Return-Path: <bingmatv@outlook.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 2911D4D36F6A
	for <tls@mail2.ietf.org>; Wed, 30 Jul 2025 02:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level: 
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
	HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
	RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
	RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=outlook.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 1lva7ZbJTnaw for <tls@mail2.ietf.org>;
	Wed, 30 Jul 2025 02:17:20 -0700 (PDT)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam12olkn2088.outbound.protection.outlook.com [40.92.23.88])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest
 SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id AE36F4D36F63
	for <tls@ietf.org>; Wed, 30 Jul 2025 02:17:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Tlx8df72sf8qSZx6NnkgHJ6dV8j0g/zndQfrreYUj+1savAVcOiiiYNc+rIycajiPmPZPp2Lze1mkw4ZfKvr+NRdyfkTIKikFoLm3xAz8ghP0L/Nym/nF5FMTCPT1AMuisYfHalARpjRnBEfkDgMn2ZwnZZlQlYQBSC9UxUlodD8iZJtFQw6IwRMQNrR9f6itI3Q2BZRFGTfZk6dD2pQIgl0VQdnGzQuFr3pB04KR688wsSRj/p2spthiyTRVvFh4DYMQoVEBmYZMVecpRFSEh31APoQCFxL5wgnDQGbvIE3RQpX1EpxQpu164zbdmCp2jI5QeBM3HC3mcMyVdvdVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=SpqdKYl67ZqIsgXCj3oDtoUSXYpe7vBuemQmJXwT/Nk=;
 b=tTo2xqGxOXGQhgobXcuwEGCaRWifAX/icuIn6p7I+7VMjINyqKbWSVwCYTQud+fHAl7wPynaaN1pOeErlgJxaffnP+okvPzeEb7WHgnDnuoddtDEdPwFPa6d7l4Pm67+4MCIq6WXvtZ2i6w76bsiZCN+aJOODROY1SSfDW7Srrr2wUbnFBZizawdTU3myQPjbdu5RSzTXNdpsLhAyvlYRfqM73j1V/d//U6g12AYDDhas9Fpi32lE7c8zh4WXpgDYFizB/Eus1Pt0U4Mx5eIu7PT3iKh4Uffa91wExk53KxOkzwgk9o1TQYDOhpvX1xkQO6DsShBW0aNxed1fHVQmA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=SpqdKYl67ZqIsgXCj3oDtoUSXYpe7vBuemQmJXwT/Nk=;
 b=kp4t46FmjQX2LuHyUwTd7UBZjqqsNDfG9OUQYbQ9H9MaYM9eR7772eyGAIfWaFpGDOeFADXy4K0AzxQXx26n4mX6I/qLHGH5eGdrMneTKK2CvM4otG5zyHC5IwDLK7lzzil6/QioBV3jho0vDfMI23jUQPrQrQIDltXULuogX3U/F3bSMwX9JO9k2FKywt4P/Ez5S7KYl8PG2U/2Ag3aQlqPKaq+7t+X3A7Q+YhJrMOXtEInTu6YReDzebd7yQ1lZ36mGaaFI+pEE5zL6Vn0HKUHTQuyvCSCXWkesbPhRsOmM+/GI29LZL0vtr9ahvv/Y0kQD3P2eLkDeDq1JDAglQ==
Received: from PH0PR07MB9683.namprd07.prod.outlook.com (2603:10b6:510:291::11)
 by SA1PR07MB9085.namprd07.prod.outlook.com (2603:10b6:806:1f4::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8989.11; Wed, 30 Jul
 2025 09:17:18 +0000
Received: from PH0PR07MB9683.namprd07.prod.outlook.com
 ([fe80::371e:fbb6:ba70:6a46]) by PH0PR07MB9683.namprd07.prod.outlook.com
 ([fe80::371e:fbb6:ba70:6a46%4]) with mapi id 15.20.8989.010; Wed, 30 Jul 2025
 09:17:18 +0000
From: ma bing <bingmatv@outlook.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Concerns about the current draft.
