IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 26 February 2025 20:48 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 56261239F63 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 12:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MPva609B-Mst for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 12:48:19 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) by mail2.ietf.org (Postfix) with ESMTP id 49FE5239E6B for <tls@ietf.org>; Wed, 26 Feb 2025 12:48:19 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 51QKOhv7025505; Wed, 26 Feb 2025 14:48:14 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=mail1; bh=m83vyQa1YZerf5Z7IxGuq1qsGPUI k3Rv5TT+neBsyDk=; b=Qt3ZeBeun9ibaunOv+zAjK8LYsg8YRp2bN0r62YIevFR ixHIq5krQQg2uBL32S6MRiV4pV3cOfTyuzO6LLfRdPqS96i2Yg4lUwGvOTsPv5Zp MAyip1RydhMg17QVJMVw8WEGithkc9oLt6/G8EQEN+7Bes43rFtrFnEsJOD1f234 nNiX51kVYse1jgeh3mcU2hMcNu74n8UBfZZH7avZDzYyf32Y9T7GhuWDPkX2nwd6 VgwhJqlJzqj3M9yfP7dQkBaR+2YCUeIln+mt+vYNE+cLTpL6WIgBYi6pyOSIkdMl fg7ZIJBVYK9h1NVbBuXqfxnM7UveB/GVeuMxRb+E6Q==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2040.outbound.protection.outlook.com [104.47.55.40]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 451y46trkb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Feb 2025 14:48:14 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b+c4dOywOlmlPWuspYtA+qsjIVX8cb/WLbfTONcahub1g/StLA8EIEZtRu29qFxhR0sl+mj0YBu+fjveGDxFJyYdP5Xcie0H3m2mrSm8Zy6ItX66x0oXJudoTOMnbWHMA8TWOgLVgLnehE/8llthjcMTXGjWLExQy10wCgRACyqjzidTO9AR/Ah+Wy417yYrwr5Dt4WDBE//lsAnJYWfpBtA31anYmkStKDJ+4B5nKVA8WLHXZ7JgB7MH6s+1YmF1L6OB6/0NLirEeCtWQSLhXMM7nnPEDDZBE0EuBZXj7WcOYKhVkr/d/GD1qseW3cpHio4htxUF7EgS7ODcpEvhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BLEXqywnFaHjxTBvfnd2FbCNlP2x3vSEm6+Zyk7lzi8=; b=CowHoCLBpCr08vNgNbkCBXVqh2R6tYNNIEPSqmqFYFn1Jj07DOdmC+1PLHRc/L7pS7eCexZMCr3FxkDVAjkgdeWxiN3LKuaLjzo36On4Chv5zfXsZuKpdxmmc/6wtUVIumYcCb09+oXJYp03IpeuCd9Q0HMu5DcLMGpqMGO1A/cRHl5ECoIyWndxdKHGrl9/usRde+x+/n1hRqN9CQre9ZAcVabF1GhQeVeeTCa7M/b50/Y8vBRvSUPq/p8zvkJIi58+o4CP1nmrcZHEWNYPpBJv3T3KI4dX9Fuh6sRwbYQ8Y0LnUSnwl83RyrLA2p0gMBFNFD2g2qfWKkrl0a+AwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH0PR11MB7616.namprd11.prod.outlook.com (2603:10b6:510:26d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 20:48:09 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702%5]) with mapi id 15.20.8489.018; Wed, 26 Feb 2025 20:48:09 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Rob Sayre <sayrer@gmail.com>, Christopher Wood <caw@heapingbits.net>
Thread-Topic: [EXTERNAL] [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHbiIL25pe9BORtykSk5lYikKsb6LNaBkmAgAAG/lA=
Date: Wed, 26 Feb 2025 20:48:08 +0000
Message-ID: <CH0PR11MB573991E7E61BBCB5C32FF8939FC22@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net> <CAChr6Syu5vf22TfhBO7E4ypDPPQJTVW7U1G-D2y0-7bH3heMiw@mail.gmail.com>
