IETF Logo Mail Archive

[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 16 April 2025 00:38 UTC

Return-Path: <prvs=8201e787f1=uri@ll.mit.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AAE571CA75C3 for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 17:38:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUmGJSHq1jvv for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 17:38:31 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) by mail2.ietf.org (Postfix) with ESMTP id 2F8E41CA75B9 for <tls@ietf.org>; Tue, 15 Apr 2025 17:38:31 -0700 (PDT)
Received: from LLEX2019-01.mitll.ad.local (llex2019-01.llan.ll.mit.edu [172.25.4.97]) by MX2.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 53G0ZYeh029594 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 15 Apr 2025 20:35:34 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=aeA0lCETA3wmxIarB/yiEGFPf0ADFH8GpQssfYLzp8W493E88vbhbOdEPaG0L6WHDaWzLV63Jv27O9U+1/1c4zHhGbxMbVcrNufJt1W4jZgNDIEZsqvhYmiB/UERLi6Y2EOWKfNDRvWwBKT4uAFGs1MoYaSd7alZjo3e9UhwF7Ndo8SY52QVJNrpuyxB9b2UTAUD8TSYx7w9gDBrcJdSRSembFe4JmU49fT19lSPsR0Cf2SJAx9cK12bijw/lX39mhdIlSOBtmV7DQWFI92qn/RDuvk9HjSHCkou9aJsMRx53WiP/rjtWakys9eYRCwIuoxwWxg+EUGM18DTw+qt+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Xi97wu09APqdGRoBKga1/zm5EvvVsAz7bYd5p7ePEYc=; b=gAaG8HIY6mhKHNyFMF3aFPCIfQ7myo57D7fiyXYH3zOIBhjeJiwLmJ2MvQqWX+wYVuoT6VqQzuiUEj4JZUc31b0/e3mzYfwq/xpCxq1oehdB6OU2aFbJ0VTn+k6or691UDUCbDoiDtWu00zUVT9RYEb9+oElguOmIiZ4S6q92axxEd1kXn/wSxMvgUvr/+5ZYys96bIgk2p5+vG/AO9fH7MS/FHFKiP94qg3VgWmcHSKiWl14Q3W6qu8KDd8P6Tsie8pV/m4RM1e8IpiKDKunZNBBf7CK7zJ12ZnUunV52h6zJI82LHevR6Lg1VoTY7vh0o5RUU7Bp6pO0X9ouhcjQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Rob Sayre <sayrer@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [EXT] [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbrPIxMVruS418QkiQkv5dlel457OlWuuAgAAIB4CAAANZAIAAALWq
Date: Wed, 16 Apr 2025 00:38:18 +0000
Message-ID: <BN0P110MB1419E6D43B1309243E8B886F90B2A@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com> <F347DA21-EB06-4FBF-B357-871A0FFA8DB1@sn3rd.com> <Z/7lbXqb8QHruMS2@akamai.com> <05bd6aa6-4b41-4bdc-8875-d380924031cf@cs.tcd.ie> <CAChr6SxVObEa3rAiti=R2-krUSynFoSqyi75qj9ukUta+RPO-Q@mail.gmail.com>
In-Reply-To: <CAChr6SxVObEa3rAiti=R2-krUSynFoSqyi75qj9ukUta+RPO-Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BNAP110MB1949:EE_
x-ms-office365-filtering-correlation-id: 059f9db7-b3ec-4f32-068c-08dd7c7efbce
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|38070700018|4053099003|8096899003;
x-microsoft-antispam-message-info: HmtHwJb3BHAawVZSd03OFdwGwDUoFA4FgOIoic4HhNNvY7AXAJP843wyQUR6mlzfCQMTRYIgBY4JSM/8L/bsvu5zwxN4xPsUd9VB0xC7mivEkgVzECBJ3gyuBiqJDi2E+ZHghETHRG8CSWG5XY8Ph5BXl1Mvd0UidXsCl7/Cy4GJ0CzyBnswyVGUCsVk6cmKijSaUJeKfaulyQQ1LxO/qkgQsP4lxiqWNsw3AcVza8lWuAQ50XYvBNHrF7G/HAqR7Hd986m7IhtKGLwXFXWVZSWz+rTpGooNEVe27ERzklhyrgEW/3SYaHi5DXEGwleeqygpjPY1QCWD1yu0ki3ObXQniesON3rzXBdCTraTK6L+KBVyDNz3SNGlyA6+7HvMlM0SnJFGHHUDcWrAMUI1IADBhpNOaS15KvSgm2xggZ4xe1zU0XyJ8ASk9ixO3+RGTKfza8thI5Y2cURybpHnNDtIFpgXeFwFUg5/0SH0kvpM1KZnsgHhydr7bZyNXMzN51eJeKDkY9LwbG2X67p9oeWa3MsplVv3sWwz+JjVnQFTfyRRP3qkcvnqfyg+M334F9rUv+PBcUNo4R8MfFhtCZO5rRgKR2bxwtaZjnLylbX2Pkx9AoXT0Xbd3IhZ/nCoHpOdfyuBteGh0f455248uplKGdQGlfj5flmc4b+Efe2jEPyfJsQDAS6tLMGkNQ7EPBCCxowaE0ifsYy4i5iy5NMUmkRIYerErsdK7/eclGHKCypALrlf5m2vQZq9okW7f4aNKbIrxV0P6YOWn0mLL7XbPoS50s6+Lsd1WuJs2etqkjyWelD7IdehMG3CEM91X+aX0aXq0gzsBeKqk8PyWsfCGWO9ikhPmZL8+XCpwQvcNKj13cwf5zJQ1dp5rwTlGEnO/x7wDVblNWC3TqEvJyHifS/j9XI1b8CUBJWMmywe+SFfNwPR5GpIJLmNz/hqDXoY91Xt7du2wuwr7CHEZvUEDyoPsAiZZax7yOm4tytMTrVX9cIUwzWEo36V4pkuaRbniKweBN2Daf2kaujIzI96fZK3RalIxxNEIb1MquL+7zHC/Pg17AoAPzi5nKl7aG8uSBBqlaXoTrH88Wt+bgxlc7hgXmaul0yYM0ld3Mhb29S6wkXYy8XDxgb6Cq+y5uHNPXwblXY5QpV22L6M9NQgu3m+eCtR1dqX99PCr1ursxNYGlBO4LpZGMoeRBnt6DVRHLi2VZAYAVJzh38qJ0DUl92VWA3vsqdUQs2xZxdEjYO1+lCkXTRQ7tkhvxBw8kPx5nVktKWqNSxGjC3rs+fiioGvRrC3qr+8c0zzNC8i4uE0JHRp0KTFbzNJ7a0MSw8EOElJBgqAZxF/dSmXlLA49tEnXJ+WOg76SwVNUAHcBIiyT0YEJbE0Nbqm2hQj5ho2qhFTl/duDFj4zKbzZlv+OQAsKjtTzJHizbvcGv0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(38070700018)(4053099003)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OZzlXCBEdHQOZRXlz4Jrz8eB2x9uNDDg0gghnWxkc7AzQhbl1ajBas45rN37XHfdt2YpfEQSSvVvQXVtKEfuSxVTGc5aYJRhak9hAqUc1C81E3oWgHsLe7ySvHMfSq1G3/D7acHQWIDiuktDhm954wGNYjDdWm7W/WSjPKC4UtwYYvwy5oBn61mIeF0z9aQ7r0wVIuBV38VuUAVaActh/+g2TQUFFbL4RM7lfdFk4h5nqNdsV7gIWxFIACDZRaVVGfZ5cPHja2AE1VQs3G/lOFuOv/SvDN6cJX8Mqr84Zud/ux3LYauYFzJKdko7C+N2MYFY25+kjdpRI0FRVlMwnVXyhCD6DzcoNiv6JIOfyI1AHxJQMpouLQQ5XJfRW/NTZJqV4cXIx1HnJLs9+HKyKcOO5kOariOChrDXkczyHcRyNIwBY3NIEGyP6Cz56HbmySCi2SmpSv3Dm1skcv3WOSzjTzbX1LQJBNmAfgXQgUlzArIQi7S+Xz+D27PmGaqjlUW4obU7AylrTFHmsuacLqS/EBm0chKKXnWvQedsLujwru8YnTyJgWzNzXtzOnhLkUS+msozapSZEQqX3qMZvIFLTuLwPi6R2TZgWv/lvsIuk433hC5hngkEFH78WuWH+q9HHcmpVPFiMNhwzHmH+n5367inBeCZvWUzkQ3zI6TlaCWUhivsQosHRE2ArJocuuVxrYdsghRTYU/XgQsuuxavEgWijtBYd7L87b1Sbf1if0fk+SaVR9/dljZq6wGQ/9tP2CM1/CzruClJ/vl8w6tHHudk3W/g5z5wIYoe7Lj4Fm/nLKxT3u4Vw+16jhW4jZiDuZpy3Wm2zAMTAwYKY94keOALkILzJwkAETGlQ33LbATXb3SRqQ+T0xWdfVteb5HjMRgstCmDUnHYBJ9+c4+VkLiqYm9VcAPwKQ4kSAzglj8XxExaQeGH45kcPSlcUAlDQkIB3LCOGfJp0kl4U/QDphD779XVjGKwnxstAzmDH9eY7ufU2FajtRcgvHSLKh7+tdJPMYR50hOc+D4si27VMwD6nYLt09V8OrKKEhOh2t3YsGA8dupBfn99b9jFgvVqjcn/8LlfBjrGJusvJvzD5iucGWM0TKSXml+0XHS45W+Vfqe/gT9uNDu3hUgtuwlDJDzafGqSl1cFyWB3FkEZGyQ09YMEEnptOcmdh4T5/X0krGv1JUSqTLirXlG07t/a89I2DjMIOXx9qkXdzCypOptfVUfZP6eOguKKtzpPgBu/kajvL8GdQzPpRjDk2xtHC82jGpnFpJwzZ2ztCvc9FNrC8srd+jI9q/yxtKmAFtWzAMFU+RsRWaOvJYdnnoj0qDTrM+FhhC+lhEBSXXKHlaisEqwCXwzEZFrQdXfORFtX94+/agO8whNLG30Bu9QNfJkhKgV0jdVB8iDea5d1BkgXkKSm+fwyx3eItBRZqmppGZQfwjWadChe+ELqKZjdaWjEvBDRh/AZvcPp3g1KRHR45i7NuGkn4alCOZrU+q0EwWNHvSGVCzEiOeGp
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_4BC2C6B7-1075-DB4A-B22B-D330CE8BA832_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 059f9db7-b3ec-4f32-068c-08dd7c7efbce
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2025 00:38:18.8657 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BNAP110MB1949
X-Proofpoint-ORIG-GUID: cYPuzZqxD6nGQTq_etF6fPP83BkSx5to
X-Proofpoint-GUID: cYPuzZqxD6nGQTq_etF6fPP83BkSx5to
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-15_09,2025-04-15_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 bulkscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504160003
Message-ID-Hash: 5WDOT7OVGQ5IQU27THQUHQZDDDX5BT3Q
X-Message-ID-Hash: 5WDOT7OVGQ5IQU27THQUHQZDDDX5BT3Q
X-MailFrom: prvs=8201e787f1=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7-xJZc_mFQWDyhADwQwc_SD7_6E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Combining posts from two people into one answer. 

