IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 17 April 2025 18:36 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5F2261DC3B95 for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 11:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQtDdFNMItzg for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 11:36:10 -0700 (PDT)
Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11020100.outbound.protection.outlook.com [52.101.85.100]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D5AE71DC3B8E for <tls@ietf.org>; Thu, 17 Apr 2025 11:36:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=orWjvcNvtNgNxBkV3UKik/uwxsKBUl90exWeFcOT/FQ1M7+MYjJthrpsYM/eKHDXrqNhCg7u4daeB0ESYjMnVjBt1ZIjSeVmrM+tdQTSsPWbkP6t22sf1BoAqBrCVJUztz6/9Hsj4bDCCF6X7n8pUOS2/UVXYzsjEZBcmFZi+1gd/HECVWwYo70cFT67U0OTmtzAMyscPeoPei9xfHCw+Mk6HkNBn10lKBcvQWmBQVtrBS/gUXpJr5IXT8RRH2y3Eh2wWhEBUwflUVMZC6LX1A5VxZiluavNBEPkzgkeIqkRTH5ysLi+KcE1wHdR7XIkqafgMyG9Cp+U2IUs/it8Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=03Nn297N7a3ng27nD/WHpZeT/nZV2Avl+FtXcZhfYo0=; b=rlNrvF6acIQu4ejKVDIs96CTtuGPhSXtVfcqO4dlnNe5UCw2yu7pAcPXdtTV7LeZeHmiW94jCc13onBb2JKtSw6+zySmoG8/1SLiyx23UOjMUXOUmnmnpZ6Q42MirzfUyxzdGtWGh/lk7IzTXP+bP8vhIwTjlkVg6tF0+CY6YDpKAY36AZAFenFddXamKO59OUQ3kpU+xZ4fymnfMMs8hbW1Ij/78zzdn75h4c4RXi4OPIeqpLXV/Dmi3hNsDuno6pAuunqPYmu7LK7simcYzXC11gi99IdLopNQtGOJkSEfz9hrGlluciaaYhtNp2ye/7zPJs0xST0+mfohVhwe2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=03Nn297N7a3ng27nD/WHpZeT/nZV2Avl+FtXcZhfYo0=; b=jPDjcWw9pD7Eb5tQaGnaht60MKorkHjVJk3U2z3fOfHxpFvfoGD+Ky3wgGfqjEHMikyjC0deNNL34geEmZDc/iHnA3HnMLSdOkZJHI4KUSaoudU+s6Dt85hCfJhkF8hqXceyaTjuCYygWsuQJ18btYrSSfMtq6rYr0gVj12NKXI=
Received: from DS0PR21MB4632.namprd21.prod.outlook.com (2603:10b6:8:248::18) by DM4PR21MB3706.namprd21.prod.outlook.com (2603:10b6:8:ae::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8678.8; Thu, 17 Apr 2025 18:36:07 +0000
Received: from DS0PR21MB4632.namprd21.prod.outlook.com ([fe80::79f0:2b8a:8bcd:5316]) by DS0PR21MB4632.namprd21.prod.outlook.com ([fe80::79f0:2b8a:8bcd:5316%3]) with mapi id 15.20.8678.011; Thu, 17 Apr 2025 18:36:07 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Nico Williams <nico@cryptonector.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Thread-Topic: [EXTERNAL] [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbr8JblajXqRrZXECcH+qLTKSiQLOoLi6AgAABI0A=
Date: Thu, 17 Apr 2025 18:36:07 +0000
Message-ID: <DS0PR21MB46325DABFF2CFF711EBCCEA48CBC2@DS0PR21MB4632.namprd21.prod.outlook.com>
References: <ca271cd7-1489-45a5-85b0-35dca4cbdddd@cs.tcd.ie> <CC953DB0-3051-4231-AA65-475638FEAE45@ll.mit.edu> <aAFI3Xzk/augbVTU@ubby>
In-Reply-To: <aAFI3Xzk/augbVTU@ubby>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=cf08f4d1-319e-4c83-94c6-0612de1b5f7b;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2025-04-17T18:34:56Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Tag=10, 3, 0, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR21MB4632:EE_|DM4PR21MB3706:EE_