In-Reply-To: <CAChr6Syu5vf22TfhBO7E4ypDPPQJTVW7U1G-D2y0-7bH3heMiw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|PH0PR11MB7616:EE_
x-ms-office365-filtering-correlation-id: ae25cf42-ffa5-4f9f-4b45-08dd56a6e099
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018|8096899003|4053099003|7053199007|4013099003;
x-microsoft-antispam-message-info: U7ilWytuwKlDBkAjUfjNeQLRZ+2VujqVlLOabUjIvXpooxUFjaO/II2UWNfuEKmq1oTHcm3OYN0vO7G7efjoXJH/C91mm6gaoOHm6SscDGBadswIYjWBVJUfihV4NODXd8Rs2LhpIkGNoUshIEgNHd0ol01SY5K68Et+xOmJngfYmmPmw+qmyO3J/CAqPIwfZ6j8wLLzpihLSnQLQelwX6V0Y9CeLajD2T4noUvdaecrb6ivrz4uGFy32craWH+BFoPgFsm15uvpkADj6QxHawVUCxKKeBa2CBwF2+c+WaJGtF1LXa5YrDBf+2pqZyA87IIWvvV4tMXMN0/tgC84a6tYPkS+so/eTFEX+tdzZETJLoarmVGJMVMJf3vq3ViaZ9+uS9mSuN47JsDLhPeeKREPDnGwC1j8zPcAbS9OPQZP7EedudYWzOBJYQS0ICqlHq6OnbNWsrtWGZCcoWH+WsnMKJZ/cYaNddN/jCrSemPPci+G7dqVlS0tcac4foXTnECP3JxEgyGkqBC42y/QXjh1IVwiyy+S3pfPXwf1u8ol+NdnEVrtXzh2l7yBG7LYHKgYb3MEKY8kF1RZNGG1xRYYwRmEzI5pDB9kJplNRTdaO/67rLxOb33zCGfR05j+BHTTSPetS8wilE6akK0P7tTkuKIWvT7/M4YQ78FegiKyU+p5i+FouwHEPVle4xHuZ+/hkGBGs4kfyOQvJRRW0jDxJJ93ItOK72aA5cKRmNSAOKuD+b3Y7mngc337O1zaK3qt6iqyiZB4gD9wCWYtRN+QwUKxTNcePpJ23oXQcwpuvCE1kCGi92BVnvZGVdyCBkQim4HETSgxA+D6s5gZ4Ikv3NXuTaLNWSjL+DwLIEKyapNcn/bQoNAf04U1Xlz6Eo40zBDccl1vkEbWsIH4EoM994xLzYyRICJwsgomE8O7erVv+Qc1GpG7R09CakqF9n6qfSss6wm6znnenmeNx+KIX0Nub8/uu8N/xZdXw4OH4z4em/O52ausP7DY8NxBHEbvAuJWBQOF53dH6oIkdgDG/AizIvFHSP+xll5zSn3dJ+sRjGbdY++y3ss4zSPo5kNclBx+jLhBEWAAF/igWqZGG1QswFywoyMs9YG882RVk9NkOllotlv/pZaERCizJrYuFV78iMs5tjy+ks8QCFNWHR9UeZdH5J5OP7X0L4vip2vUKs7faiK/VvKwgyU0WZQ47S3Sptapx0DikLlTUJ2l9hN8EgUC80g62k835CxHRCSduNuxSk4HR1Q7+ira5mGEW1kmk0RWTOLORw7EaqD3plZULVIZENbtmkVnNHJ6TTwzwmFei+OCyaahyzHGD48K4dnt+tjc0FfZCTpsAV7lnQYF3WtEAbUjhHQBEghTkQA8AWxXtZIAi1Sqssm8dVfYFNuhoj+zCWyCDq/T79sjNvNAom5+vkDDVFSO+xLWDAjjdAemoQYjW/4vaB1F
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR11MB5739.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018)(8096899003)(4053099003)(7053199007)(4013099003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2ukZXJD7MU7ATFEU7ImUAKB6SntrItgpq9e3B+ntFUvzXQqRfb4ZsGoF4MoFeSK9RSlUJav67rPGrC6sdSq+sDIsoKmminFM9mWLMpdVSFU+QbumhfYLO5MG1yqiRlSFeoI6nRNZfhQX8zjn3frY/CZ1cubwT4WQf+f5SERM3qL1v7jcDaB3izk8uuJ2Rro9cralNMtW8dRpkEx8REQ8+aOFpdjdAxXjvHzDKW+6URSrQzRmwQviTaZXKBE2uUpX3ABkbd+2WCbUbAxoO0e8y9Xiy7IqJ+HT2DEefc97lSF0eut2sIr9FblG/FpaL39lF0v9yzR3BTj2Roo6r5FXOzb6zFK1rvbFx0zpdTEsYc8D5Bjr4pwtLbPrlShTNuB2ycuAcnySq7FOGIYobH30O+L0iYcr1yLC9JM3ybAQhKxmqFZiFDsu2bvOtYlHdkqVOs6LdsGaf7hNWQkiPXfr6R1HYk5sUuP9fhA+bfi8WOut0pbFzYzlbRSvNcmKe6zcwhU8Oxxz9QSEx2k4a2JjDAG7UoFt85RPJK8gz9G8u8sEyoNw61Cl2hPc05ZZqRvi+nid49lQoytHOlLYuBobX0MrOm9sg9E7RYaIT72P+YnEJ2+0Mx4LOTZ2BlGz6CavbmGtPlWbyVj7gi+v0+Zh7Ft+fSB0xGXEwthrvttTJzHiaUzaJbR24Uq2V4CXG17ORQRRgdL0gk7D9WzC/V6Q0LkjTrinj84z1Ff1wu2Pwe9zEHH