IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM KeyAgreement for TLSv1.3

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 22 October 2025 03:11 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2E1A97A0FD21 for <tls@mail2.ietf.org>; Tue, 21 Oct 2025 20:11:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PEwz1eFOFQVW for <tls@mail2.ietf.org>; Tue, 21 Oct 2025 20:11:33 -0700 (PDT)
Received: from SY5PR01CU010.outbound.protection.outlook.com (mail-australiaeastazon11022105.outbound.protection.outlook.com [40.107.40.105]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C048D7A0FD13 for <tls@ietf.org>; Tue, 21 Oct 2025 20:11:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=T5FyPxmaHN7aMY89cS7OnYJkFpfzMC6BgtA61bNHJuMC5vjT8yxrCBMDZ6wYFUEeD9xlMR6Tuaxx5dKSQIadsYjceK5QZu4zN/AzieEUFTLkbAzOp6VQTaRjbrw3y1eo3BZs11qfSuyHKHOJQ/MvuEUpv5WCZN445NT3ozCRjAUssK/KJar2RutvIQ2t7k1ENfAE3F0UydYW8Zcs8ZP2cNhYt6Q0IiE1CUyBQVhTZCA2UJhqKxWFDDZzy3UQxB539iqswpyJ0ooR+GL94bonwYT/PI/3bOhXuexwnCkrp3Y22BICLJNhcChcLax4Wa2hLaoawzOQIqWBUrXCJtu0ZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZGU/45fCswnCJS4ItIWzkGjiBH1eR2HqxYN5h2OO1PY=; b=rAfuVrgkHR5GUIT3Qjm8yqbjNrRsXrj89gIjL6KzPTU680uHB4RFhDmu4i6ZQ4eLx+N0ztI/xBxkhZthG4jNP2nkCI+zKt3q/fq43xOhPoOMOTn/Ar6VlWk28gSb9PhJU4L7JBpB6uksvVf94QtC0fUf+5OiJ3KG3mVnIlWuKPlOzGN/UCdVENu9WKx9HCt8AhzUtvblTgCyjR4WoAQG3mckyQrRCKbC1t66rpiKhmno7eABUW2joxMkAVQmG5JVB/t73CDDOeKOBNuWLc9bJK2WmV529sG1+yClBekvDdrrhH+slx4B4hHDVk/AoGMeKUjEcjFCx5oFzfUAqrozXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZGU/45fCswnCJS4ItIWzkGjiBH1eR2HqxYN5h2OO1PY=; b=sYB6bQzZku7/5Wmj1JqDzgnjxg0+q4HGkjxKORWiRnAH94pXlVQBNo/dwUolDoeS62Yu0CHi1YdKlsINWApGGBlzvEFvbZ1WcvTM9XoXiHmpXvN0aBl6dFqICd433BDs14CcpSPpBXWtgxCCKAGwrua7rCWSw5717MvA3TgHobgT26ZS9D/Rb9GWUvcEx4gvB8FzLB65TTvwuNxNp1WVfwRY4wbnv69tthwkHcWmwFcV9iIhbDvSZwMBgcGdRTPXGZmpsQlSRc819m7TEBnKVBoiTPIMlORdnx6s8soMC6nECOaVmaX4XyBaO1vN4vbcLNMtdozCOP8eakPqOnIeBA==
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by SY8P300MB0201.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:265::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.12; Wed, 22 Oct 2025 03:11:21 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52%4]) with mapi id 15.20.9253.011; Wed, 22 Oct 2025 03:11:20 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Sophie Schmieg <sschmieg@google.com>, Alicja Kario <hkario=40redhat.com@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM KeyAgreement for TLSv1.3
Thread-Index: AQHcQqI8rAMuEcjeTEKSvfNg19fDfbTNfZqq
Date: Wed, 22 Oct 2025 03:11:20 +0000
