IETF Logo Mail Archive

[TLS] Deprecate NIST curves in hybrid key exchanges?

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Tue, 10 June 2025 08:29 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 46BF5330E36A for <tls@mail2.ietf.org>; Tue, 10 Jun 2025 01:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="VkVMCIYq"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="TG1md+5T"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIBa3yYIJggA for <tls@mail2.ietf.org>; Tue, 10 Jun 2025 01:29:29 -0700 (PDT)
Received: from mail-edgeMUC221.fraunhofer.de (mail-edgemuc221.fraunhofer.de [192.102.154.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1A7DD330E362 for <tls@ietf.org>; Tue, 10 Jun 2025 01:29:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1749544169; x=1781080169; h=from:to:subject:date:message-id:mime-version; bh=HdmOfhpG1jghkWHC/VkQ4SeS/bo/r+RHl+Phw3n84NY=; b=VkVMCIYqctnGizq+BtVqRCd1BejIK2OB3yzeG5ejmF4+Iz/mIO+z86Jk A1ep+CSnmGg3rbvn46GSczlcqUA+WAlln6yb6eclCotvLQrj/12nk4/Tq J8dphqmZkHFx61QtyBnzVcqTiGtN7XE3NJjgezhQ95cWDhVTuPS7s3WR2 WZt1R3iQDfnLc61RLNVdysOnhgOqoy3vW49gGtehhlyJn8trh9iVlFlqZ dqkqDEJ+k5PID6ziDhsvBHVPMQWvdKbJLRYKzZsInL+feGdlnpSOPS0Rt BSo5GCONCaJWsxkqUOUGQRJu4wHwW2CzzxT8TGpaA+dknSQMq6TS7L8Al w==;
X-CSE-ConnectionGUID: exDgabkVRQ+07DzeyROLvQ==
X-CSE-MsgGUID: QIY1kU4xSDG6FwZEPG0bUw==
Authentication-Results: mail-edgeMUC221.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-IPAS-Result: A2FaAwCH7Edo/xoBYJlaHgE8DAILgWiCREABPy6BN4RVkXGCQAGaLYErgSUDLikIBwEBAQEBAQEBAQQDAQE0HQQBAQMBA5BoJzQJDgEBAQEDAQEBAQECBQEBAQEBAQEBAQEBCwEBBgECAQEBBAkCgR2FNUYBDIQCBXQwAgEBAQEBAQEBAQEBAR0CDyYMKgEgBCQdAQEsDAQNAUoCBC8nBCGCdYIjBBIDDhISFAauYIEygQGCDAEBBoJo2EEYgkAHCQkBgT+BWIIlgQaDTQGBWxKDDIErhktDgRU1gkSDOYVUgmmCERdEPhSgfoFmA1ksAVUTFwsHBYFjAyo0FRxuMh2CDYUZghKLCIRJK0+FIUxag18kcg8HGkADC209NxQbljMSIYEHgT6DaW51gTgEJQEBGwwPApMSnjqVFgMEA4I1gWaGXYMzgg2VUDOEBIFXizaGSJIiZpkEIo1llX6FCAIEAgQFAhAIgWiCFnFPgmcJSRkPkiEztyR4AjoCBwsBAQMJkhYBAQ
IronPort-PHdr: A9a23:oA56/R3xKOu0CC6lsmDO+wUyDhhOgF2JFhBAs8lvgudUaa3m5JTrZ hGBtr1m2UXEWYzL5v4DkefSurDtVT9lg96N5X4YeYFKVxgLhN9QmAolAcWfDlb8IuKsZCs/T 4xZAURo+3ywLU9PQoPwfVTPpH214zMIXxL5MAt+POPuHYDOys+w0rPXmdXTNitSgz/vTbpuI UeNsA/Tu8IK065vMb04xRaMg1caUONQ2W5uORevjg7xtOKR2bMmzSlKoPMm8ZxwFIDBOokoR rxRCjsrdls44sHmrzDvZguC7XhPNwdemBodIwTAyx/6RriosCT6tdVd826kPvSqdr0PHj6lq L0ocj/syx8HKGU/oD3xu5kj6cATqkediEV6z82JXIaYG8RfUZjaf+wgYWtvXeJXd29hMN6cR JMpVtgcI+kF9c7irUMjvyGuVACuDfPOwDoYnVDuwYQwlMYQQCH5/xQgGOMu4HT+kc3VBqU1S NqJzKXw9z//VMlY2xTt2K/LW0wK+/OTBZ1Sdfr/kmUOOh2ej3qtu4XvZwqH7rhKuE2i8eZnb MeBgE4VpCp3rAmG5vhriNPDmogS2kDnxARrmLloCNbtGwZrJN++F51IsDuGcpF7Wd4mXzRws T0hmdXu2La+dSkOjZkryBP6VtfdKdHO7AjqSeCRJjl1njRpdeH3ixWz9B24w/bnHomv0VlMp zZYiNSEqH0X1hLS58TGAvtw90usw3COgijd8OhZJ0Azm6fBbZknx787jJ0ItkrfWCTxnS3L