Thread-Index: AQHcATD03sWs2BJdtE+pJgVO7rWscg==
Message-ID: 
 <PH0PR07MB9683AED41B66451E26CBC84AD024A@PH0PR07MB9683.namprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR07MB9683:EE_|SA1PR07MB9085:EE_
x-ms-office365-filtering-correlation-id: 1e7225c1-d7d8-40f0-8733-08ddcf49e1e4
x-microsoft-antispam: 
 BCL:0;ARA:14566002|8060799015|8062599012|15080799012|19110799012|15030799006|461199028|51005399003|440099028|3412199025|39105399003|40105399003|102099032;
x-microsoft-antispam-message-info: 
 =?iso-8859-1?Q?FhAuXV9v3kb411gMVJCOycq/qfh/1XVmaY5A0czfc8DyClD6C/kBVoFm8N?=
 =?iso-8859-1?Q?jMllLnmuw1DYjG5K5sS9iiuNlKaKC0kZ1Azp1xAYjGiEaPo6MA6E3Fu8uh?=
 =?iso-8859-1?Q?glo1EPePehbUiCO1gEBL9VEcawB0Nx7mOlAlUO5dmZ7cWoiauYTi/XVe8m?=
 =?iso-8859-1?Q?2goPtqCf1Z1z10CUOLkFIvDhbLt2BM6+rX1C5sM8zewPomJX5dOhGIEiE8?=
 =?iso-8859-1?Q?YFrWL9SqRDR/rQcSfakvnIytTrhCW8VT8RMzoxIlFuAVKSnftcBZ1SZrqA?=
 =?iso-8859-1?Q?RTp2oGNXkeNJ8x3RYOn0uSzzbt09UR3IU3lgI/7OruM/83kKTY4Q6TGJ7v?=
 =?iso-8859-1?Q?0WsR0lPOzRjfVNkSGmY9x/X5ZP+0vZPhDtLcpieGn2O7w69TOOmyw/L679?=
 =?iso-8859-1?Q?K2ArU24z+4SJ5Tc4SSRe2PmEENS5n+C2wf3j/v43DJaPEEmBssaBFYLEnk?=
 =?iso-8859-1?Q?bu9w2XLqjw/jiD29yQnHpyethYGhBYpIK066yl4Hqyjap4E0MrfD74CkMW?=
 =?iso-8859-1?Q?6HkHGwLnufDJjHGonIf4uaEZqmNs9Q8UUgJ08uI0Kt9xGXlP8yxJmbk/e2?=
 =?iso-8859-1?Q?d85wyW6TyBax44ZDgoF1N5Z2tQ73LI/Qyg4O2XaObV5Nc/f0jPur9eJKS9?=
 =?iso-8859-1?Q?c1iBT5PKxn/xgiNCI0kImYzCrrjRhz9OxwKv7CoR3w+sNTxVEVm/xWWwAR?=
 =?iso-8859-1?Q?uoiRSma1LT8CH6hPS3sj7yN3mt9yzmKB88GlQ9EYZxZU7TcXAow/ZyQtfe?=
 =?iso-8859-1?Q?vxS2K+OU0/7g7hvUk22AsYhQocMheYrb29ScqVWN8myHUab20LNfl6JG3W?=
 =?iso-8859-1?Q?svolhHTMfyH3STLvFgDH8X17goOh1AIP/2/QAU4uPUZc9zrlGdj0nOdvcd?=
 =?iso-8859-1?Q?QyGqRstPvreWdu3qvLqMnb1a/y1E5CDbH1MrGPc/G/s3x6zzxcgpOQCIGY?=
 =?iso-8859-1?Q?pEhrJQFMUbqyrUzwGVzmYw6XqsiXK/IUBvu5KKdV3rrkQkW3BYkW35bIjC?=
 =?iso-8859-1?Q?8efm13tIbk6dUrFIAMSrWgNhmKjBxyRMo5yOPB8XlBozXtfRhWiP4ddCX1?=
 =?iso-8859-1?Q?NvzJCajTnS0ln+TIzlTW+S8CJ6VtoVFY8xPDiahtP8M7mbiGv+KvuYuEUP?=
 =?iso-8859-1?Q?CzrEesci2iG5NGobx4VUUdMoIPP8HQ6QYb4wYOJuzIVqpkcvlQq3ePPsmU?=
 =?iso-8859-1?Q?m02qDU8CZNaurm6jMrqCLXdvCuIXbBWYVYAQ5uXUyJ8QWBln07M6Unr517?=
 =?iso-8859-1?Q?+KWokXHLtfyKP32Dd/Ug=3D=3D?=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?iso-8859-1?Q?+4POO/hyTV/VzC3A/4tYlHviXAyqnVXEPWHDC4BHAHaN13Flhj2lrCF3h5?=
