IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 15 October 2025 02:24 UTC

Return-Path: <prvs=376a2c1c9=kpanos@amazon.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 926B973BFABF for <tls@mail2.ietf.org>; Tue, 14 Oct 2025 19:24:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=amazon.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDGTpW-F0pM1 for <tls@mail2.ietf.org>; Tue, 14 Oct 2025 19:24:26 -0700 (PDT)
Received: from pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com (pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com [52.13.214.179]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9AA4973BFAB2 for <tls@ietf.org>; Tue, 14 Oct 2025 19:24:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1760495066; x=1792031066; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Ohh+u5blRFavl+8kGM2r1jo8mjsE3wzR0p7IuSiEkyc=; b=SF6463KlZbk8mqhk7/fgbV5fHzSbA6UZTYAO9+rlg3yOvwVB/DeoRZE0 w6XAu0n5BLRQ8X1aRVDk0QIOBA9M30CsIjp0NWY+CJ4yqhZTuFQaDISUw 8E5+zcw/2dLdA2kcZhMiIfVyP0ANH+nXfnjmiNXtveRrYCvvYz9mVxncv Bc8Tuh9K/5Ycw3VAN0HHIUGjyi+ZTMR2p+DDrFVu+JKS7ATgiPhInOxLx UJ1gtBIPoKAiNxmJnz6UFSNpZrILVuh+ts8ArQcWIW/2nnFo9JzzNGcOd Pb8VSjoUDvfNJZzmuneW4KSoPdJOBbkIXQOdSmshJgLnq9XSpzRWBJt70 Q==;
X-CSE-ConnectionGUID: oa3vRGN0Taa7QNd040oCkQ==
X-CSE-MsgGUID: +Wrt+FUMT2y7Z339xI3J7w==
X-IronPort-AV: E=Sophos;i="6.19,230,1754956800"; d="scan'208";a="4903761"
Received: from ip-10-5-9-48.us-west-2.compute.internal (HELO smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.9.48]) by internal-pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Oct 2025 02:24:24 +0000
Received: from EX19MTAUWB002.ant.amazon.com [205.251.233.111:18557] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.27.3:2525] with esmtp (Farcaster) id 179e0732-f38e-4a9b-9c92-a2c36c590f75; Wed, 15 Oct 2025 02:24:23 +0000 (UTC)
X-Farcaster-Flow-ID: 179e0732-f38e-4a9b-9c92-a2c36c590f75
Received: from EX19EXOUWA001.ant.amazon.com (10.250.64.209) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Wed, 15 Oct 2025 02:24:23 +0000
Received: from EX19EXOUWC002.ant.amazon.com (10.250.64.172) by EX19EXOUWA001.ant.amazon.com (10.250.64.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20; Wed, 15 Oct 2025 02:24:23 +0000
Received: from SJ0PR08CU001.outbound.protection.outlook.com (10.250.64.168) by EX19EXOUWC002.ant.amazon.com (10.250.64.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.20 via Frontend Transport; Wed, 15 Oct 2025 02:24:23 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jmRESeo2lIY0imOta5wbmf+3in7knPd63KFKC9HyhCsnMSHB4WpgXDN+6BgTPDQoK9RiHo6Osi3OdCR/rjOWt9H0giy6GKQxARY/IiyWohh0a7Zrvm4I1JW5BxhUaYUhzQrPhMbQYBO+2gBsyVLqvUQTtQAxKpGNTqhtJcA46BWratLM5ao61Y80KSx9pmw+F25oeF7CnxjKKBcZxa1HxT/C7WShzskE2LcqV/m33XtcZRuaTVtU39pf0TWbEwLSL0uv+nHCrPyJHd7T5Wvk2l+fqkKKVE2MQmY2ZUy5HWpKj+cLTJU1wSvScmUwHbbzB8FkW/Z8umeirXG9z1gtAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ohh+u5blRFavl+8kGM2r1jo8mjsE3wzR0p7IuSiEkyc=; b=oIssHMMX2KwX9eYrXIt2/dYHD9/6o9tp8EJlbHrKqFFYatdA2tcjgOtqQYV1o+6I652gpZjN81vLBCJ5GLmfwDjSYAVNgtaA2l9uwmMNotxyOfsoqQaVUtw1/ZO+kqJWmB472IS11tZP8PTH5zXTSAtbLo1RuENCynHlHH8NQtr2FPmWrDqwRwWEZMhZPBmwEmNX+jr7PFxAywnygP5H8xVfKCv75axqQREbKTLh9ez46WUXH4peDw+XKy8uUuPVjxfNHp2nUDlXbmGewTK5VhSASAzKyHvVlGFM3/TEtMsoSXyaUe2WzNvDJT5lVRQ137ZSkPDN0xSjFtasDupu/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amazon.com; dmarc=pass action=none header.from=amazon.com; dkim=pass header.d=amazon.com; arc=none