X-Talos-CUID: 9a23:OIMUUGDi7+XPDrb6EyR32EEdEMMbSESelCj8MUKpM0FNVoTAHA==
X-Talos-MUID: 9a23:xNcFLAi02DO/m3Pxm5NU3MMpDeZZuqeTVFA2vbpYlda2GBRfYz2gk2Hi
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.16,224,1744063200"; d="p7s'346?scan'346,208,346";a="10485277"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeMUC221.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 10 Jun 2025 10:29:26 +0200
X-CSE-ConnectionGUID: XPP6xmdBSRugJlWYSyXAZw==
X-CSE-MsgGUID: ZdNxEDrDRFujXuojt7lmTg==
IronPort-SDR: 6847ece5_1k6Ny2FJBsYcsGDCUdxjWwdWNV+MngGcKIRr4FCQmOzKBFE Kbq0Q26f/0GCVBskvT4u2rsz8oMHqZVR00/OCdQ==
X-IPAS-Result: A0B5AACH7Edo/3+zYZlaHQEBAQEJARIBBQUBSRyBGggBCwGBcVIHOQFtLoEJhFSDTAOETV+GVQGCIDsBnDKBK4ElA1cPAQMBAQEBAQQDAQFRBAEBkGwCJzQJDgECAQECAQEBAQMCAwEBAQEBAQEBAQEBCwEBBQEBAQIBAQYFgQ4ThXsBDIZcBBMRHQEBFBgMBA0BSgIELwcgBCEUgmGCIwQSAw4SEgICAqIMAYFAAoslgTKBAYIMAQEGBASCYNhBGIJABwkJAYE/AYFXgiWBBoNNAYFbEoMMgSuGS0OBFTWCRIkNgmmCERdEPhSgfoFmA1ksAVUTFwsHBYFjAyo0FRxuMh2CDYUZghKLCIRJK0+FIUxag18kcg8HGkADC209NxQbljMSIYEHgT6DaW51gTgEJQEBGwwPApMSnjqVFgMEA4I1gWaGXYMzl10zhASNDYZIkiJmmQQio2OFCAIEAgQFAhABAQaBaDyBWXFPgmdPAxkPjiGEALdXRTM8AgcLAQEDCZIUAQE
IronPort-PHdr: A9a23:hBCohBx3NTttAHjXCzKQy1BlVkEcU8jcIFtMudIu3qhVe+G4/524Y RKMrf44llLNVJXW57Vehu7fo63sCgliqZrUvmoLbZpMUBEIk4MRmQkhC9SCEkr1MLjhaClpV N8XT1Jh8nqnNlIPXcjkbkDUonq84CRXHRP6NAFvIf/yFJKXhMOyhIXQs52GTR9PgWiRaK9/f i6rpwfcvdVEpIZ5Ma8+x17ojiljfOJKyGV0YG6Chxuuw+aV0dtd/j5LuvUnpf4FdJ6/UrQzT bVeAzljCG0z6MDxnDXoTQaE5Sh5MC0ckk9oDw3i4hHicc7zvSv5icpWnxeZBJHNQItzUzPl9 eRRaBursCcYbDhprEfm358V7upR9S6O/hlzgNPoZ4y6CttRRaTfQuk+RERCesBxFAxzX6OXd 61WPfcfMrsC6Jb3v3YclwvvDAulFMLlz29TqWfq9Kd98dVwMT7lxAwnLvJesF7ptPXHNoALa 9y1wJHyxwn4Vf1U+ifNz4vhLjt7o+7UcpB0QeSK5WgCCVjEoWiCoIa9BiGtiqMGllGF4+1Zc Mykq1wogAd/kxGP+YAu0IPVjIUF2nP11Dch/9sYLojrAF4+YMSjFoNXrT3fLYZtX8c+Fnlho z1polVnkZuyfSxPzYgu5DeFNbqJaYGV5BLkWuuLZzt11zppe7O60g676lPoivb9Wc+9zEtQo 2Jbn8PNuHEA212b6sWORvZnuEb08TiV3h3V6uZKLFpykqzeKpU7xaU3mIZVukPGdhI=
