IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Christopher Wood <caw@heapingbits.net> Wed, 26 February 2025 20:20 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 35B26232F74 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 12:20:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="HB3vStfd"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="PeGIwCsE"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtU3ElZ0GhrF for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 12:20:48 -0800 (PST)
Received: from fhigh-a8-smtp.messagingengine.com (fhigh-a8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 15F5D232E63 for <tls@ietf.org>; Wed, 26 Feb 2025 12:20:35 -0800 (PST)
Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47]) by mailfhigh.phl.internal (Postfix) with ESMTP id EA315114013B; Wed, 26 Feb 2025 15:20:34 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-07.internal (MEProxy); Wed, 26 Feb 2025 15:20:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1740601234; x= 1740687634; bh=4wXuMy1xNteKoF1t1R2r2hlm3fZBx43HN26DctE2EU0=; b=H B3vStfdODu2nyMSuDJr1KJv9ly/WcizDeSCwjgFOd++RJV9GVOCktz/qr5K6Btov 64bj6UsRQnhXBWv0BrQmAJT/CRnUkV0Ff8ogowIm8CAYW+zwZYV9AhmchBCaWAH+ egWbVupS5+43N+5kGVaxZvaHu4qOtnk7lMulk/uheDwUKC0jfWI6GFIpqR7bjyWq LrxGvEmHQ6I1yjlC3P0GPRb/RGOvcWLPJf8s/2MFnzRECYOzwlSwbtZXKkzSJW9B cqm5k4/HlNuHCclPrQ58WXng3ARwayoi1rz6V0G8AyeVkygqSEfGOFxqAi8WCay/ XtJRFPbLG31ctYuNS+amA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1740601234; x=1740687634; bh=4wXuMy1xNteKoF1t1R2r2hlm3fZBx43HN26 DctE2EU0=; b=PeGIwCsE1P6sxtb86phfcuSbcuOzrpsHYITNXMAsT2byvShqj7y 6UsI3m8E59hL1wO2emsKmNIF250ycGHHPOV6kFomESl9p1Loyvm+cV5rJtEmAHA3 aizC8I5/RxSTqTndU9sHi5Btf0YsrwzN2sepjhps6NQ1DtsIJvArjELbMADcmsjm 5G5FhkV/K2WSTqh6vQUF2SzAUEJLzEn0vEu7/SOxVH9NGEGVmqRRsKN5yROWYVtg mAXReiLmuUIvgLZv4lSpoqu1oN90OWt0wUs2flwsk80hfpu9ehwSXs0FdvpjDNCn m0d/gE30tjoXwggm38TvgQ4bWQ3vyCqSM+g==
X-ME-Sender: <xms:kne_Z4hyaVmTzhAxVn3zNcv_ZShAugTryrNmZxUy1KhkepteTK0pqQ> <xme:kne_ZxAQIpxi9Pzw5umkamaurtpMAn114LQj-B088ysWx0mhS_r-P-kTksI-jol_e vuqzTEP4iQL5HvfOSM>
X-ME-Received: <xmr:kne_ZwGPD7tSFUGEQpdfb3gcV-goA0I0z77XOEBczMeiPYbQgOBn6nLDQdzttF23MoYN>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekheehvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefhkfgtggfuffgjvefvfhfosegrtdhmrehhtdej necuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgifsehhvggrphhinh hgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpedtkefftdehkeehieehjeevvdff keevheevgfeifefggeduledtvdekledvveegfeenucffohhmrghinhepihgrnhgrrdhorh hgpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvghtpdhnsggprhgtphhtth hopeefpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegurghvihgusggvnhestghh rhhomhhiuhhmrdhorhhgpdhrtghpthhtohepshgvrghnsehsnhefrhgurdgtohhmpdhrtg hpthhtohepthhlshesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:kne_Z5Q16pePiTUESF0aLPb1YHQcN4q-q32aRaoP6yK82AY5UYlLEw> <xmx:kne_Z1yMjxO2aoTN0gphhHgcb_iVPoAaMiLm5KaEA10fZtgOTfmeZQ> <xmx:kne_Z34H8PmpO0-pO2mVGJc7mQK-4HpMqHmRkf5WD0qhVQITpI9zPw> <xmx:kne_Zyz2s7Apn77gnK1ffKQOKhVSDrAmJ-xn7_PEP9GfhGZDYliJXw> <xmx:kne_Z9-edokfwTBfcyRUCdfcVw1Zd3I41IhvpBu1d2-7VuHTDk0VMMjh>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Feb 2025 15:20:34 -0500 (EST)
From: Christopher Wood <caw@heapingbits.net>
Message-Id: <4D6B1665-4E99-437D-BF8F-1F47383F6976@heapingbits.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_232E7F62-9A38-4A26-A2FD-D2E4D465090F"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\))
Date: Wed, 26 Feb 2025 15:20:23 -0500
In-Reply-To: <CAF8qwaDOEGkNHX9GWic30KYZAJ5yTXmjA3xnyV7cENUNh5pyDw@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net> <CAF8qwaDOEGkNHX9GWic30KYZAJ5yTXmjA3xnyV7cENUNh5pyDw@mail.gmail.com>
X-Mailer: Apple Mail (2.3826.400.131.1.6)
Message-ID-Hash: SFSBLQWLC2WWKGLZAWUGTHALTWD2OA53
X-Message-ID-Hash: SFSBLQWLC2WWKGLZAWUGTHALTWD2OA53
X-MailFrom: caw@heapingbits.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/I4dGHASNXmHU4ICIZ0lwBTdPR9s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>