 =?iso-8859-1?Q?Bxl8S2wSt6S9auqbo58/X49NpS5+KG++WYwlhIki0gvuZGsCOIQezUOgxz?=
 =?iso-8859-1?Q?KcwhI3YPdnHoMJTmjkCct63kve3VhDrmY00cukH7mE7hH8HcM0J2MUYsVR?=
 =?iso-8859-1?Q?BnEKOYFD0/tk5njk4jI+v+JPtVW18wGYTCigcpwfthu/tyWmtb5CnvqcmH?=
 =?iso-8859-1?Q?2G/5Vw9DB/W1I15hcwVp4umOqtpRfUuuRog1hpQRHNlzoLTbS8JGoB+sSz?=
 =?iso-8859-1?Q?v8H7XJQqKLD8yZksfyslEhIqNokfKT5BAwwgZgQZRaXuJU/r3kD9dsOSc7?=
 =?iso-8859-1?Q?/i4ZZNgcu1riMKB5xkp1FbVuM8TIapNI5dLb4/QYw9gLADTM/KZ8K03m1f?=
 =?iso-8859-1?Q?65ny3LYMNPu47KL6QpY9NqX5jeFC4bgP8eZtYLnLgQsO33M3qHJ81FzRQ9?=
 =?iso-8859-1?Q?nvc1iI0DfRHasiBSwcTcB96w2tEYydtlF5bMgwsPkRIDq9IEIUz7N+UpZk?=
 =?iso-8859-1?Q?YNnpx7cpa0X/C4Qdyff6BK+8zI5Z+wWFBz1c8brtIHGDajK0BiJIL9zlg9?=
 =?iso-8859-1?Q?jjr2+0HhDB5y13ORaShGlP9AMZRPDyH1CPoRjl1Ov70pgEOe1xJoL1oOv6?=
 =?iso-8859-1?Q?Fu9Ttb9GnMk8oQ5jL26lLvY6cAWEx+Bw9/U4e3wTLN/Ro0Xyyqat7cFvdf?=
 =?iso-8859-1?Q?HeQCa04raK7MtejXJ2D6Y7CgN1DzPy/RoM/rHamCd6GW4Wp6BcXMPOWEUj?=
 =?iso-8859-1?Q?hRldJaJownyFTFpLaXWrJhmQzZtLUa3FbqzuztsLBME2O2RYBLN6J1eKDF?=
 =?iso-8859-1?Q?ebbEHB4bvorsln2ZdOa+Gnu2pFSa5kLkZK5NyQNNgaD2ts6p3kcNJTzLHO?=
 =?iso-8859-1?Q?co2ATeVUmxnbfvWS7WLmHsr1NuopFjO1+6MU2mOZLxtx9bOuzTzar3tUaN?=
 =?iso-8859-1?Q?RvaHQoyuF/g05ekEJZ/c6Np+ASf6qxxSKPki966CQYNfnDDc+3/JCK0wpf?=
 =?iso-8859-1?Q?NV8z9G77/z2LOduUpg/5SN3IGRIMyho9tSs+lGcKQlIqRiVgfG6mRNbi4T?=
 =?iso-8859-1?Q?mkAceg5pN1i97uON88A+9X01bP1Ru3CZN6REHrsj4U7AFjW2EQKgFECUyU?=
 =?iso-8859-1?Q?PoRxOInmLWX0Xnyp7tv5/Z3SdH7FsGi25emjIEWYkrz2hT0wGiHAN8GJlW?=
 =?iso-8859-1?Q?TKRJ66KS7w131aLkivio7v/RE/QepfDkLYgo5DmPhCavRU+T9AnJEexTYT?=
 =?iso-8859-1?Q?L5CYNcPQ2+cSP5KLkg8w=3D=3D?=
Content-Type: multipart/alternative;
	boundary="_000_PH0PR07MB9683AED41B66451E26CBC84AD024APH0PR07MB9683namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR07MB9683.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1e7225c1-d7d8-40f0-8733-08ddcf49e1e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2025 09:17:18.5744
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR07MB9085
X-MailFrom: bingmatv@outlook.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-tls.ietf.org-0
Message-ID-Hash: 6HYDEWY6L7SCROSNVSYRJ26ZXXQFKNGX
X-Message-ID-Hash: 6HYDEWY6L7SCROSNVSYRJ26ZXXQFKNGX