IronPort-Data: A9a23:oEuA0qKPW3qmbyTNFE+R5ZAlxSXFcZb7ZxGr2PjKsXjdYENShDVRn 2YWCjuDOPncMTDzctogb4jl/EsG7ZWDm99nGwQd+CA2RRqmiyZq6fd1jqvUF3nPRiEWZBs/t 63yUvGZcoZsCCaa/k78WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2+aEuvDnRVrT0 T/Oi5eHYgL9hWcsajt8B5+r8XuDgtyi4Fv0gXRjPZinjHeG/1EJAZQWI72GLneQauF8Au6gS u/f+6qy92Xf8g1FIovNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ajs7XAMEhhXJ/0F1lqTzTJ OJl7vRcQS9xVkHFdX90vxNwS0mSNoUekFPLzOTWXcG7lyX7n3XQL/pGPHkOY50d9sxMO3xB1 /gnGQscXjmxmLfjqF67YrEEasULN8z3JMUSqnpgiz/DBOsgQZfNTr+M6dIwMDUY350VW6eBI ZNGOHw2Nkuojx5nYj/7DLoinOCtj2K5eTBcrF+frLcyy2HS1wF6lrb3OcfTetuESN8TkkvwS mfupTiiX0lEa4L3JTytwH6KlsLjhw/Bdp8QJKC/9OI1hFivyTlGYPERfR7hyRWjsWaiX8l3K kEI9Gwpt6dayaCwZoCgBFjp/zvd4U9ZAoAPVfM/rgrLxLDd/gCZAWYJVHhNZbTKqfMLeNDj7 XfQ9/vBCyZmrbuVTnyQ7PGTqzazMjISNmgMeWkPSg5t3jUpiNtbYsvnF448QPyGnZfuFCvuw juHiiE7iv9BxYQIzqi3txSPyT6lupGDHEZ/6xT1T1CVyFpzRLekQIi0tnndz/JLd7iCQne74 XMrpsm57cI1N6+rqhCjeus3IeyW1663CwGE2V9LNLs9xgup4E+mLNxx4ikhBUJHMfQkWD7OY W2LsCwA+K5jGWabaJFsaa2PCvUa87TZOvr9XarqbP5LUIlARDGa9Q4/YHyg/n3fv3UttYodO p6rV9mmIlhHKKZgzRuwH/w8151yzA8A5Grjf7LJ5DX57qivP1uuVqYjDFuCSssb/ZG0ilzZ3 PgHPvTb1igFdvP1Zxfm1LI6LHcIHCAdPo/3ockGTdyzCFNqN095AsCA3I57XZJumplUseL6/ nudfEt843injF3lLTS6UFxSWInNb71e801iZTcNOGy20UcNeYystacTV6UmdIkdqdBM86RGc OknSe6hXNJ0VTX1yxYMZ8LcratjViiRqyCgAi6HWAU7LrlcH1Hn29m8ZQb+1jg8Pgzuv+sEn rCQ/Af6Q50CegdcMPjreM+fl1OfgVVNmcZZfVf5Hd1ISUC9rKloM3PQi9E0EeEtKDLC5CmQ5 zyJJRIm+diXrJIH9vvJiZ/ZqI3zIe91HxdZLVL69pezDzHRpUC48L9DUcGJXDHTb3z186Ocf tdoz+nwHfkEvVRSuax+GKZP4YNnwPW3vJ5c7ABvPEuTXmSRErk6f0W3h5hehJNC1ppymFWQW HvW3vJ4JL/QGsfuMGBJFTofdu7ZiM0lwGjD388Ufnf/yjR8poeccENoOBKJtixRAZ11PK4hw sYjoMQm0BO+uDV7Lue5ij1oyErUIkwiS6kHsrQoML3vgCcvyXBAZsX4IQ3y65etdd5NExcLJ hm5uan8vIlfl3HyKycLKXvw3ORmlcsvvjJOxwQ8PFinoIfOqcI2+xxzyg4JaDpp4C9J6M9JA VgzBXZJff2P2xxKmPl8W3udHlAdJR+BpW305Vg7tEzYaEiKDmXifXEMCcOQzUUn6GhzQDlqz I+E8UnLST2wQsPV2xkjaH5btvXMHNlDxizfqu+aHuCuPZozURz6iICAOEsKrBreBP0qjmL5p NhawvpUQofGPAFBv5wLLoiU7qsRQxa6P15/Qelt0acKPGPEchew0iiqB2HoXe0VPN3M00uzK /I2F/J1Tx7kiRq/9GEKN5ADM5pfvaAP5uNbXpjJOGRfkb+UjgQxgaLq7iKk2VMaGYR/o/0cd LHUWSmJSFGLpH1unGTIkslIF0y4bfQAZyz+xOqFy/oIJb1SrNBTdVwO7ZXss0W3KAdH+zemj DHHbYLSzM1gzt1ItKnoGaNhGQ61CI3SUMKlzQONiOlNPOj/aZr2iwAoq1fZZlUcefNbXtlsj r2CveLmxE6P7v58T2ndnILHDKVTo9m7WO1MKM/sMX1Ghm24VdTx5wcYsXWNQXCTfAixOuH8L +dgVPaNSA==
