IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Benjamin Kaduk <bkaduk@akamai.com> Wed, 26 November 2025 19:34 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 91FDE9149BEF; Wed, 26 Nov 2025 11:34:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.54
X-Spam-Level:
X-Spam-Status: No, score=0.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5b7-c6esugSa; Wed, 26 Nov 2025 11:34:39 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 25EFB9149BE9; Wed, 26 Nov 2025 11:34:38 -0800 (PST)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.18.1.11/8.18.1.11) with ESMTP id 5AQEmM9w3141903; Wed, 26 Nov 2025 19:33:36 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=jan2016.eng; bh=TIxivpCEjEmf0H3OVg529SWZXzLID+qQBtjH4vpSAmU=; b=WJQWb0KjQEkF jDthwzZVuoCmA2F281rCHzJo96jKjAT3DUuJWWEI9awaOyKloitwYYP2bowH4/sJ YPnCVTbDeJOyw+Ua4JzbH27IgFiSx4fgTl0d/nHFWHoIvK2y5wZEXNSkDME/sIbs +1rLHtHaMkEv9WlCD5tVsMuku+cJfIEEK7LOGTOFBVVQ2ZWxf/OFe4VTi1Y2aBkJ hVeuDN56rT0YXSq/m3IJeXcOweXI5uI1MjwNZbcghcHwfikzZr88icLjruMSs7nN 3iuIMRYivT5mOi5679YZEvLw+FrF52KDl1K4FjvXS6/U2uj9fXo6VE8PVEHCe9Vm aK6CmvNoyQ==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050096.ppops.net-00190b01. (PPS) with ESMTPS id 4ann6h5642-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Nov 2025 19:33:36 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 5AQJ3GNf023741; Wed, 26 Nov 2025 14:33:35 -0500
Received: from email.msg.corp.akamai.com ([172.27.91.40]) by prod-mail-ppoint1.akamai.com (PPS) with ESMTPS id 4ak9d1u11d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Nov 2025 14:33:35 -0500
Received: from usma1ex-dag4mb3.msg.corp.akamai.com (172.27.91.22) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Wed, 26 Nov 2025 11:33:35 -0800
Received: from usma1ex-dag5mb2.msg.corp.akamai.com (172.27.91.41) by usma1ex-dag4mb3.msg.corp.akamai.com (172.27.91.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.27; Wed, 26 Nov 2025 14:33:35 -0500
Received: from akamai.com (172.27.118.139) by usma1ex-dag5mb2.msg.corp.akamai.com (172.27.91.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Wed, 26 Nov 2025 11:33:34 -0800
Date: Wed, 26 Nov 2025 11:33:32 -0800
From: Benjamin Kaduk <bkaduk@akamai.com>
To: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
Message-ID: <aSdWDFHAW2GxiiCa@akamai.com>
References: <GVXPR07MB96788DE24B191D5A2439E45589DEA@GVXPR07MB9678.eurprd07.prod.outlook.com> <20251126185919.362611.qmail@cr.yp.to>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <20251126185919.362611.qmail@cr.yp.to>
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-26_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 suspectscore=0 malwarescore=0 spamscore=0 mlxlogscore=528 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2510240000 definitions=main-2511260159
X-Proofpoint-GUID: yvb41KqOqAsurT01_q3bjtIubcmMMjJ4
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTI2MDE1OSBTYWx0ZWRfX2QtY+IV3qZdv mF9tCScY194iLqTJ8Dxu0EsxmwsJBLhTaSvY08AuiHTzfqHk8XveGTmH+hDWwRe63L0vi5wmAqI ANOjSEOVBahTAan18MOactwB4qlGNW+PYeBi+bbexeeNz2gY/1LaXR7SwhBIcGvOzDF/LvOS6KZ zARdvIDmpPrfItPy3283cZJZ+Eqmii6T4UsVysoCnG4eQ0izOUd61C9RMLCX7jNk8fL31TCavC8 I5VJwCy+pq3CdmrbIag1nqT9IMSharKJQ6PViffoV2MtRLSjx9g/eQks775ZiUOB2dBlWAGRsU8 48y/UCW/iXl5Kz1eM1cJ/1fS0SxoSowxiuj3PBsnbi/H0N3DjYcMjEaEbM9XT92i76kk+LxPkyL 94OAPk7448VMe2Lrr8cntZo8NEDdyQ==
X-Proofpoint-ORIG-GUID: yvb41KqOqAsurT01_q3bjtIubcmMMjJ4
X-Authority-Analysis: v=2.4 cv=CNAnnBrD c=1 sm=1 tr=0 ts=69275610 cx=c_pps a=StLZT/nZ0R8Xs+spdojYmg==:117 a=StLZT/nZ0R8Xs+spdojYmg==:17 a=kj9zAlcOel0A:10 a=6UeiqGixMTsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=2_ZQ2M3iNEVSm3zjBbwA:9 a=CjuIK1q_8ugA:10
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-26_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 lowpriorityscore=0 spamscore=0 bulkscore=0 phishscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 adultscore=0 clxscore=1015 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510240001 definitions=main-2511260159
Message-ID-Hash: MVEEY4ALHUQV5ASPSPC4IF4VEBGHE53E
X-Message-ID-Hash: MVEEY4ALHUQV5ASPSPC4IF4VEBGHE53E
X-MailFrom: bkaduk@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DmKXhCGGwam2KsXop7Z9oCX6G7g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

(not quoting the message due to the no-derivative-works boilerplate and lack of time to consult legal counsel or otherwise analyze whether doing so would subject me to personal liability)

Dan,

I don't think John is concerned with a beefy modern CPU on a beefy network connection.  Can you repeat your analysis for a scenario involving a 16-bit CPU operating at a 100 MHz clock speed and with a 5 kBps network connection?  Other IETF protocols attempting to support devices constrained on that scale have jumped through hoops to find cryptographic techniques that can achieve (mostly-)reasonable security properties while limiting the cryptographic primitives needed, such as shoehorning AES-CMAC into a hole that it only mostly fills, so as to allow the device to only have an AES implementation and not need a secure hash implementation as well, to preserve space on the ROM.  In these scenarios, where the communication endpoints are known at device deployment and do not need to rely on the protocols' MTI algorithms to achieve interoperability, it is often plausible to omit implementations of crytographic primitives.  So in this example scenario a device manufacturer seeking to achieve protection against quantum-computer attacks on their TLS-protected data would have an incentive to drop the ECC implementation to save on code size.  Yes, they would be facing a security tradeoff by doing so and incur risk from using pure-ML-KEM rather than hybrid, but *in this scenario* the analysis is not as one-side as you present it to be.

Also, John is at least trying to engage with you on the technical facts, so tossing out phrases like "benchmarking crime" seems unnecessarily confrontational.

Thanks,

Ben

v2.37.1 | Report a Bug | By Email | System Status