Message-ID: <ME0P300MB0713D1A77F315A1369A04BBBEEF3A@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <GVXPR07MB96787735077FCB838E00AC5789F2A@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB96787735077FCB838E00AC5789F2A@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|SY8P300MB0201:EE_
x-ms-office365-filtering-correlation-id: 3dff96ed-ba5a-435f-3217-08de1118acbb
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700021;
x-microsoft-antispam-message-info: 7KALp0n1Op6tsLXKBZQ7hHBeY2ofJdng9p8fTcw8+xtwjqElJMxB6mb0Lr2Y/qFR81xSXdG0zxUAAPYsfvmlDoCpA388Zx5dsTb6Vuh/y7mUhOm3QlccIRhf1LPg28rIzmEx6RjS7WJ00rj2p6CXMr9aqQf9Rj1iLqjiFfbSJwsvGFc3j7PgU0hHEOuRi/s4EQFjhREkOahbgeCo8vz012ipNlFEvg1BnB6yUNqRzRaGu3ioTXDu3xOkcLfAXvd71vL0ezr/YuSWUC+yzlu3GQu/TMh0ZbDO3IpfBAiMvmD4ZeS/sTPE1Hz864jowDqPpb1NqVsb3Shs86Bu//9T/6BWJD3wxKMJyzy4eRvLHRLRgQWwRgjwQY5PiMogqHGei0HDVDtyAowJwBaVBT2hYV33ukcsPO0t2zsZ6DWzTf5scehZajNSP8MFQFE5gD5Bdw5SCOETmRmVAbyaV8FNtGWVOX3lVDy0EH7cLKw+fnx1Bu1ePuaDdzW7eu+ajqIwwYgxq6akogmqcs4qvXuZnZ42YNRJWcmb/Fh2zRXpU22aAQQqW9NQlcoQ914rWE+8w+uiP5xlXMcdEfokO7OblOpYPbgBF4dECPVyW3y3TS6KUtLRVIKJQbckB+kF2vEGkPkrQBPepDL6boJdN64Ma8Xg3QpwrVdhsZhraKqM18cnFS6ok15sh72287A12ksAyBfkYW+PJuCFCSN3VGRs7V2T+co5GTfxuc3hTHh0E4lyYpRsag8cqZw1jEp1iRqxkZdaYYcMzGhJHTrUpCW6i6sUZEtpI/gSaUx1Wge5FMxDi8X37eZuM4Nb1ybPENTwEJErVqxSi9aktnDAuLjL5kW1FyoSx9BjAIOyhsV8iD5xYi52yS3LzBQn3dq7h/5kk2SCrq5dwiWB/MwEWfkfnF+CXBFZgYVjT+CyZi9M9AVZIUgs1GLqPzsrI8jUlJhn2290OQ/OIl5f+2cz6Jdz+cPeJkKjja3QHYsGZZCSt43URgWwa5uYblqlnramgsC+UEMEGPLi5HJ//DnDpsrH/D7WfIhkU5Wo0rFzxx06AiGkbvSW5pLqMTt5QV7SW6HYdo6tdRJQ3+jGn2nW/68v+3y2BFxeumJoX4gHcoELC0e/qAeIwZUMc+jsMdZiE6pcJybYI+TDpcSyntI3+vLXttmaUHpfWRden5kwG30BGKIqeQEvBJbss5hlTxfy6BUMtvHYTy1y7LyxElMvsMGN4Y7fqkw8bfe+gRcBUAw9DITSukMbdL5PQ0RiP6oIh7aO9SVqp6dDRL6fdqWGROmj3nBAijsNnarPrFYNZtvvyvVhm9y+9IYSTdLQcZdxbbuTav1MIlBoA5j6PBgbSe0mqCc3p2FQqPPP9MIJB6Swe015y20SOD2JgbAf+YaH8PSu7QaQwx77A/bW8eEBX3Ta/gZiUfIv19Wmsrf2TSYqaldc8rnu6soeGXlG/ofc3CGJwwlAZhSchQPxqBKAWANh7juPW8c1L1o2+/FN/Zl0NenC5JRwhigwHw6OuWt4vERT
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700021);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PDnDbcNk0vZ2fHcrxdvvBBERkgSw++5sW5IPlEn9MUanDm+rX5aq8LqsUwa3NADcuvYwbYTk8BY7sx575JqOEd0/SEU3s1Q2cEGoWfNi2UeRtcL2tZpx+I1TkI4N9IH4SoF9O3VycEmqgdOA49iQiwB7HiFMWAKsty7qrRYnyQZkQsJeCcppGgAjcAkb3r15phicKMwzzocyY9z+S/bUfyLXkv5CX2bXHNZNg5tq5OR+Y6xp9NxHsNE4ZREX6/0JBsDCk2Vl7cz6DB/BoI0W9MW98+sPEIDpSYQvAZuvqgzcOBcnpwa5yFQBi5kC/f27H/OPlDW07g4KnWr6oDx3dY10Rp8t2hIjzL/lvNW6Royqs7XGl1ZQo12BNOKYP/MuyUua3D8KsyOBXTHcKeSSx1Njv7gzqpKOH74mMMJs3fo4ZUInyIChjX7+CIauhWa7KbLNyLQxs2FBwh3kJN4I34rZulA2tf92CkgG42ep3kUyQEYQa0MF8oL/A00//onWGIc0uSVxXoKBZZSJPbrGC8OmNXmqO8gOJvaVFr