IronPort-HdrOrdr: A9a23:oj3xHKipxEH2Me+S7S5u6SiTA3BQX0t13DAbv31ZSRFFG/FwyP rAoB1L73PJYWgqNU3IwerwQJVoMkmsjqKdgLNhdItKOTOJhILGFvAF0WKP+UyCJ8SczJ8U6U 4DSdkGNDSYNzET5qyagDVQe+xQguVvm5rY4Ns2uk0dKj2CHJsQizuRZDzrcHFedU1jP94UBZ Cc7s1Iq36LYnIMdPm2AXEDQqzqu8DLvIiOW29MOzcXrC21yR+44r/zFBaVmj0EVSlU/Lsk+W /Z1yTk+6SYte2hwBO07R6Y030Woqqt9jJwPr3CtiEnEESjtu9uXvUhZ1S2hkF4nAho0idrrD CDmWZiAy050QKqQoj8m2qR5+Cn6kdq15aq8y7lvVLz5cP+Xz40EMxHmMZQdQbY8VMpuJVm3L tMxH/xjesiMfrsplWO2zHzbWAeqmOk5X451eIDhX1WVoUTLLdXsIwE5UtQVJMNBjjz5owrGP RnSJi03ochTXqKK3TC+mV/yt2lWXo+Wh+AX0gZo8SQlzxbhmpwwUcUzNEW2n0A6JU+QZ9Z4P msCNUeqJheCssNKa5tDuYIRsW6TmTLXBLXKWqXZU/qEakWUki92KIfII9FlN1CVKZ4vafawq 6xL2+wnVRCBX7TNQ==
X-Talos-CUID: 9a23:WKZxi2z63JBNE6f9w3FNBgUkIvh7YnjR5kzqPkCaDVlYc6ylYG2PrfY=
X-Talos-MUID: 9a23:U9kvIAYQhPKgd+BThTPKlBxOLutSzbmsOF0Kk4lZv8y4Onkl
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.16,224,1744063200"; d="p7s'346?scan'346,208,346";a="24350676"
Received: from 153-97-179-127.vm.c.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaKA26.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jun 2025 10:29:25 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-03.ads.fraunhofer.de (10.225.9.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Tue, 10 Jun 2025 10:29:25 +0200
Received: from BEUP281CU002.outbound.protection.outlook.com (40.93.77.2) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11 via Frontend Transport; Tue, 10 Jun 2025 10:29:25 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ee/JfkOItutBWyBMSowBFGGJoxu+yBbH2wqssrkKziJLMspxz+GGfiG3hmMxqB6ngR1eGa5CHySaMjsDVJ3Yfe8bS6saaRH89bErhyasAlpKQu1r4i81NLek8e49izTsKJV6xuyIzf1vVcQRea2/30e1Edq7EuKHodPowsoH49k5OBijAjsU2yQ1w3yiY/GyI3auAWbJBZ2SpFryqpUuR04gxDMCRjQkMDc5lqb1Ebn6u+h0nl8+VCIECoWoJsopJedpH8RnGV2NIsDygfWn9i8KdyOOAhfDDSgOM4js1h/LJ1QmG+yRwnhXP5dWXS6M3sET+otDK1I+uxfmQQE4VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HdmOfhpG1jghkWHC/VkQ4SeS/bo/r+RHl+Phw3n84NY=; b=P5XLN8/V0sNf2OxVxmAk0AW3HJBOhL7DOnjl0Zmr+Qasqn6WQy/Drkc6e+k3xz2equy36ldVwMJpGF/trj12YR9MlsfJcyqguiUF34flCKqBk2Ccm2bsikjB3ftb4nJ5oP5qy0qg8lJjWxpLRnruEty1kZvIys2J5yYXyV2vqTqpMEM7LXFc8XdCqCJIS5hRWtxps1Y5gvVwwEnFYE/NG48KgwPyBErprlCf/wSybgf6dh/Ey/OzeKVmaztLl6wIhXkS40//eDf5IkDfgzVP2Oh/IhizD0Mf4sCmY+szhc4OR8+8d1OVQAo+TODJe0DVfEg3LVFL1K46EqvABhiNVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HdmOfhpG1jghkWHC/VkQ4SeS/bo/r+RHl+Phw3n84NY=; b=TG1md+5ToeGVIGSojWRLiFkLnH+HZ5HCpN1Zuvg52/wbpEzRx9ajaxIbm8sGptAb/JY9HWKphoYH8hBUpHZjOqRThdPRbTSRfjKxXOkA4C2jw0GJlXF3DIEv3iGUzab0QzP4/cMQvdoQMFcHZgCnfYAHW/j2btboxxKYIz0W5Ec=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by FR6P281MB4961.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:175::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8813.30; Tue, 10 Jun 2025 08:29:24 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::b42c:81ce:43c2:c309]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::b42c:81ce:43c2:c309%6]) with mapi id 15.20.8813.024; Tue, 10 Jun 2025 08:29:17 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Deprecate NIST curves in hybrid key exchanges?