Received: from DM5PR18MB2326.namprd18.prod.outlook.com (2603:10b6:4:b9::33) by SA1PR18MB5743.namprd18.prod.outlook.com (2603:10b6:806:3ad::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9228.10; Wed, 15 Oct 2025 02:24:21 +0000
Received: from DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be]) by DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be%4]) with mapi id 15.20.9203.009; Wed, 15 Oct 2025 02:24:21 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Jan Schaumann <jschauma=40netmeister.org@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHcPXrQzELzYuJvME+x5DZs9eiO8A==
Date: Wed, 15 Oct 2025 02:24:21 +0000
Message-ID: <DM5PR18MB2326351AE19948A83657A3D7ABE8A@DM5PR18MB2326.namprd18.prod.outlook.com>
References: <DM5PR18MB232668BC226E074B7F3DDE7BABEBA@DM5PR18MB2326.namprd18.prod.outlook.com> <20251014175645.409307.qmail@cr.yp.to> <aO6utvx6ier77gFP@netmeister.org> <CABcZeBN_zfDzyV7ef5pPEDQYSvQtdfK3cX6kgO+fYspHda3aLg@mail.gmail.com> <aO7ApT-A6_Kr5cCe@netmeister.org>
In-Reply-To: <aO7ApT-A6_Kr5cCe@netmeister.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amazon.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM5PR18MB2326:EE_|SA1PR18MB5743:EE_
x-ms-office365-filtering-correlation-id: efa05853-3f40-46c3-2752-08de0b91f37d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|10070799003|38070700021;
x-microsoft-antispam-message-info: xQTg9wXjBNC5yMVGA1z9CvlgaI1ATCZEGP8sMeOJEy0R/pnOunQeRF6tOKW6VdfHq2UHeeBvfrwitjIH5HkWZbfz1lInq4lchzUTUmITLzU+kYAC2TIMkxGyPxSqYBXXVpIla6l6Pi9fMSCnnFwt6AcUKzqZ/PSjcKPqdiJdMlzCCFeJABasV1yvQsCSdbHfAq2o3pi5pm9VzgmEvLwyqFH3tP1P2QnS8ja18W/DFQPr2cnY6qwyR7fwFjXALGQJKLCFocoBqv5Jyzcu7F4ahUcBnGu0RqhWnnhCNFhzDDzJ59xEK3jm7Cc5grEViivYNzY2ISKZ3lIULKajH4POVmlAUkN481qmsJvSTyIsZYs+13UAioOxa8u4kqMv010Mbg5sHQfluW6t2h1fBEyKx1VqaJn9/t4LhP/LtN/Uw+ECRri62mfnJgtFlebTKZ4qiHAv82C/Un5oTPrZ8z0ienPYA3OgF2M2+3RENR9zdwxLqsqOBP9b0XiJ1SRKTPDKPIE2fpDmOuAF3iz8ZqnIQnR9PcV8DbZQB1a06wavNThAEcD3QgElqEeyVks5ccmR016kbCSlgo+14eTpgK2u86BjDTy5fypDL/ovTOzGUCZbLV1kUAMTwfIAQZmH9ADGNmTYudEtF1j/qYZXljKt+L/sisWyDivhdlKUN/mbsaxdDx7YY+JC15z95gA9iSSa5VXMFVpM1whthukBXG+ilt30z+5L3vBCIyaMR0QUxFPT4d3nFi8FRZYxGCjNHST5Zm/rez17hDM7I64dORnh+aGjeLHOR9bAdgdexHYUFEXZHQ9759rM4i6Eci0q89fSg0ctxGk8jOCEiHaNbas2tqbVGX9xgdq29eqJmExd4vevpRkiGkOL2859TdUAy3tZhVIAnNM14R8qTClb+vsKmGyf8DcyIs1hgAmrjIvP6x6ik8poYtOej6QZMxa+HYb69FZCVBgyxntzoo1gCPM6G7ygvFxnmX/3P/1W2a0bjWDf5oLQTTJjDmr29lLjwx6BDB6mDzx8joXiPJMKCvjVNqRxx8DvYCGQe0cYnsVyBItGRC10VRPm5S+jM4NaeKyixXmsNe0O6MtsgTRQ04BiB0nuwssbtv546bULm1MTwoJsAzR0bR60qRyY08ZUcLtn07KeaCQSgfgW3ilmydNltTEvbRJfmL1WjJHRlIsv4MmLRb8oVhDLe39rhh3tEp91+ozNwaPghTAwVC8go2PklOg7T5DQON4i8/yoOTXrt+pNR32fhEtCWEkxcp8xAAz253qTS/NWdmy6VJ9V0S79L6ID8Az2YxCBjXBcDgBTkGYHLn5sVulhILZfjwplgIqua6mTtDMucyYnV8X5d+ZUPu6QtAA8yIuDcvoY8i/o1+pAWTzOArF/TGqeahbmP53cXBIofWPWxyEe97ZBvJFF33oECCK60ThC6Ab6TCvzKmNjLdDHFZ00hN2ozS6MNlLvb4G8f+0fo08qCJQN446kew==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR18MB2326.