IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Eric Rescorla <ekr@rtfm.com> Wed, 26 February 2025 22:28 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0C6E12555B0 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 14:28:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opeVm3Y6aR-2 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 14:28:37 -0800 (PST)
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3C548255595 for <tls@ietf.org>; Wed, 26 Feb 2025 14:28:37 -0800 (PST)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-6f7031ea11cso3439137b3.2 for <tls@ietf.org>; Wed, 26 Feb 2025 14:28:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1740608917; x=1741213717; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gk0PuvcG8T0zAh6aoYICw7sTsNX13R5O4BGcSTrGdTw=; b=DDn8NgdC2Xmk+a+8OwxCayO1FcL9wS4dQfLuDYWtD6aBkhgi8hrJVGB5GfIjPdAWc3 Q0XcJYh6QGWY78Jwp6XJfvk0aA3v6v6XKhmZtBPp2L1GA9cqV/0G6wvrUtTyq4wBuyLp +C1kC2+QD7PEldW7oGYcIu1kDnLkJJZ0xtDG9MKfucZVFRhXX1dAaw1H6gKWuS18uZIW lzoaLX76JMVMs4EDfkOgpo4z9NtgBi0rXRI49ssTJM7KBYPP++xVOhOMH3I8O1bhftd9 byLmb0GZaMKxKBjGYv/ep6rS+an0oUhbNaVgwZv3FzopJzu4y6rxwNxw9uPoJhAL/s0c FBwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740608917; x=1741213717; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gk0PuvcG8T0zAh6aoYICw7sTsNX13R5O4BGcSTrGdTw=; b=I7kzC81ycYpZ0385Xmp9NOick8vlgkxUz/7PjoY1vbsj3kmoeC7/zMlOgO9p/84CAF vOeKG3EuwH2fx0SANWX4yr5InlxvZR2LbWpFILEAyPUPVwSrU21dNBDGd6CSIpUNZV0m rejgq3PMph6M/KyEB2d3RfITiX/Nhmy93bxPxnov2gBOIVFDSq3ghGZS/n7xfo0Wbw86 lyqh4J/O/Os1JBGrgRU1nyryp1Ze82AwvbXU0h05d7qlVw3FjIFOqyH6n5S6gGvO2CDA fA7ze0B3c4N+LLzLIOST6GdvijR6xfXRBwdAJnprhEqxJsn5wKErPRIrSbiezUrE1laa Si6g==
X-Forwarded-Encrypted: i=1; AJvYcCUnf4Xd6x+3Rg2QOCtPM9TCSgli+Jp+PJ+18qoVWpt/bIGcTtcppT4HvddIdF2j1UbS/Qk=@ietf.org
X-Gm-Message-State: AOJu0YxZ3J2UiWvttwimDrxm8SaxPcL8ErAXKDVdpBIQufq0manBY/J4 hKrqqpdVCAPm2fQatgzU3yZ7SKmmS4XQTpC9MF7Ev5wlcp9+Ws/nDoPUus8LREBHgQuvnaagpQT 6xRokoTQtGYjG6xS8ZMMLrIcw5HPi8R6m/7pGQg==
X-Gm-Gg: ASbGncsDkvKzcHW+O2bN6LvfmObCFMdqLDq467sIW6hYXsMDxxsN2SVEPvo/eeNnoWe 0jz0zSlPom8mXJe2i+F4+Lyb9o6QiFVReV/b/O4CfFR8rzSdc5pk+gy+vinJEqXUUucLSHgp6P6 +nyvB31HwYw9u/yg7TQEuNh4DcVk0m9PQRQ+jOt8wNuw==
X-Google-Smtp-Source: AGHT+IGpt6HstNqmfu6/wqPzhTbCojg/IAPzKsGIyobCWUOq2rv6sPqDxO5ZFRqvmA/DNLCsFVc4rlkehXnXPxeBaCM=
X-Received: by 2002:a05:690c:6888:b0:6f4:8207:c68d with SMTP id 00721157ae682-6fd21dd7d5emr51304647b3.3.1740608916688; Wed, 26 Feb 2025 14:28:36 -0800 (PST)
MIME-Version: 1.0
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net>
In-Reply-To: <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 26 Feb 2025 14:28:00 -0800
X-Gm-Features: AQ5f1JryhXpYIOOl_D_S0A53y0NvFwKO4IqbYQAheXBIJsMrfnszEo2E0HNzZ6k
Message-ID: <CABcZeBNybXsq5BTkKfJCiSR63BuhxVDYUoKG3angPOgLt4QOWg@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Content-Type: multipart/alternative; boundary="0000000000002c32ed062f13189f"
Message-ID-Hash: FXYFZ7OX3SN7PYLQKKILW6G7722OIAQI
X-Message-ID-Hash: FXYFZ7OX3SN7PYLQKKILW6G7722OIAQI
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CFXDr3tqMUaipB132ROPPlvMbO4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Speaking as someone who has often expressed the opinion that we don't need
an RFC because the code points have been assigned, I think that it's a good
thing to publish an RFC in this case.

More generally, I think the WG should publish a core set of specifications
which represent our recommendations for best practices, while making it
easy for others to register code points for other options. There seems to
be fairly broad consensus that this specification is in the direction we
recommend (it may be precisely what we want to recommend, but I'm leaving
room to be wrong), so we ought to adopt it.

-Ekr


On Wed, Feb 26, 2025 at 11:45 AM Christopher Wood <caw@heapingbits.net>
wrote:

> As I understand it, the purpose of this draft is to specify an
> interoperable key exchange mechanism that we can deploy. The draft already
> has code points allocated to it, and they exist in the registry
> <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>,
> so I wonder: what is the point of adopting this draft when the important
> work is already done? If it’s that some folks won’t implement it until
> there’s an RFC number assigned to it, well, that’s pretty silly. I support
> adoption if it helps this work get implemented more broadly, but I think
> it’s worth asking whether or not this is a good use of an already busy
> working group’s time.
>
> Best,
> Chris
>
> On Feb 26, 2025, at 1:26 PM, Sean Turner <sean@sn3rd.com> wrote:
>
> At IETF 121, the WG discussed “Post-Quantum Hybrid ECDHE-MLKEM Key
> Agreement for TLSv1.3”; see [0] and [1]. We also had some discussion in an
> information gathering thread; see [2]. We would like to now determine
> whether there is support to adopt this I-D. If you support adoption and are
> willing to review and contribute text, please send a message to the list.
> If you do not support adoption of this I-D, please send a message to the
> list and indicate why. This WG adoption call will close at 2359 UTC on 12
> March 2025.
>
> One special note: this adoption call has nothing to do with picking the
> mandatory-to-implement cipher suites in TLS.
>
> Thanks,
> Sean & Joe
>
> [0] Link to I-D:
> https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
> [1] Link to slides:
> https://datatracker.ietf.org/meeting/121/materials/slides-121-tls-post-quantum-hybrid-ecdhe-mlkem-key-agreement-for-tlsv13-00
> [2] Link to information gather thread:
> https://mailarchive.ietf.org/arch/msg/tls/yGZV5dBTcxHJhG-JtfaP6beTd68/
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.29.0 | Report a Bug | By Email | System Status