Thread-Index: AQHb2eHBFqEtZYswX0mdpN86boyiTQ==
Date: Tue, 10 Jun 2025 08:29:17 +0000
Message-ID: <1195532cc0ad36ed049a209b6009ce0ee2469b80.camel@aisec.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|FR6P281MB4961:EE_
x-ms-office365-filtering-correlation-id: 66cef681-17cf-4856-12e3-08dda7f8e437
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|4053099003|38070700018;
x-microsoft-antispam-message-info: iRXh4cA5y0OSj1iaYVyfNC6UCEGzWfok3MZZobQpVxyfFnChe76/nxtOwMPUESbfje2UscuK1GKQT0Nte5gugD19a3fvPunQNsuUq27GLw/Z/WGqvB5qAis/gJNkXb0BnzMAQ9VepKE4aZMTx32I60IId5xc0y4IyOZayKhXyzjE9JFVTELEbFnNdaTSkDm2OPdC+QNNA70TSnCM5vyZ8+2qznGlGJTQmtXBlY0UHGvzidPBPkxuDkcVtyfzp5GdXmbRzbJtq0tni4QPIXU1qCOYArg07vwBCizkCVwOK4aIv1xoa3FuLSAnL2l2F2VO67Fr3txe/PPZCri9kn/xg0dCKq9i7divhxT8VgFB56UZi+gFYwNEAniIuHnm6t3/I24Qbmm3dNn/j6MK35zYIhTX5WhkB1mwg54fPMJKG/8czM3yRjXASbLM/kSOHdw1ULPwXYBqYUF9ks5+sU4mln4hKDKpm4ARz5FptXN0N9QKlDtbjRzLmtVWsiCqBtgCz/oNdT4I5DI9WHFhGOeyBlKndXmWOAFDfxf5/YKaLwQvGwYTL3xxQrFCmomDCU9ycoq2fFyMEefd/LzxMDM3zWeu2cKUnDau/KYgC7TyCH0W4i3TRb/02Cj9T4lWH78QIe3IZQddn513uKHxxAje+LP2/F+9p1MONYeS9lADuTrxUfiPsO/6PMSKJqfKYgEmkI3EZzjrhD7nhT2fkP2DdrDn5cGuBqvP5UBMFwXOtLqnw2gP5pSoLgGyfoE+5PcMnh7OXJTaS9ElmsK6Xt1PBQikDndHSwjsute/iDjBCYBEpfcZ5+a++DmRTUka5YF0M6ju9dIPMPNx098RX1PTTpkgaFlhaCXF1XP87144RFo/dkPa/KiupQeTpYmsPysIxaCJqkoEXCiUF3qPt2e9UzWM7uk3bNZoemYnS0ZvVRsaBHQ3SVSm+TLT1m+okDLXDO0IkpFPYYvduDgyu7zBh4gZEwd9YPTSyi9IvaGiw7LC52pkxUwkgamKkBwSuMq302Orzqkn9w9UrGiJkpvCK1hGw91r7R/XSQPXpBH/0rBev8k2Z4XEi2ENY01DlRoYZzFwNZNwAU+hvC791lVfjbdzfss/dAKvoMtFcA42nLZ6DUqCyN8JGOkOKlGjUxpveYRBQ89Eedpp/uVmCZYRjnCoPqzvDIipvjV4h0Hca79htmo4FGphZUZZAVy12LYMoH7u/lFw3Wo5WIF+KJki5rOI/6G7os4p9hDLb6uLmbPXqrAewqazBTq9F59mCFdRK+qBDd/j7oNmGDakmEPHT3QD6rWI5xxhl85SQBiIX07MK7otn0ktsSah3id33Zcyhj2QdM5LSJf+weaxsUCMMwG97ZePN27iB8PG6BS3SqzVuOrABmQT2s5llmxcaupG8zPukJK0Ueqgu6D7SSKAfl5eW/FPhvyDDvc1bB17L9xicNhsz4jCTYQ7mWiTHK3tBGNYpDHYn24jwByJiVDyN/45d2skbT+26VuYPD+Zs00=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(4053099003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JKArPkPgSVi2TUXAykAosu/wEYF6mvaNSGSM8eYvUNPruDNPkg1VnIY6Zq7eAnk64VX58