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(10070799003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0XUWT7jx2fEbr06QVXC77iN74Az9QVRJ4JBckWNeXRl1EN6WtwMkI0OODBV8qefWvhScEoMHzwDa0z0NSSvoS3qitDjzd1kkb6LeYhfx2L1QMFyeHmszz1zbYsoicmC+OrBZ570RtAsCG7toq06bXjdYV0Aq1VE6R4r6+vgiSOeLzux9n/Xjf/IcPcqBkXmrLzDxme6nL4WpTVJD11OWyUQPAUF1jWjDh78dpPwBdMVk91JXyp7kEVhCYLZbe0YUOrUx4AJ548+Ec+cVa3Ycny3nm4+E1gwYnLTbw5kqVbW2VyIbAZWqsuXf7XHjuPiAEYneM24wlkjSvxdGjHU39vz2rKu1LVe9FUeAoJZ+RLOQjsjNgDrgLq4+V2AFqI4BqDymF2NVk3aqWEFMf62Ml61jPX7a51XC/VuH6l46/c2zuElCTzcGd9g5PN2og53ZKIi61UPtnsEi5DxAt/G6lS8JDib7uVjkGceo/Z4sOGxhbjGPwuI/3tZX1YLM1cyLF7tWLkQ+Kl7ITc1+V9gvaCSk/ajdr8fD0WXgAVoEq4kP92COri1PdsaznctewvBaYsavV/ODQVPe9sGXOtPnNQGuT8HsLWM3toQyDW9zgzNPM+HFQoXEkfdAmnLh/nb3TBJj3fD3RewlJyJsuuGgrqx3ZSd+WF1ROXZxSNrYO2mi5uT/ik79gZ/zeHVxBmqVK/KZiUHIet4rEs75uGywrRUvf7NqWBHwPIXbUWYjFQrfoZT50VdZuZxg1xGKmEa6Kpj3Q+CRgTJE0e30UD/z1ySF2FHqUov+0gINOoX+jPyOVNDRk/zDFmA0d9J2cXMplw5HeSynFnnv8iw8492eYvFKKUJOo9B29hY/AejFthQIVw0bHBfJSh/Igm6kWqTgGuCKu6f1GGwcmuw5EJwMG+EFp7LFuM+5CLIPB0by+OYvAVEUm5P0ZPAe9BPW1NtPegoRIfS3ljKMs+Yc3hFPRZRxZmzO3f+n87lmCdM4PaKVtkX3B1iQdi3nZtsUO6BeASxoGe5J46gOFDH39EBgUXwAY+5WjSUFLLzuPk3pnzeL6XyJGaoUTZK3Rldj1z0em/3qgt9hpi//80c2O1lqaudEot3u3LdH3YUO0l3hrbmgY04/emTIL6l6iD+jYPx8hbb2l9cKwf1F4RnL87ruSWBj0OpThLwol/WK8dPZyZ870iOdtQdVR7O2vTKJBHvZ6zL7gKDp2BpKw6fO5AlQnPXkLKhihOjGr1ugZ1WXB9P9b5X4i6Se7NxpglcjVzgHvRaGVlfJbR8w6ccOzZXd1WS3sjCMZH8TEjJ69sND8Kq2frkcGuXCrAV/boTwvvlrqA7WYNJ1x6OA2PwHEyoWExUiUUJxXubgU3ALwzRCk51z4MClbI4oX+7kDrFtXP9wQF8kYlqqDz2NMXAFw8RyuP7O+w90/Zbv7/vCP5Z1MHijdRp3KafQzATLt1LwLV8rVXxFwHcGYjdJ00ABXkn39xdPsGbefd/x6II+WiKvHsOuwN3bax+rW5IAsWbIcD3pv/7sMYcnE/174Arxk2SqZTCf5lU57VSXG3MSvoZdHVv8ELwOgwBrYvY+8zSWkdG06wnXDsT+w8B61IWlavp3z6tvvlh56Vk7V61c/BnPGr0=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR18MB2326.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: efa05853-3f40-46c3-2752-08de0b91f37d
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2025 02:24:21.5951 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5280104a-472d-4538-9ccf-1e1d0efe8b1b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1X7WpRf+iMUs23XjUuky0GVwDn5lJ7VViebIvUGxzR4rrmJeH0qQBorYuXC9cCoqASc3jP3CJxXvB5xmXuF1jw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR18MB5743
X-OriginatorOrg: amazon.com
Message-ID-Hash: HC4BPYAJR2YNCGZ5VUJYF66FOFS3ODIC
X-Message-ID-Hash: HC4BPYAJR2YNCGZ5VUJYF66FOFS3ODIC
X-MailFrom: prvs=376a2c1c9=kpanos@amazon.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/G5h4lYoPyF_8cvVs_uAFmv9jRug>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thx Jan. One nuance: 

