IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Eric Rescorla <ekr@rtfm.com> Wed, 26 November 2025 20:45 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 21D35915608D for <tls@mail2.ietf.org>; Wed, 26 Nov 2025 12:45:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9JP1C5XMJtZl for <tls@mail2.ietf.org>; Wed, 26 Nov 2025 12:44:58 -0800 (PST)
Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B21119156069 for <tls@ietf.org>; Wed, 26 Nov 2025 12:44:58 -0800 (PST)
Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-787da30c53dso2149467b3.0 for <tls@ietf.org>; Wed, 26 Nov 2025 12:44:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1764189898; x=1764794698; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0xC77c0FgiIf5d0Mrg8xON8Dxj3Nx+ZFnKL4NNAaK1w=; b=Kj7W/4qN5ZfXGP9+NoNMZiuqyZLS6J8NGrsgBro+kBqgWv8gk6sYa8XdcuNKEtszFr XJLs5fAgXAKv5vIlrfE20EzI2N2K9x3rCm0R93rMSX/wGHHupbRIgthImLCdGaK4cq45 Jyg4XDobZgkZwSD9qByDkC0uMSdoZiwYjWiK1Rl7QUJM9L7f5Alj+VV3dpspBBWZGTwF T775YOOvyCgB3aM8a5IhSkaT1nFZNOprkOrMY8xvUr52DJH1shOy6ZmyC7YTujMIDZCb nXvq+zAcKY3ejAoiUJcJ8KO6AN6lHDSYD7bTm+HBWakAEKp4UUPkMBvT1Bcu7wSYtn+l mnhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764189898; x=1764794698; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0xC77c0FgiIf5d0Mrg8xON8Dxj3Nx+ZFnKL4NNAaK1w=; b=HmlO5x3MmzRMcCwJGrCjAmmnZV/ijx4W7DmyIyWtYSUKfKDim2k9KHQ8HLsh5DxIFe GJ5eO0XyDxgo/zEir0VTpuiYZuKFZos7ONSpxtBs+lvRYiWReFjwMBawPRd4nt/WCZ6c jvHVGq6bf3uQE++Ihm1bb3xx/CmgNazvTrA+uVIOud3j5fr2kTM9rLXi9RALgo1xjw5j b7WNNh4iZp7hCawAmYHXN6FACL0oouH8eWrtOAZv4IKChuWhjAeHBGqQX5AKKlwefHFb 0pRURsn76mdOEf++oonRSMUDNTtKmD5Rjf7/2hAbbrez81p4JMwp15ngkNPFNESy9KYq gN/A==
X-Forwarded-Encrypted: i=1; AJvYcCXBdw8ScIqKravMITeCrvxyPDr/zIT2SHhQTNgHi3O+XZozvscAMxhHaz2zONvmIlTO95Y=@ietf.org
X-Gm-Message-State: AOJu0YyOZsJMp22AcFxoL5xpuffwHdoH+7UcEuKVT0ws26S2wEfgUlOk SvXhqbTHOJUpUgBZGb7QDNwEvkJrqnAOM+R0hhBhh6hcgZlAu9h2uXbIbiOT6N5Fl99+FmO6Lxb uoZ9Hh4jxto5ktXgIGX8Km1rrweSAOmnskOi1QD4PYZgxWgOWCwTI
X-Gm-Gg: ASbGncsCpWAMJzYCqkXzkgLp2oI/pYJ8TdGeL7ySP9uK822Kr5rabyl1a9QOM6USnk4 CFpClZkwncUex9LJkIHT07gm3B/tkLUrYty5Ra3n5s1EAW9DA0YpIfR8vJjNU09NnDGScf2uq0n OnjDN1RGXOQUYiS4TmFgaTf0UKPB0Xlo7V2epmPoMngcJZi2nxkNkNSqVxEfQGPUJCcuEedVifk LIv0HgspsEAkJqz21tL+05uZjAx8EdU+vHJVQB5/DuZ+0pTcoNXEKCViDQUnR3zmqpa8z4UPffH cMNtPZX4qaeiMKu7kuZh9+YKCTWxRwEdWZsP1QY5JorRxaoldXDKrkNMV9SkCWLfgpx1qM03WCF cKndGgtV0KQ==
X-Google-Smtp-Source: AGHT+IE8ovr0RE0TKmZ7OivIGUevO6kO9wKXJEGui+umoVuVw6pFqsIcCw4YIpQTvn8alpi5NEf4tpRcCM9bD/MjGI8=
X-Received: by 2002:a05:690c:48c8:b0:789:552f:b576 with SMTP id 00721157ae682-78a8b490616mr176148967b3.15.1764189898140; Wed, 26 Nov 2025 12:44:58 -0800 (PST)
MIME-Version: 1.0
References: <20251126185919.362611.qmail@cr.yp.to> <9ce12b8e-9982-4194-987d-d2ca3a41ea48@tu-dresden.de> <CABcZeBOffkV9eUtpdPp8eWB_eMA1c6-GOMHoZcDs93cGm1kwfw@mail.gmail.com> <10352a8e-c3d5-457e-854d-e72e31fca2d2@tu-dresden.de>
In-Reply-To: <10352a8e-c3d5-457e-854d-e72e31fca2d2@tu-dresden.de>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 26 Nov 2025 12:44:22 -0800
X-Gm-Features: AWmQ_bnzQ_YFwwo5C6ksc4dml4TCQ92niTYhu1AQQyGU34P0hORf3YM-2cqA6FI
Message-ID: <CABcZeBPzabtzCs=zLncyjFy=JHWXzpPb6haN5iFA6=3orXTU2Q@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="00000000000031fbda064485783a"
Message-ID-Hash: SHD6IOHN272ERFQJOTU6TX5JA5HDF34X
X-Message-ID-Hash: SHD6IOHN272ERFQJOTU6TX5JA5HDF34X
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LzriUVda9Mhmcem2ECtke8JuI7g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Wed, Nov 26, 2025 at 12:32 PM Muhammad Usama Sardar <
muhammad_usama.sardar@tu-dresden.de> wrote:

> On 26.11.25 20:51, Eric Rescorla wrote:
>
> It's mandatory to implement per:
> https://www.rfc-editor.org/rfc/rfc8446#section-9.1
>
>    A TLS-compliant application MUST support key exchange with secp256r1
>    (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748].
>
> Thanks Ekr for clarification. I might have missed that as implementer's
> issue. I now see that section 9.2 marks key_share extension as MUST.
>
Right, though it's important to be clear on what that means:

- You have to support key_share, but you don't necessarily need to send it
(e.g., if you're doing pure PSK without any DH).
- The requirement for key_share doesn't require you to do ECC, just to
support the extension generally. You'd be in compliance with this
particular MUST if you supported pure MLKEM, though of course not with the
MUST to support P-256.

-Ekr

-Usama
>

v2.37.1 | Report a Bug | By Email | System Status