KyLs8GqGpaOCyQfZOmBYmkVB5TInAPcVFoLE4Z/JU4O9nYUt/pZCrigbfHK0FemxVn0Sw9ZkyVjGIhOwZDHuErMrlEph8CHHq6Ncynk7z0WVJuA7yAnj4qcKKYpRCCIT+V1H/n+KVv6L7hFT4XVWafCga2jOZmj09yF5oftnhTOn1fSO8g5r+uv7SpIbg9tQeONbb1tLkpYZYYuQiysqv8dd0RAwlPY0xQMpfp202/SmONCa/m8PUUIK9Fh83ILjma+U43EMZ43Wl3NRmgy7nsROsMt9t3c+FqqCh4wYSTu5QTGFtXTwwLx9wxUL/qWp16ZFNhn/lFMpZxjtEUrno3PzcuFtv0ec0FXq2f3ne6KFe/2C+HdhA5vBocMSR/qJItv9uIP69S4F6EMfdU58z5Q+MSJP20y8sjO0Wn2ErCIQR/9U0gszjf0TZIIt5AvM8hUsniKR5BNoIqVk+4PDSoQqM6NnQLJuAEH/69p+hdppKsDBZEldOJSUOmdPVlUZw4M6yf/Ctek+QunqwRniEIhUnQcctahxxMyJhny/1DxDdQjO9PC6cvxOPfNHSJQk5Fn3gKkR5AqI39GjPZ2K2XIUdUkJplKhfTAECCpELopBxXhQes/rnTTlyM8MLpxf8dnOhQXEtVKMQftd7xiad5H0pxoz3dHZioE1WE8Bs1pZ6IM77RhzbG/gpLyngKxnZZFBZNqsW6WXdpEHpehL9oqiNWfjMTyKXzQMt0kzGdiPHs1czdvPNlGPuqXjBLjQs4WOYu8kl+87aBrfPpQj7RnSNlRRx4LBicBRf1D30jk633RVZ2xlU/CB7Bt5rRtuFrqiFGKZiA3S2otRsFtWG4ss75ybcBY/J/P1sT/Ic50/A0Uwpj5gVhboWUaz0j8b89ZCXhJo2qZJK5JTw/zUvI3gN1EWJtM/FQEOfyfirAyKeYcmS8BWUpu62tzc1KEqAYFM9ZuOWanzjTgJDDut9XPC7C4TdRtAOL0lret1PBq2trNCejs9QEZe5Wl+HtLvxHjoJTcAcOZVfAfj+QzoKP285TkK+W2J8q4CJZHArO1kB/AA460LWNowIke0CjkQRm0x23OxWFNZT6tNeu4KT+W4YY3HmSmy7EcUh1qXWrUdhkHy4zKu3Ju8M9ozhESpHrzhzUHcHUGHt2uUigs8pjD0BJhU4hMjngVrSsl/om/6RYSZromyL/nLIGMHj9PjnMhCJI5AO6cqagS1CyneVJkx/pNSL19e1FXf2wuaATIq+iMWMRrUNswFABCdNxJXhQuWUf7YbyQ+G4ZF+n4XXaa1RP94MF/aKj6iMRoHGuzUuFsGpGwjJMrOgCEerFSA4v9kIrh+AdMJkvVjdSmTedL0hRU45aInH0yYn2B3iRa5cxBmyE2THidfHQf7gFBAJTnWe517NfIazkSZemXaR88y4II5yQcopGhPH17i8gcA8CZ1tgNZOG1mETojrv4RJzuHwS3szZq/YcUuzXpodtnlPm4oW//OKX8u/HC289D5F9o5LzNHuS04NSDU4YejBcF0V00Ld4A4IKiXmxdksb441OsSA9n3NckxC4=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-40Pr2Hf8djfK2CnGXaKs"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 66cef681-17cf-4856-12e3-08dda7f8e437
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2025 08:29:17.8509 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yNPWccD16pq3c+++v27W5pP2neTgNI0IO9ia/mTFv/XR35fuatDeSGGrBytoc4j9MM0AsfqcR1dGxDjOwRnyGO4lWIlwfGHgZ8p2Bu47NlExAX80JvXg263fMoNmr82C
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR6P281MB4961
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: RUGADPGEM4NQ2DYFAQF57DV6ZEXJEMOO
X-Message-ID-Hash: RUGADPGEM4NQ2DYFAQF57DV6ZEXJEMOO
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Deprecate NIST curves in hybrid key exchanges?
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DfuuMzUU5PN2XOJubl2jNJzxNoE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi everyone,