Cloudfront is Amazon's CDN, so we can call this web. Setting the web aside for a second. 

There is a subset of AWS service endpoints where SecP256MLKEM768 (and X25519MLKEM768) has been deployed so far (100-200 in absolute numbers, they were reported in Jan's numbers as well). AWS has a total of a few thousands of those worldwide. These are TLS service endpoints that do not fall in the web umbrella. And they generally see vast numbers of aggregate connections per day. Browsers (over the AWS Console) are just a subset of the clients that connect to them. Other clients include applications built on top of SDKs. There is great diversity of clients, programming languages, SDKs (Java, Go, Rust, Python, C etc) and customer-built applications. We simply can't control if a certain application+SDK integrates with OpenSSL 3.5+ and a customer will want to enable certain groups over others or even if the application will integrate with a library that does not support exactly the one group we want. 

That is why I keep saying that web players have been sharing connection data and that is very useful, but it does not mean that all TLS connections on the Internet come from a browser or web-based application destined to a CDN/web server. We have the three codepoints already, let's standardize them. X25519MLKEM768 can be the RECOMMENDED=Y, that is probably for the best. 


-----Original Message-----
From: Jan Schaumann <jschauma=40netmeister.org@dmarc.ietf.org> 
Sent: Tuesday, October 14, 2025 5:29 PM
To: tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Eric Rescorla <ekr@rtfm.com> wrote:
> On Tue, Oct 14, 2025 at 1:13 PM Jan Schaumann <jschauma= 
> 40netmeister.org@dmarc.ietf.org> wrote:

> > https://www.netmeister.org/blog/pqc-use-2025-09.html

> Note that the vast majority of the sample set (and hence the 
> X25519MLKEM768
> support) is Cloudflare, so to some extent we're seeing the decision by 
> Amazon to support P-256 and Cloudflare not to.

Correct.

Which, in turn, is rather likely influenced by the fact that none of the major browsers currently implement a hybrid PQ/T kex other than X25519MLKEM768.

So yeah, it's a small number of big players that are reinforcing each others' decisions here.

-Jan

v2.40.1 | Report a Bug | By Email | System Status