> On Feb 26, 2025, at 3:03 PM, David Benjamin <davidben@chromium.org> wrote:
> 
> I've definitely had folks ask whether it's OK to deploy this yet, so I think it would be valuable. I can't really fault them for asking---the usual story is that draft things are doomed to be replaced by their final standards and this one hasn't even been adopted. Really, I'm appreciative that those folks have taken the lesson to heart! For the sake of other IETF work, where WGs _do_ need to iterate, I would much rather that we keep the heuristic clear. Otherwise we'd have to muddy the waters and say "well, yes, this is normally the case, but just this once the WG was kinda busy, but I promise this one is also stable, really."
> 
> In particular, even though the codepoint's meaning is now fixed, publishing it sends a clear signal that this is the WG-blessed spelling of an ECDHE/ML-KEM hybrid for TLS, and that adopters are not dramatically at risk of the ecosystem deciding "no, actually we're going to retire this one and transition to a different codepoint that paints the bikeshed differently".

Yeah, I get it, I’m just not particularly persuaded by the value of that signal as something meaningful. 

In any case, I didn’t mean to distract the thread with philosophical procedural questions, especially when my distraction was literally expressing concern that this working group might possibly be distracted 🤣 And just in case it was not clear: I support adoption.

> Being concerned about the WG's time makes sense, but given that this is a case where the WG has gotten very very behind running code, hopefully we can try to stamp this one with minimal fuss and time spent. After all, we've already been debating the finer points of this one since before this document existed. To that end, I would suggest that we all try to progress this document quickly. :-)

Definitely. Maybe we can adopt before Bangkok and then start WGLC immediately after. =)

Best,
Chris

> 
> David
> 
> On Wed, Feb 26, 2025 at 2:45 PM Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>> wrote:
>> As I understand it, the purpose of this draft is to specify an interoperable key exchange mechanism that we can deploy. The draft already has code points allocated to it, and they exist in the registry <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>, so I wonder: what is the point of adopting this draft when the important work is already done? If it’s that some folks won’t implement it until there’s an RFC number assigned to it, well, that’s pretty silly. I support adoption if it helps this work get implemented more broadly, but I think it’s worth asking whether or not this is a good use of an already busy working group’s time.
>> 
>> Best,
>> Chris
>> 
>>> On Feb 26, 2025, at 1:26 PM, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote:
>>> 
>>> At IETF 121, the WG discussed “Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3”; see [0] and [1]. We also had some discussion in an information gathering thread; see [2]. We would like to now determine whether there is support to adopt this I-D. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this I-D, please send a message to the list and indicate why. This WG adoption call will close at 2359 UTC on 12 March 2025.
>>> 
>>> One special note: this adoption call has nothing to do with picking the mandatory-to-implement cipher suites in TLS.
>>> 
>>> Thanks,
>>> Sean & Joe
>>> 
>>> [0] Link to I-D: https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
>>> [1] Link to slides: https://datatracker.ietf.org/meeting/121/materials/slides-121-tls-post-quantum-hybrid-ecdhe-mlkem-key-agreement-for-tlsv13-00
>>> [2] Link to information gather thread: https://mailarchive.ietf.org/arch/msg/tls/yGZV5dBTcxHJhG-JtfaP6beTd68/
>>> _______________________________________________
>>> TLS mailing list -- tls@ietf.org <mailto:tls@ietf.org>
>>> To unsubscribe send an email to tls-leave@ietf.org <mailto:tls-leave@ietf.org>
>> 
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org <mailto:tls@ietf.org>
>> To unsubscribe send an email to tls-leave@ietf.org <mailto:tls-leave@ietf.org>

v2.29.0 | Report a Bug | By Email | System Status