[TLS] Re: I-D Action: draft-ietf-tls-ecdhe-mlkem-04.txt

David Benjamin <davidben@chromium.org> Mon, 09 February 2026 21:57 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 08AA5B45C771 for <tls@mail2.ietf.org>; Mon, 9 Feb 2026 13:57:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -9.499
X-Spam-Level:
X-Spam-Status: No, score=-9.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZhhI3XaYDC7O for <tls@mail2.ietf.org>; Mon, 9 Feb 2026 13:57:26 -0800 (PST)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8D613B45C76A for <tls@ietf.org>; Mon, 9 Feb 2026 13:57:26 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-65939428896so7325351a12.1 for <tls@ietf.org>; Mon, 09 Feb 2026 13:57:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1770674245; cv=none; d=google.com; s=arc-20240605; b=bd8FkCxOkRyinT9XdOdpSnMwfX5XrJG9ffEpogrxkze2HfgFB8g46WViGrdz+OsdbU Bmzr8fTmogDnIrYpROQX1js+9p7Yf1q1+7cowVozYVle812FGc7ImDuXi2gmgyG5+5VS Ryk/UXJkGkPXIWkJ81i0tpGEzl0MpLe4HtaugSTujBvrllwfCSl4BMFwMXKls4z6XUTN e+mOitozb0KOQjbvKHfYqzoHpqVfvK7/38B1WiCJ+grHIuR9ESxKHQHI6PYop73HEY1g XLhRej3SdWOTBk+oGUIV1r3+lC7suBUP2QQxqyqPJdXYYb69eOF276u/zYF0S+JYXaGz v4yA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=UKTuz4YBJ5us07eI/jTND82Rcygi3ZO+XN0VJAXDaik=; fh=CxbMlPEFK3oppYkZ6C7SGteN7DrjVHAzX5arYxAJjhg=; b=M6WgVxWcYQiATr+QRvgyVE9kM1b/1eTJlHot6js/Q3ghtdFEYEyCuonP5Lf1gdTAJr fZ7bAqm0tgsRQGeRRhcZSWZH2mFzJzEFkiVd6M4lorzSOPZ7IoXHGhszjp3KaPRGVrXN Ye/JtuLP0oYCqXj/FPTwWo7jtyI8nKjXtXoCzbgI1HTHL771yVDQCGJFlOENau9iNZlE ugcj7/bJ4YMDnQ5hS6TfNWf2784LJ3gdaX60axnYzOVoWTpAnSdlCsyQ4VCSMqW0yNoC 9g07Q098WKXo+5qjggWfv2E6X8j9XxUioUSCbukWV7fzwPcDp4x8pK5M+hyyjrMPAC87 uaXw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1770674245; x=1771279045; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UKTuz4YBJ5us07eI/jTND82Rcygi3ZO+XN0VJAXDaik=; b=MWGvcLWvYusw3PGPycDIF5JmXVIdMOPwrEs6shtQO3XKjKt0Gq3sSS6Talj5Uvq6X8 xlPtmD3uxzL96A3/xRiX8x+/FmwRX54EjSVDUmLrugsK4V3lUkKs+05gCWv8ha6WkVMo lnInyrUgaP2dkr8mJVeBc95EvxRm9Mi+/HS1M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770674245; x=1771279045; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UKTuz4YBJ5us07eI/jTND82Rcygi3ZO+XN0VJAXDaik=; b=tezqj3bDLbembFdu2yjNIPKsOtg3qgI308WVpl7PXNkFTyP7waRnexpsgBsPY5PL5h wavRW12kO9w/6FEwZGSo9Dzr0Rex4/grHeSBZmiFneNanvlUpr3r6anFIMn/w2qa9WQ5 Gb9THFc6Zwos6YnnwBNZlkU7v79FnAky/9wJFhG/A1uOrTYj8VgDv7q6uzPxQGISDjfI XAbzzWIf63vwEcoXm0O8+Z0iV5eVnrb/9W6SYsex5NKEcFx7PzvOVpMYyi37W+OHGHVQ XOZBGIFjpeU9PZh1WimjfOZreEeYnGK8eBK06DwJs6NtiAKULZxrjH1gUrTEnt0kRHsW 3ckA==
X-Forwarded-Encrypted: i=1; AJvYcCUi0goUaqUFOUTYjh3ByZfIS747w0+80WPXgY37I+jP3S+wcecGp2u6QqcSxhuJPBAehxs=@ietf.org
X-Gm-Message-State: AOJu0YyoSQITuYUMWUOB83AycpTCbxvYCAQNhEreakifmAf9yUteZ/ib 6PMGrB2z57kIou8Qci//KJ2Og/E6JUT9TaNBHiygy9iqt6+uF9eBv96RnhDAptQdmvZXAyGX0Mw 1a27vEhucBDcKNswU2nnmnSBtG4pScglPkGFKHnQ=
X-Gm-Gg: AZuq6aJRGKh5m62j1AiG+/4b+LwGhCS8cX5j1L7PwZhSehFq7Pb1Tv7rqjZbFzhJVPM tl//y6ROTAuEavaR7KQpDpx2mXpxz5+Tob7fD7HDl8vEBHBjG7aD4Zq5t7ncPxls7S+z7ZSbljM p3zfF+aQvB3zOigdDiBr+as9JlPSEgbVCzYI6QDFdPX2tFfQ81nnvHstq/yQCGRhlqB7+ZrQHsc 5ojD/CMfebIFnQu0Y3gfOoltShm3MOm0kfrhs7gly80qgfBgu6YM/KgBosc/kotB95r3cMz5NHJ x/RuQNHxMkToQA3PMO24wLZbDg==
X-Received: by 2002:a17:906:730b:b0:b7f:f862:df26 with SMTP id a640c23a62f3a-b8edf1a5a63mr710226066b.14.1770674245267; Mon, 09 Feb 2026 13:57:25 -0800 (PST)
MIME-Version: 1.0
References: <177058741698.892703.1933141184642688349@dt-datatracker-6bcfd44575-g5gjh> <830d29b5-b97b-40e6-a0b2-9ff5cfaa9975@tu-dresden.de> <CAMjbhoXHZkZ5pxkfyMcqXs-e0OCNQQBfY35wStJSmpL7Uhii3Q@mail.gmail.com>
In-Reply-To: <CAMjbhoXHZkZ5pxkfyMcqXs-e0OCNQQBfY35wStJSmpL7Uhii3Q@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 09 Feb 2026 16:56:55 -0500
X-Gm-Features: AZwV_QgStWzcSU150Sd689QThx2zt31AfKaIXdGR9nMEfolU5bQrbMs_PPUETNk
Message-ID: <CAF8qwaDZh8XdHHb4HAEayEyf9bX1igR8a3Dr51a90k8ZP0aFfg@mail.gmail.com>
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000067d650064a6b3935"
Message-ID-Hash: HQ2WYLTUR7AR7AT3RJXAMZH7EQR4PG33
X-Message-ID-Hash: HQ2WYLTUR7AR7AT3RJXAMZH7EQR4PG33
X-MailFrom: davidben@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: I-D Action: draft-ietf-tls-ecdhe-mlkem-04.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CznkAzdKNh_dfb_HpYA-cwS34jM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Mon, Feb 9, 2026 at 5:22 AM Bas Westerbaan <bas=
40cloudflare.com@dmarc.ietf.org> wrote:

> On Mon, Feb 9, 2026 at 12:46 AM Muhammad Usama Sardar <
> muhammad_usama.sardar@tu-dresden.de> wrote:
>
>> Hi authors,
>>
>> Please accept my sincere apologize that it is too late in the process. I
>> tried to avoid all the PQ discussions for quite some time, but I think the
>> WG is giving repeated reminders that it is unavoidable. I am totally fine
>> if the following clarification requests cannot be accommodated in the
>> draft, but I would like to understand it anyway.
>>
>> Since RFC8446bis is in the publication queue, I was wondering if there is
>> some specific dependency on RFC8446 compared to RFC8446bis. In other words,
>> is there a good reason for using RFC8446 instead of RFC8446bis?
>>
>
> Not that I know of.
>

In general, section numbers may have changed, but I checked and all the
section numbers referenced in this document are the same in RFC8446bis.

Another question I have is about the following paragraph of security
>> considerations:
>>
>> > The same security considerations as those described in [hybrid] apply
>> to the approach used by this document. The security analysis relies
>> crucially on the TLS 1.3 message transcript, and one cannot assume a
>> similar hybridisation is secure in other protocols.
>>
>> Security considerations of [hybrid] talk about [GIACON], [BINDEL],
>> [FLUHRER], [LUCKY13], [RACCOON], and [AVIRAM]. So, when the above paragraph
>> says "The security analysis" in the paragraph, which one is intended?
>>
> [GIACON] has the main ideas, which are applied to TLS 1.3 in [BINDEL].
>
>> In general, is it the correct interpretation of the sentence: the
>> proposed hybridization may not apply even to closely related protocols like
>> EDHOC, and each protocol would require its own security analysis?
>>
> From a quick look I see EDHOC has a message transcript for which this
> approach is certainly fine, but the devil is in the details.
>
> Best,
>
>  Bas
>
>
>> Thanks.
>>
>> -Usama
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
>>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>