8062599012|15080799012|19110799012|15030799006|461199028|51005399003|440099028|3412199025|39105399003|40105399003|102099032;
x-microsoft-antispam-message-info: FhAuXV9v3kb411gMVJCOycq/qfh/1XVmaY5A0czfc8DyClD6C/kBVoFm8NjMllLnmuw1DYjG5K5sS9iiuNlKaKC0kZ1Azp1xAYjGiEaPo6MA6E3Fu8uhglo1EPePehbUiCO1gEBL9VEcawB0Nx7mOlAlUO5dmZ7cWoiauYTi/XVe8m2goPtqCf1Z1z10CUOLkFIvDhbLt2BM6+rX1C5sM8zewPomJX5dOhGIEiE8YFrWL9SqRDR/rQcSfakvnIytTrhCW8VT8RMzoxIlFuAVKSnftcBZ1SZrqARTp2oGNXkeNJ8x3RYOn0uSzzbt09UR3IU3lgI/7OruM/83kKTY4Q6TGJ7v0WsR0lPOzRjfVNkSGmY9x/X5ZP+0vZPhDtLcpieGn2O7w69TOOmyw/L679K2ArU24z+4SJ5Tc4SSRe2PmEENS5n+C2wf3j/v43DJaPEEmBssaBFYLEnkbu9w2XLqjw/jiD29yQnHpyethYGhBYpIK066yl4Hqyjap4E0MrfD74CkMW6HkHGwLnufDJjHGonIf4uaEZqmNs9Q8UUgJ08uI0Kt9xGXlP8yxJmbk/e2d85wyW6TyBax44ZDgoF1N5Z2tQ73LI/Qyg4O2XaObV5Nc/f0jPur9eJKS9c1iBT5PKxn/xgiNCI0kImYzCrrjRhz9OxwKv7CoR3w+sNTxVEVm/xWWwARuoiRSma1LT8CH6hPS3sj7yN3mt9yzmKB88GlQ9EYZxZU7TcXAow/ZyQtfevxS2K+OU0/7g7hvUk22AsYhQocMheYrb29ScqVWN8myHUab20LNfl6JG3WsvolhHTMfyH3STLvFgDH8X17goOh1AIP/2/QAU4uPUZc9zrlGdj0nOdvcdQyGqRstPvreWdu3qvLqMnb1a/y1E5CDbH1MrGPc/G/s3x6zzxcgpOQCIGYpEhrJQFMUbqyrUzwGVzmYw6XqsiXK/IUBvu5KKdV3rrkQkW3BYkW35bIjC8efm13tIbk6dUrFIAMSrWgNhmKjBxyRMo5yOPB8XlBozXtfRhWiP4ddCX1NvzJCajTnS0ln+TIzlTW+S8CJ6VtoVFY8xPDiahtP8M7mbiGv+KvuYuEUPCzrEesci2iG5NGobx4VUUdMoIPP8HQ6QYb4wYOJuzIVqpkcvlQq3ePPsmUm02qDU8CZNaurm6jMrqCLXdvCuIXbBWYVYAQ5uXUyJ8QWBln07M6Unr517+KWokXHLtfyKP32Dd/Ug==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +4POO/hyTV/VzC3A/4tYlHviXAyqnVXEPWHDC4BHAHaN13Flhj2lrCF3h5Bxl8S2wSt6S9auqbo58/X49NpS5+KG++WYwlhIki0gvuZGsCOIQezUOgxzKcwhI3YPdnHoMJTmjkCct63kve3VhDrmY00cukH7mE7hH8HcM0J2MUYsVRBnEKOYFD0/tk5njk4jI+v+JPtVW18wGYTCigcpwfthu/tyWmtb5CnvqcmH2G/5Vw9DB/W1I15hcwVp4umOqtpRfUuuRog1hpQRHNlzoLTbS8JGoB+sSzv8H7XJQqKLD8yZksfyslEhIqNokfKT5BAwwgZgQZRaXuJU/r3kD9dsOSc7/i4ZZNgcu1riMKB5xkp1FbVuM8TIapNI5dLb4/QYw9gLADTM/KZ8K03m1f65ny3LYMNPu47KL6QpY9NqX5jeFC4bgP8eZtYLnLgQsO33M3qHJ81FzRQ9nvc1iI0DfRHasiBSwcTcB96w2tEYydtlF5bMgwsPkRIDq9IEIUz7N+UpZkYNnpx7cpa0X/C4Qdyff6BK+8zI5Z+wWFBz1c8brtIHGDajK0BiJIL9zlg9jjr2+0HhDB5y13ORaShGlP9AMZRPDyH1CPoRjl1Ov70pgEOe1xJoL1oOv6Fu9Ttb9GnMk8oQ5jL26lLvY6cAWEx+Bw9/U4e3wTLN/Ro0Xyyqat7cFvdfHeQCa04raK7MtejXJ2D6Y7CgN1DzPy/RoM/rHamCd6GW4Wp6BcXMPOWEUjhRldJaJownyFTFpLaXWrJhmQzZtLUa3FbqzuztsLBME2O2RYBLN6J1eKDFebbEHB4bvorsln2ZdOa+Gnu2pFSa5kLkZK5NyQNNgaD2ts6p3kcNJTzLHOco2ATeVUmxnbfvWS7WLmHsr1NuopFjO1+6MU2mOZLxtx9bOuzTzar3tUaNRvaHQoyuF/g05ekEJZ/c6Np+ASf6qxxSKPki966CQYNfnDDc+3/JCK0wpfNV8z9G77/z2LOduUpg/5SN3IGRIMyho9tSs+lGcKQlIqRiVgfG6mRNbi4TmkAceg5pN1i97uON88A+9X01bP1Ru3CZN6REHrsj4U7AFjW2EQKgFECUyUPoRxOInmLWX0Xnyp7tv5/Z3SdH7FsGi25emjIEWYkrz2hT0wGiHAN8GJlWTKRJ66KS7w131aLkivio7v/RE/QepfDkLYgo5DmPhCavRU+T9AnJEexTYTL5CYNcPQ2+cSP5KLkg8w==
Content-Type: multipart/alternative; boundary="_000_PH0PR07MB9683AED41B66451E26CBC84AD024APH0PR07MB9683namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR07MB9683.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e7225c1-d7d8-40f0-8733-08ddcf49e1e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2025 09:17:18.5744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR07MB9085
X-MailFrom: bingmatv@outlook.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0
Message-ID-Hash: 6HYDEWY6L7SCROSNVSYRJ26ZXXQFKNGX
X-Message-ID-Hash: 6HYDEWY6L7SCROSNVSYRJ26ZXXQFKNGX
X-Mailman-Approved-At: Sun, 24 Aug 2025 13:35:20 -0700
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Concerns about the current draft.
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5oxsGvvCu6HsWipRiLwCCPG4dlk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Wed, 30 Jul 2025 09:19:44 -0000
X-Original-Date: Wed, 30 Jul 2025 09:17:18 +0000

Some websites including Google is using the experimental ECC+Kyber hybrid solution, but Google and others  still use AES-128, quantum computer can weaken 128-bit symmetric encryption to 64-bit security, it's the 1st concern. So the draft should only use AES-256. And NSA suggests 1024-dimensional MLKEM, the 2nd concern is that Google and others use MLKEM768. The 3rd concern is that the draft uses ECC in addition to Kyber. NIST has approved HQC (Hamming Quasi-Cyclic) in addition to the already approved ciphers, I suggest to switch from ECC+Kyber to HQC+Kyber; Since ECC is vulnerable to quantum computer, using ECC+Kyber is likely a false positive, so I think HQC+Kyber is better. In conclusion, I think there are 3 concerns.

v2.39.1 | Report a Bug | By Email | System Status