IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 26 November 2025 19:47 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 86E38914CA45; Wed, 26 Nov 2025 11:47:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sb7I-zF5TfQD; Wed, 26 Nov 2025 11:47:53 -0800 (PST)
Received: from mailout7.zih.tu-dresden.de (mailout7.zih.tu-dresden.de [141.76.32.220]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 284E1914CA1F; Wed, 26 Nov 2025 11:47:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:To: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=R12Soz5hbijdAw7H9PO34M486vj3kPs2nY8EW5TLdJM=; b=AGAfRhRclPdCiAdoVeKD8AyJJu k1QgfRxqDTau5EWEHCbEJHujn9+jFlxa5A0ZiM2z85ex6wLDYMgGGPzb1d3qcfa4d+Cr/aeyigEpx ampiH+oYAkXcEa2xw1lV7TmkGvbDdbTivWGgpxWt7zixEW2rMxkyY+xAmhcvSE6KD5G3Zpkb+PR95 3U4+IYbdX4ODToptxvEUZUFdsf2mtaoiVfGnYFSO/joWG7lmX8f8LW5ALUorfWjv50Q7h9Rta4cny kykAFVtTFDJVVE34/fQxK+arcD1YtcJ4d5JyKOuDYysxk6rfsE+K7lcQGJ96xnJp0K5B0XeU+y3j8 M0/B420A==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout7.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vOLUS-00H36g-02; Wed, 26 Nov 2025 20:47:52 +0100
Received: from [10.12.5.228] (141.76.13.165) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Wed, 26 Nov 2025 20:47:37 +0100
Message-ID: <a3f3e1a9-06c2-42ad-8f09-952a7596a940@tu-dresden.de>
Date: Wed, 26 Nov 2025 20:47:36 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Sean Turner <sean@sn3rd.com>, draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
References: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms000107000502070901090602"
X-ClientProxiedBy: msx-t421.msx.ad.zih.tu-dresden.de (172.26.35.138) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout7.zih.tu-dresden.de
Message-ID-Hash: PRLVAESSUHDMUIKMRI6BR6D3M5B254DI
X-Message-ID-Hash: PRLVAESSUHDMUIKMRI6BR6D3M5B254DI
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LN4P8rqTwkhP5H7D2RH6mfM2zT8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On 05.11.25 19:51, Sean Turner via Datatracker wrote:
> Please review and indicate your support or objection [...]
I do not support publication in its current state, but I do not have a 
strong opinion.
> Objections should be motivated and suggestions to resolve them are
> highly appreciated.

I would like the draft to address the following:

  * Introduction and motivation is too small: literally two sentences.
    That's clearly insufficient. Sure, I'm not a PQ expert but an I-D is
    not for experts only, isn't it?

  * If compliance is the motivation, it should be added in the
    introduction/motivation with at least one pointer to authentic
    reference of concrete regulation. If it is for National Security
    Systems (NSS), such systems might also require attestation, and
    hence my following comment.

  * The security considerations in the draft provide no details
    regarding potential extensions. For example, if I were to support
    pure PQ as well as attestation within the handshake, I am left with
    no guidance on what are the specifics of pure PQ that I should
    absolutely consider.

  * Has any formal analysis been done for this draft?

Submitted a minor PR for typos [0]

-Usama

[0] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/8

v2.37.1 | Report a Bug | By Email | System Status