x-ms-office365-filtering-correlation-id: ec10cf5d-13f6-4c24-883c-08dd7ddeb7ed
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: wJ9TT2MVWEyF0ezkdh5/d55UrVi8tHyzh+4gGgRhrCDGn7Xg+XZa5TCZcmhYSL35zl/A8QzFdHGEvezgDNrfqHjrQO9BVUBkJOagRubV2xujPVwNZY2NTcmlqV9X1iTpA2/JolB07hai9wBwwn5jsyCEd9qCFPXdXFr2JlnOINcTcHCKPBe60x8wT5Bpy/CXSr55Hwkde/KR67N9vJRZzS35XF9eQ4qKNdC4B+se28NFV3EPIPVuzP6JyJBN/YUw7Vvq4Iraf1JJU4NjjLlGlDalihXKw4LSpZdNHxOyRtK9/gd20TjAkwMgPipqzz3Omzdu6gj2n4+IG42+Q8ZsEXZOO0Q+CvG2DlMeed4QBelReUIElIskfDUhulu9XhHJmPMp5ALfYIwMHR5O3ojNmRlSL3eR3CP281PxTznmGIyDmRzhXhhcQ5E9DmZA/3dVA84v6PknxWGajcprhoEbP8xo+HXUamYcwCtPkn0wV7kGr/aesHAZgTSkEGy3r5tP2ZhUqslMX+r5Firzn6KIzR15my5cl+NnE5nNgqFnig/NoUORA46ZB8aKyupU1Y9wjxMt2hHtX0RXrWux/4+lyINURPk/cCsRe1Ai79kuRZoXj4xgaUJdtl14R/YHt9bBrSer9spOT0rEJRYdmACk/BaPgBEKTL4ymHcJCFvWKFYH3E+PlZHffxNJNW4j0PU13rvtC9I7zSs8a8e1P/EKqAxIP3VfwX3jrA+v7TPsYsqQtVW1YuY/B93w021xjTQ9mFNVzqh3n/OnO5Zd6qr/XE/km7q63teSqfBM6t+YygK0W/FilIoT4kkX6DKhpas91Sdz7ECclrb3/+941/rAqqE3wmdG1fQFX+imRFzyMQ7DficE4F55zgHhJMGx5d4embIo9dCvx3npbBv5EXzwyZdG1U0I1Bz1sojd4IDq3dO7qkWwh6vFqMWuz7OhFIqy+oHqXWD22//Dzi+VwuTIP0SFq7HXRxDNZVPW92CAWoFUWOqmQPwZKBIvO+OlytFdq3tT1EwD+Kpw2xQWihkOhQT4RxsPzay/b6XQECYsIsALWSxG73b+5xcKB4g4aoYu0eBXR2clHbqM1H7fP8c/OPHNqzhRz5wZjTAgAPPT9mfphxMEiFb6qY15O+olhlmH1ugUXyCn8QtmQFmyf1XYMmfRMAzD0jALi6FQaWo4cfKVrZU3GIbxpQboGhXPkUAG9XwSg0KKWt4/D/JadBcdNLMnwqCQyT6A8U05sVTEUrESfsLkP7qVKNyXkIn0i/154Nr2kOMTrX7fn+GamQs1vaGYeDTtzF4UnHGfna3WTSF3UgXFSsDaAkSAClhTm2P/yv9nUSCmjnvFiz7xQoAOZdg10zb78V5NmNvcvscxATV2vksra1nh/mKG9Yp50MA+POaknDbYgjwgMkUzvhCulnA2TBqAuP9l7Zyvfy0ZDoZD0TXA4lT6eGjl1S7PGrZ9TqqaRqWQC4iYtzq9ZTPFzaEJ1rZeQEsXM5HsZObZBKk=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR21MB4632.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sF9yZUOX5t9P9o+d2K2kNp6YfCcC57XHEXlChF8zlPunn2qwvTrJmfhCgOiRTZWqUO+cWaXZaAEvRc6Ag7957y7lVL97rAF32ZyeD25/SDzcJBUNgrPtPE6r4qZ+4C2cHDj3JOn8GbSCWGSMfWcvZkLHs1Ym8LucQ3ADboTvgoaX2hDUijKBih8OjNKdC5mtaeMi+3GiE1iQVpikjgRiB9h9OVYSCCxf3ygYnYh2/dZQ/UQbSgcx4kTDxwP88XerVUt7pkH5g7Wkc1yANXtKVptvyqDo5RWAt2YwuVpSm3nlTK5NLcHReo3SZottinjs86vba4isj8sfyQZrhPf5oSuR5neJfipb+3i7BuAoOXAqB1Ucu/L0K5IKsrvxQPEyG3RjNNQNFCg1GcuTr7hbM5r9ktN+bucbMnZfEtbhSxXov41W878vHf2CpQCTKanS9hUh9aEhXiwKntFPIyd4yogtPTC+qMahi9zxpypYHXtDsPgXJAGb6mzbayN46y/s6354q4iU1NIDiUAuePNTFZe41HDcbt+E6Vkpbo6m4EDbvrI7AhFqy4AU5tlr983TelgRS58vDXnBeSk9wPCuch8I+0sdIqFT9PK9zmlkSB2jEwpNGAOJ9Q08AzH9b4nxcxiqvZC87DrGSf1ejBh3s46Y9xagagAkxF+SrvuJw61/nTTtC6ylEPD41jGao4KdEwGAgiwZvKIK5yPjbe7QCwKiBjhW1lEhj8cfUMFjTwV57M7FJr3EjrXwh9yQLv66pT2DSwSD+wj1BRr+PQXm7cUnYv00q1TROHvYj6ZyCr2D2pImsl3uC5xxLGl9XvqwtrADMh7zzmtUpJKu9ZLul3UYI8UaK/6vKS8Of7FGM84p0/V3cpPO4Pn1ZTzUwXASsdG368q3CsMq0HQUK3RRXkQtbF21wccsvCz5qtiC