09skx37OUuw71sPAUMJx6RKk8TcoBI8r2UQQHEN6AkKfa2MDL46XnhzsYsWpKeAMC8T6T0i5iUywuv9iXk0/kldD4Cx40i86kdKMmmyd9hP0hLUJMvnQY9a+IO3tfL1OhpAXk45nLc/4avwIML6YV0U8e072ir7m4VSR275Dm6uMjUviYWBlFsKGw+Tio2tB2KOkL043KwHO8E3wTzn4iz92hO/ryddUd+vM4mP1MoqH+NcWKYIdetpQPjuxAaLjhaE5h1inYIrGlct4sZeu/1Q5PEFKZDP+D7FeekNgveVvxXE4eLDzUvJoEusQvsph5dy9vr7xkLQOALOELAxwlJqYe2zgcbuT/kjdpT5DKvq5hpFa+Ra0c8zA+9z0lL/c/Ufir3VfDox7c5rwo3am/VpinoFkbCa3I6OYTmkrLfc2jE0KaHHxZJoY7T2NaOkMvxtW5l6g+iNiBsjIL1fDP4xHoPpGd8exV8PlPBZNsV0Vpw5rS8gwgTywUc2DW2ZPofmK9wPVbUHWp2SkjvqhNXNAAHmfYSJY3VoXnWgeFtYGJiUJysjLumNr2O7kmSeaOwjeDHkfppeZZwU6Ih7/Xv0BeUylt397DlZGMiFSQ/inF8zF+kFC2hnmxnMq7w/wUonPFNJGGjHvHi7n5if4FUV5pkYvK1TAyR1opLWGI0sb5k23OTwyVGq77anEimqQV3prSH+Iwyd3o9b7otvwbtLAIyg9Jcrcx8BOWd/PnJp54dgF5h+wWCbtZ58F2G0EN/DbKUXSuFxCQ+AtTu+mHVZjc0DImTjgBLo5tK4AHF6WKHF2mrLAe6oU4RNsrPfyzKKZeI8Kj3T6Zq78nG5n0uXPRZu4uNv/vnRwL6w==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00A2_01DB885D.72C34EE0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ae25cf42-ffa5-4f9f-4b45-08dd56a6e099
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2025 20:48:08.8827 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uqF2+HFc9dyQdIOqH5bG5HcHw48Ryc5csZ7OqA+ZHrsDKGLiyeITuvFRe9jvVqNHTZ27K1IVe+pNLHxxa4IblG+09pjyC+g/3FhihajmSv8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB7616
X-Proofpoint-ORIG-GUID: 8fIwo6Wg8RbWBaVhk3E4uzxKUWymg5QI
X-Authority-Analysis: v=2.4 cv=Y6sCsgeN c=1 sm=1 tr=0 ts=67bf7e0e cx=c_pps a=OemXRkCljtmPz/OzEC+nkg==:117 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=XHbIyd5_w80DRjfF:21 a=xqWC_Br6kY4A:10 a=T2h4t0Lz3GQA:10 a=FEbzDYiKvWYA:10 a=I0CVDw5ZAAAA:8 a=pGLkceISAAAA:8 a=D9p6os0HAAAA:8 a=48vgC7mUAAAA:8 a=vCl6IGTUyRWuQPQ5VFIA:9 a=QEXdDO2ut3YA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=8bGyFWSYi_IfvjSJ:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 a=lqcHg5cX4UMA:10 a=6qnT7Qsc9M_YH1mXCvUA:9 a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10 a=d8Ej1faDT8F_7K_NjbjL:22
X-Proofpoint-GUID: 8fIwo6Wg8RbWBaVhk3E4uzxKUWymg5QI
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-02-26_06,2025-02-26_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 adultscore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 clxscore=1011 mlxscore=0 mlxlogscore=999 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502100000 definitions=main-2502260162
Message-ID-Hash: 4ZOOMZZBF3MTML7MNMBUWXQFD3NTIPXU
X-Message-ID-Hash: 4ZOOMZZBF3MTML7MNMBUWXQFD3NTIPXU
X-MailFrom: Mike.Ounsworth@entrust.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IsQMXoJHfmPW6r5pEC3_gq5Qk1I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I second Rob and David. RFC numbers matter outside the IETF; they are a signal that something is mature and well-vetted, and can then be re-ratified in NIST documents, ISO documents, PCI documents, etc etc. 