On 16/04/2025 00:02, Benjamin Kaduk wrote:
> 
> I can see a case being made that this draft does improve the deployability of
> TLS if we start with a baseline of draft-ietf-tls-ecdhe-mlkem and note that
> that mechanism is not deployable in some environments (I guess, ones with some
> kind of strict FIPS-only requirement, though I'm not conversant in the details
> of such an environment).

A question (not necessarily for Ben): Are there any concrete/specific
environments that we know about that will need non-hybrid PQ KEMs for
reasons other than national regulatory reasons?



Yes. I.e., not only for regulatory reasons. Not to mention that it makes sense to me too, but who am I (that’s a rhetoric question – please don’t try to answer it 😃). 

If so, I'd like to understand more about why and don't (or have
forgotten:-). 

Because our experts evaluated all the relevant risks, and concluded that while in theory indeed 

Crypto_Strength(Hybrid) = max(Crypto_Strength(ECC), Crypto_Strength(ML_KEM)), 

in practical deployments there are other factors to consider. And we worry about things other than theoretical stuff on paper. 

I prefer to conclude my argument on this point, rather than diving into gory details. 


If not, then a) adoption of this draft really does require us to
figure out what we'll do when the next country's choices are
proposed, (which we've not) and b) I think does argue for pushing
this to the ISE rather than adopting. 

I strongly oppose this. 

Hey, I'm just working for Acme Logistics, a small consulting company.

😃 Likewise. 😃

v2.30.2 | Report a Bug | By Email | System Status