4I2+10E+zJjxLFoXKX5v+F/neMFOn+Fe9XPwHVJTu6wZOcH0OIYuGOEeLOf9t9Ijx36EoTl4pIMLScfMiGk7QeUBuEUgt/Q/sWU1lEm8mzWeUJFm7uPf3mnCBWAQ/jp4QeDXc9LbcrcMjjPMEYoFjNCDFhPRIpeIKpEKoGF7vdOGyxh1P8tMXhTJJ9wtmqjg61krs+QWZEFsR7rT0YQwROHCz5IUswrG3jyDwNmyDtCTxW6k88lyOl1r0A2IVklg/fDW4qCkEOzH7MwjByzHVm/DW+KUEnAsCGAjK1lPDZY7nUqj1ZWCgadhKG13TEeivNSixLVJgGknTz26I8GvZOmwA04PgWeCFvFX549cXbHxhk0o8nkfI3Sn9DWbbET3A3TCSGEb5Ze7To3COkH6o/1O1X3QFming3MqdzEgLSphXIccY5zVPridXhWo2M0TBQh9LaqguR2C2N9Ke/lcK+a7SC9Fb9Y0QEeJenWdAKEF5evV58os7EdiLio++F9ckIZvV2qDARnNIN+eB2VmmJ7mkIwjzCe2KWJg1g1nqiG4/DKRJkpzKm/9WNHlnPgL8bnT3LBg2+Z6JhFVjJrQcPV+06qkxVA02guqiLdM7/lMVcP2xUK3837ZFukZorejXh1tZIZbhVoSBA4sFPASU7LE
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR21MB4632.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec10cf5d-13f6-4c24-883c-08dd7ddeb7ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2025 18:36:07.7880 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YTPby0d4wcU7wnL+JXvp9b0FVse5eKg8PEJ1IDAkb14Earue8TVx1LtftUAQFKXNuTdyvGZYvndZRy+M1MSTww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR21MB3706
Message-ID-Hash: GQCSINFIJ3JD427I2ON4IX26LIEHLND3
X-Message-ID-Hash: GQCSINFIJ3JD427I2ON4IX26LIEHLND3
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Thomas Bellebaum <thomas.bellebaum@aisec.fraunhofer.de>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EBIys5xwII7xGUTbCMrScC4np58>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Are we even discussing changing TLS 1.3 MTI at this point, for either hybrid or pure PQC?

Cheers,

Andrei

-----Original Message-----
From: Nico Williams <nico@cryptonector.com> 
Sent: Thursday, April 17, 2025 11:31 AM
To: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
Cc: Thomas Bellebaum <thomas.bellebaum@aisec.fraunhofer.de>; paul.wouters@aiven.io; tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

On Thu, Apr 17, 2025 at 05:56:56PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> Since It looks like 3/4 of the audience holds position similar to mine
> - frankly, I don’t see why 3/4 must convince 1/4 that their position 
> is valid (usually, it’s the other way around).

We don't "vote" because majorities _can be wrong_.  At any rate it's hard to quantify the risks of pure PQ, and since there will be entities that insist on it for their own internal uses, and since the codepoint assignments exist, it's a bit over the top to say no when we can just insist that these not be MTI and hope that [unlike Dual_EC] pure PQ gets no usage outside of the orgs that require it.  Though I'm not keen on pure PQ yet, I do believe that the WG Chair's call was correct, but not just because 3/4s support adoption, and I appreciate that the consensus is strongly that pure PQ not be MTI.

Nico
-- 

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.30.2 | Report a Bug | By Email | System Status