 

I think that for something as critical as the recommended PQ TLS cipher suite, saying “It’s documented in an expired unadopted draft” is setting a bad precedent.

 

Since the technical details are immutable at this point, and the only thing for the WG to do is massage the prose, I think this can fly through to WGLC pretty quickly. 

 

I am willing to review and help iterate the descriptive text.

 

---

Mike Ounsworth

 

From: Rob Sayre <sayrer@gmail.com> 
Sent: Wednesday, February 26, 2025 2:19 PM
To: Christopher Wood <caw@heapingbits.net>
Cc: TLS@ietf.org
Subject: [EXTERNAL] [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

 

On Wed, Feb 26, 2025 at 11: 43 AM Christopher Wood <caw@ heapingbits. net> wrote: As I understand it, the purpose of this draft is to specify an interoperable key exchange mechanism that we can deploy. The draft already has code points allocated



On Wed, Feb 26, 2025 at 11:43 AM Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net> > wrote:

As I understand it, the purpose of this draft is to specify an interoperable key exchange mechanism that we can deploy. The draft already has code points allocated to it, and they exist in the registry <https://urldefense.com/v3/__https:/www.iana.org/assignments/tls-parameters/tls-parameters.xhtml*tls-parameters-8__;Iw!!FJ-Y8qCqXTj2!caxA5xKNO9EN5tBE2pwtNVuOlDf3jQuTmziPO0IkHs2TkjXL0eNzCImowcnqd_JJQae-2acySqI9hNe2Yis$> , so I wonder: what is the point of adopting this draft when the important work is already done? If it’s that some folks won’t implement it until there’s an RFC number assigned to it, well, that’s pretty silly.

 

It is silly. But the nature of the issue is that people that do implement it can put "RFC NNNN support" on their comparison checklists. So, it's more effective than the code points, especially if we want to encourage smaller implementations to implement.

 

I support adoption if it helps this work get implemented more broadly, but I think it’s worth asking whether or not this is a good use of an already busy working group’s time.

 

 I think it will help the work get implemented more broadly, so I support adoption.

 

thanks,

Rob

v2.29.0 | Report a Bug | By Email | System Status