132uLO3nxmEmVP8iCFpy9RzWyWbGkFFD/3qz23osYIr/0iwSzH250wOgGKHiPKSk6jFV53/Kes+4pDrhXRcuv2IRjNJXl23ZIp+7eDGTXwTVYN04200lgE4Zdd2kl3uAN8LTIzKT4IFFpfCJJR5tu+N4g7ncR42eCDPfGVmaMW8Ghd8L95gH4UJ1iAf8qNCXvAC05QQfPov9/4pK1BvHR53bMJkwn1w5fMSRZ1drp6589ob/v3iQDAw1dFr5BJdRuxqrGh9OM6rEZJyKvuD506A+pKp9ZymCV9DBUGMhJaO4poqzOozvEXLEZtkEHXc0TuX1P4Qpd7YFF8DpKHRO4jsipTdcURn/BOQj8Oz9aeUGlI0enyWx8s/GmQeFcDjcbaqr4yQmrql4IMfHjBGDLVX44E2k8xsAj6gZ3TZHToknAstqpMifycJiGFF9KxQfUjaRHdqRZ9+fLbm4V02jGRJienU++1hRYvEUI7FX0wtY52gWqLLFMgDw3naBawBJYeUHYS8Gnt2K8iXSRuRnHd4eqTvYRVIvz2wXLPdMmhqVbeHD7PN9tc4bnS5Wngpb/ljE0M3tfTqSewNfGgg8U67vZ0uJrugAcQGSuefAZr4Gwxkfa2gGZNWbwtis7ZcYdWaZaTUFIVsypCbYEvEiMwRqN7It5ul70G5zIDvgzW5WW3ctRLrXFzM4W1WH/lYM/gUB4qScNfDfyKNBIDpqcNchL+Tb5hyAU/NpQ0DDgOKn51wBvqhOfwc9m3pU/qqn7pYXRnU9xFdOoITrkZ8CWxHGBQiCbbQtT8zTz8uPSy9Cf3bUIm74W4Idn1o8/aSTwhcRaiCpVwBc4clUnQif+pEmLlBquyIiHmLoKvErtUIxFvlxgnQ/qYGUvolpVJ+Wy+VitHjD2duaGaLMDCOFCIJToppKH+abr6PpRUU8P8/Sx8IU3C08RsrC0FGUxQvbp97SpucnZ2RCq8w1kzOH/JHULgqNIm+6JpRi/MMYGmls1ER4NqCfNB+aWgduHJq/uahz2wJZ9Kzk+Wiu8bEv/X1DKT
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3dff96ed-ba5a-435f-3217-08de1118acbb
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Oct 2025 03:11:20.7789 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GGZdx9GEHiP5GApXa3wB2gRcbuaVoR6Nq25Mf8RImrmUEgUcuaQ1ZEL/4BQ4KDlXH4f2urZTXaU0LotEOpInJM0js6jQLDkLqRtCD586b3E=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8P300MB0201
Message-ID-Hash: YA6T2QYAT5WIDM7FJA3CEKODK2VR3VJW
X-Message-ID-Hash: YA6T2QYAT5WIDM7FJA3CEKODK2VR3VJW
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM KeyAgreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Gz_LjsaBV5duQIv2W-RfAMPSwPw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> writes:

>There are many TLS 1.2 implementations supporting
>TLS_RSA_WITH_AES_128_CBC_SHA (Static RSA key exchange, AES-CBC in MtE
>composition, and SHA-1) just because it is MTI in RFC 5246.

Every time I've encountered RSA suites still used today (and it's not
uncommon, e.g. in wholesale banking) it has nothing to do with RFC 5246 which
the people using the suites barely know exists, let alone any MTI stuff buried
in some appendix at the end which may as well be invisible.  It's because of
the "DHE bad" meme from a few years ago which resulted in people turning off
all the DHE suites and so what was left standing was RSA.

So the lesson from this isn't "don't do MTI", it's "don't issue a blanket ban
on an entire cipher family just because someone found one or two buggy
implementations of it somewhere".

Peter.

v2.35.0 | Report a Bug | By Email | System Status