IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Christopher Wood <caw@heapingbits.net> Wed, 26 February 2025 19:16 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0A68C222423 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 11:16:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="ZXI3x40F"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="FXUQwVmJ"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJT01WIww_RN for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 11:16:51 -0800 (PST)
Received: from fhigh-a8-smtp.messagingengine.com (fhigh-a8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C92212223F2 for <tls@ietf.org>; Wed, 26 Feb 2025 11:16:51 -0800 (PST)
Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfhigh.phl.internal (Postfix) with ESMTP id B998C1140132; Wed, 26 Feb 2025 14:16:51 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Wed, 26 Feb 2025 14:16:51 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1740597411; x= 1740683811; bh=z0XJMvE6Qx+ArpF/2dmDG5TK/IbpDyhE37/ZFgy0vC0=; b=Z XI3x40Fh7BXBIsaxBM9J8nCntkIhsDzAWWhf6u4xUPKAUBjJswv1abzf96f3jEPq BHWZc90lbR2k1aydoCwAckeFp+8ZmVR7i9J6bDM17yXYRXe67xv5bw8T4rCgfihQ QwIZu29ohwSSr9O8mTK0JShq9xHQISxbjuftmZZbgf36f/iptGZGOf0iKf8Scdf7 FvBX/5K4eluEsb7SOwZuYILASnhRL/9r4x+NHvN7qxEbP7sodQzHWLCdWCp7D8YZ yaAEYf5dDW9ymgxvviTwW0QqB0phq/pGJ7pQcGY8tPExAenKAtBk5MCqFv9+vdh+ o1S3nJmOqX4Y9Lv3wVg/Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1740597411; x=1740683811; bh=z0XJMvE6Qx+ArpF/2dmDG5TK/IbpDyhE37/ ZFgy0vC0=; b=FXUQwVmJjNxj4QudCuL8n5O2ROvlIWSJBp0LhAYN/AURQOg7nnI 0Hm56NsSLIiSKAZq37zxW8mz3jcXK0qPPrdqSzrBbpT2o3r+tMEtpCC2KxbYUVeq jONDxX6vFbWeiS7nY+QklUkakqzmPC4U0LIHFHYq6fqtB9Ct2aShRySaaEngyg4K 948Bqc9w6RnFITCNteSVV1YWgDqLC7Q81J/pbHGX4kJkDerjelbhSGXUZLNa+86G Zwq//PtkRuYrTbJwORDhfDXET0cjl2M8IWSVg6ILbJaQOyl9MiSokDik3KXYT6qX rexNhnM988rFQMoC1JrSZ38hwkgdqc3WN3Q==
X-ME-Sender: <xms:o2i_Z7ZPHKg_GR91Z8hk1w63ual_jN-5sRo_w1NQaf97M2o-3klL7A> <xme:o2i_Z6aQaZsdEhTjw1gIhKwS_qecqDpD2Ac2BOID0tKopLVVexnvH923LS9sfV634 14E-XIeRh3WFn1-_Pw>
X-ME-Received: <xmr:o2i_Z98SUEje6By6WZzBED8zK5Q5hdUXsWL69x_P1VdTxcwbkBGB5CIk6H96asXjbIIj>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekheeflecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefhkfgtggfuffgjvefvfhfosegrtdhmrehhtdej necuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgifsehhvggrphhinh hgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpedtkefftdehkeehieehjeevvdff keevheevgfeifefggeduledtvdekledvveegfeenucffohhmrghinhepihgrnhgrrdhorh hgpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvghtpdhnsggprhgtphhtth hopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehsvggrnhesshhnfehrugdr tghomhdprhgtphhtthhopehtlhhssehivghtfhdrohhrgh
X-ME-Proxy: <xmx:o2i_ZxrPg8fwUgHS1B_fjC8Ei59cUDEGz5HlWdpo7D6o64oUDAKXAQ> <xmx:o2i_Z2pObBPJauKwoVthTzZuP3fGRfZSF0J6-LEfnZhJllYyjJ1Pdg> <xmx:o2i_Z3Q7L0q-H0uEkQJtrB_UmRUNXkA-RWlcFWwWMrv0oBdupOqlmg> <xmx:o2i_Z-oZFN-4WJ7gZ7yb6nSl0MMm2MCQQc3qD1UeR1xVvSZk6cZ2pQ> <xmx:o2i_Z93-xq1OlAqOyGxeSMg4ulH6Nlbz6L2zIhNFtlLiNVMkAMkotVDT>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Feb 2025 14:16:51 -0500 (EST)
From: Christopher Wood <caw@heapingbits.net>
Message-Id: <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_940DB401-8750-4475-A42B-71F405FC3AEC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\))
Date: Wed, 26 Feb 2025 14:16:40 -0500
In-Reply-To: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com>
X-Mailer: Apple Mail (2.3826.400.131.1.6)
Message-ID-Hash: UKBXYSQAHRPAARRRCTPASBPKIHT5WCFE
X-Message-ID-Hash: UKBXYSQAHRPAARRRCTPASBPKIHT5WCFE
X-MailFrom: caw@heapingbits.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HtvZQFDz-VZ12xQDqw3HiUX-5go>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

As I understand it, the purpose of this draft is to specify an interoperable key exchange mechanism that we can deploy. The draft already has code points allocated to it, and they exist in the registry <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>, so I wonder: what is the point of adopting this draft when the important work is already done? If it’s that some folks won’t implement it until there’s an RFC number assigned to it, well, that’s pretty silly. I support adoption if it helps this work get implemented more broadly, but I think it’s worth asking whether or not this is a good use of an already busy working group’s time.

Best,
Chris

> On Feb 26, 2025, at 1:26 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> At IETF 121, the WG discussed “Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3”; see [0] and [1]. We also had some discussion in an information gathering thread; see [2]. We would like to now determine whether there is support to adopt this I-D. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this I-D, please send a message to the list and indicate why. This WG adoption call will close at 2359 UTC on 12 March 2025.
> 
> One special note: this adoption call has nothing to do with picking the mandatory-to-implement cipher suites in TLS.
> 
> Thanks,
> Sean & Joe
> 
> [0] Link to I-D: https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
> [1] Link to slides: https://datatracker.ietf.org/meeting/121/materials/slides-121-tls-post-quantum-hybrid-ecdhe-mlkem-key-agreement-for-tlsv13-00
> [2] Link to information gather thread: https://mailarchive.ietf.org/arch/msg/tls/yGZV5dBTcxHJhG-JtfaP6beTd68/
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status