X-Mailman-Approved-At: Sun, 24 Aug 2025 13:35:20 -0700
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BTLS=5D_Concerns_about_the_current_draft=2E?=
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/tls/5oxsGvvCu6HsWipRiLwCCPG4dlk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Wed, 30 Jul 2025 09:19:44 
X-Original-Date: Wed, 30 Jul 2025 09:17:18 +0000

--_000_PH0PR07MB9683AED41B66451E26CBC84AD024APH0PR07MB9683namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Some websites including Google is using the experimental ECC+Kyber hybrid s=
olution, but Google and others  still use AES-128, quantum computer can wea=
ken 128-bit symmetric encryption to 64-bit security, it's the 1st concern. =
So the draft should only use AES-256. And NSA suggests 1024-dimensional MLK=
EM, the 2nd concern is that Google and others use MLKEM768. The 3rd concern=
 is that the draft uses ECC in addition to Kyber. NIST has approved HQC (Ha=
mming Quasi-Cyclic) in addition to the already approved ciphers, I suggest =
to switch from ECC+Kyber to HQC+Kyber; Since ECC is vulnerable to quantum c=
omputer, using ECC+Kyber is likely a false positive, so I think HQC+Kyber i=
s better. In conclusion, I think there are 3 concerns.

--_000_PH0PR07MB9683AED41B66451E26CBC84AD024APH0PR07MB9683namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
</head>
<body>
<div>Some websites including Google is using the experimental ECC+Kyber hyb=
rid solution, but Google and others&nbsp; still use AES-128, quantum comput=
er can weaken 128-bit symmetric encryption to 64-bit security, it's the 1st=
 concern. So the draft should only use
 AES-256. And NSA suggests 1024-dimensional MLKEM, the 2nd concern is that =
Google and others use MLKEM768. The 3rd concern is that the draft uses ECC =
in addition to Kyber. NIST has approved HQC (Hamming Quasi-Cyclic) in addit=
ion to the already approved ciphers,
 I suggest to switch from ECC+Kyber to HQC+Kyber; Since ECC is vulnerable t=
o quantum computer, using ECC+Kyber is likely a false positive, so I think =
HQC+Kyber is better. In conclusion, I think there are 3 concerns.</div>
</body>
</html>

--_000_PH0PR07MB9683AED41B66451E26CBC84AD024APH0PR07MB9683namp_--