I have a question about draft-ietf-tls-ecdhe-mlkem. Some context:

ECDHE can be performed over any suitable elliptic curve, and different curves have different tradeoffs.
Focusing on KEX mentioned in RFC8446, Section 9, the (MUST support) P-256 provides benefits in terms of compliance with government regulations in the US, while the (much younger) curves in RFC 7748 are designed to circumvent some of the flaws discovered with P-256 deployments. It made sense to specify both of them, I think.

The picture is different when looking at ML-KEM (and other PQ) hybrids. If I understand correctly, FIPS-compliance only requires one of the KEX algorithms to be approved, so the draft states:

> All constructions aim to provide a FIPS-approved key-establishment scheme (as per [SP56C]).

At the same time there are regular concerns on this mailing list about the dangers of hybrids. Specifically, these usually relate to the amount of code in a TLS-enabled application, and possible security issues within these implementations.

This begs the question: Why are there several different curves used in the hybrids?
More specifically, given the low amount of code required to support ECDHE on X25519 [1], why would we require applications to implement other curves as well, long term?

The draft says about SecP256r1MLKEM768:

> The goal of this group is to support a use case that requires both shared secrets to be generated by FIPS-approved mechanisms.

Can someone please point me at the details of this use case, so that I can better understand the tradeoff?

Thanks to everyone in advance!

-- TBB

[1] Essentially the very easy field addition, multiplication, and inversion, and the montgomery ladder for the actual curve multiplication, plus some code for generating randomness and setting five bits, all of which are easily checked for correctness and at least memory safety.

v2.31.3 | Report a Bug | By Email | System Status