Re: [TLS] ML-KEM key agreement for TLS 1.3
Kris Kwiatkowski <kris@amongbytes.com> Tue, 19 March 2024 04:10 UTC
Return-Path: <kris@amongbytes.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7E4C14F6E8 for <tls@ietfa.amsl.com>; Mon, 18 Mar 2024 21:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_B=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uK7wBY3Tv1VE for <tls@ietfa.amsl.com>; Mon, 18 Mar 2024 21:10:31 -0700 (PDT)
Received: from 10.mo580.mail-out.ovh.net (10.mo580.mail-out.ovh.net [46.105.63.108]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD77C14F6B1 for <tls@ietf.org>; Mon, 18 Mar 2024 21:10:30 -0700 (PDT)
Received: from mxplan8.mail.ovh.net (unknown [10.109.148.65]) by mo580.mail-out.ovh.net (Postfix) with ESMTPS id 4TzJD32D3kz17vH for <tls@ietf.org>; Tue, 19 Mar 2024 04:10:27 +0000 (UTC)
Received: from amongbytes.com (37.59.142.95) by mxplan8.mail.ovh.net (172.16.2.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.37; Tue, 19 Mar 2024 05:10:26 +0100
Authentication-Results: garm.ovh; auth=pass (GARM-95G001cfaea386-4fd8-4eec-a7cf-ce79e2b2e1ca, 792F3AC2EC58B0B844FA6C82AB8C21D04AC012A7) smtp.auth=kris@amongbytes.com
X-OVh-ClientIp: 31.133.132.127
From: Kris Kwiatkowski <kris@amongbytes.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Message-ID: <9CC33B4D-3EC2-4784-84A0-CE629D5B421C@amongbytes.com>
Date: Tue, 19 Mar 2024 14:10:13 +1000
To: tls@ietf.org
X-Mailer: Apple Mail (2.3774.400.31)
X-Ovh-Tracer-GUID: b6622e50-f1c0-4028-a634-8ab45bf3a193
X-Ovh-Tracer-Id: 1167276730067173143
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvledrkeekgdeikecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhephfgtgfgguffkfffvofesthhqmhdthhdtjeenucfhrhhomhepmfhrihhsucfmfihirghtkhhofihskhhiuceokhhrihhssegrmhhonhhgsgihthgvshdrtghomheqnecuggftrfgrthhtvghrnhepleeiffekjedvgeelvdevkeevvdfgvddtfeelheevgeeuveeiueduleejiedtfefgnecukfhppeduvdejrddtrddtrddupdefuddrudeffedrudefvddruddvjedpfeejrdehledrudegvddrleehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehkrhhishesrghmohhnghgshihtvghsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepthhlshesihgvthhfrdhorhhgpdfovfetjfhoshhtpehmohehkedtpdhmohguvgepshhmthhpohhuth
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/H1yeakbPTkal_c8uWTm-adxDDrY>
Subject: Re: [TLS] ML-KEM key agreement for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 04:10:35 -0000
Hello, I would like to express my support for getting a codepoint for ML-KEM (the queue was closed quicker than I expected, so didn’t have a chance to do it at the meeting). The motivation: * First of all the integration is rather straightforward. * MLKEM already got a large amount of research from the crypto community, from a large number of various research groups - theorists, designers, implementers as well as experts in side-channel protection. Deirdre mentioned that schemes were studied for the last 7 years, but it is worth remembering that Kyber is a modification of the LPR cryptosystem, introduced already in 2010. * There is a cost of 2-step migration (to hybrid and then pure PQ), I don’t believe it’s good to force you to pay the cost. Additionally, I think I would also get a codepoint for MLKEM-512. -- Kris Kwiatkowski Cryptography Dev
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Kris Kwiatkowski
- [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 D. J. Bernstein
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Andrey Jivsov
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 John Mattsson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Ilari Liusvaara
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 D. J. Bernstein
- Re: [TLS] ML-KEM key agreement for TLS 1.3 John Mattsson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Watson Ladd
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Orie Steele
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Bas Westerbaan
- Re: [TLS] ML-KEM key agreement for TLS 1.3 John Mattsson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Rob Sayre
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Dennis Jackson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Dennis Jackson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Salz, Rich
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ML-KEM key agreement for TLS 1.3 D. J. Bernstein
- Re: [TLS] ML-KEM key agreement for TLS 1.3 John Mattsson
- Re: [TLS] ML-KEM key agreement for TLS 1.3 D. J. Bernstein
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Rebecca Guthrie
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Eric Rescorla
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Dennis Jackson
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Sofía Celi
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 David A. Cooper
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 D. J. Bernstein
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Bas Westerbaan
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Eric Rescorla
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Deirdre Connolly
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Sophie Schmieg
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Stephen Farrell
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Watson Ladd
- Re: [TLS] ML-KEM key agreement for TLS 1.3 Loganaden Velvindron
- Re: [TLS] [EXT] Re: ML-KEM key agreement for TLS … Blumenthal, Uri - 0553 - MITLL