[TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Fri, 10 April 2026 16:46 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6BDEFD9AC529 for <tls@mail2.ietf.org>; Fri, 10 Apr 2026 09:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775839594; bh=42sPVgN/Jrg0zKAxfS1iE9ei9CPfpKyzYHV8iWRKF+M=; h=Date:Subject:To:CC:References:From:In-Reply-To; b=Oh3GNf6kg/TaVe9cdZWC9lriioo7maMQjubC/6TNK+y1kguKLdphjTQrASf/xyYi5 UfYpMDysQDUzGd9yd84GQvx7pcdXA6T7IyvOT7Ynkc9SVjLfL4JrDW6qtrtFyaO+ro k+BEYGIzfL1Q995/8R5gd+yRupppfh5sxTTpgxYM=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TspTi1gTeEjz for <tls@mail2.ietf.org>; Fri, 10 Apr 2026 09:46:33 -0700 (PDT)
Received: from mailout7.zih.tu-dresden.de (mailout7.zih.tu-dresden.de [141.76.32.220]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7063FD9AC517 for <tls@ietf.org>; Fri, 10 Apr 2026 09:46:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=I+X00XaTyhYFmZ4QiYrI2XV34CZQWje201+38IjTHZ4=; b=G0MERBit/U6ysz70rgKYnRLvZR bkY3kkk+IJU8T1bCBz8boqkAJDm2oxj89zal136mMPxWmGAWgpPpoeNkjhzDeSLni2xW+pVHup8SO cLfQO4ubtvWQbqQ7kqkU3UkwgppvttpNRhfaEI/hN/eecOe8XJZKYQIGV7qpOceOH/BP/4FlJkFop VTXDjqVZz37EuFq9vi1OR6VnTH+2nK3zOSP6Qx3CPkqGOEjIeh9I2AM3uO80vTIvpDhvZIzz4enYf qVO+3f607dWiVsXlu5A/DaZ7f84re1JvwMSoqsxHlH/GX9TSTqJTOrKzq7RirtJrobKG7M0pXIUHG UuNz6Aog==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout7.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1wBF00-001ZiH-00; Fri, 10 Apr 2026 18:46:32 +0200
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Fri, 10 Apr 2026 18:46:24 +0200
Message-ID: <91fc544c-9ca1-4265-a1bc-a6e76ea0ba22@tu-dresden.de>
Date: Fri, 10 Apr 2026 18:46:22 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Bas Westerbaan <bas@cloudflare.com>
References: <16CF0FDA-7263-461A-9F2B-D37DBEAF5DD9@sn3rd.com> <25c8d414-e4c8-455b-bd64-28132615ba75@cs.tcd.ie> <68f49a81-dd2c-4bea-896a-87da3e6aff68@tu-dresden.de> <CAMjbhoWwvfkfScpbf4-5PBzk__qb+6M4ZzAOba64kk9aXBba5g@mail.gmail.com> <d47a34ab-7fb9-4687-84aa-a5fa6bcf6a6c@tu-dresden.de> <CAF8qwaAFbx5kEZ_0D56yhimwQrbvzo9-NeS3P8gyczA8yR0XYQ@mail.gmail.com> <ca9ac846-695b-4da8-9be4-b4558a5f021e@tu-dresden.de> <CAPC=aNWM2bRXz1-AnQpwSc2bcdrUb++8sim6dSWb2UTjQ5=QdA@mail.gmail.com> <0363e39e-098e-4a46-8329-46655bfba3e4@tu-dresden.de> <CAMjbhoUbBnOo_7Y5X94hK4-W4z-PmeFX8sHAXgcrAZTYM_MkvA@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CAMjbhoUbBnOo_7Y5X94hK4-W4z-PmeFX8sHAXgcrAZTYM_MkvA@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms080900080309080105050201"
X-ClientProxiedBy: MSX-L414.msx.ad.zih.tu-dresden.de (172.26.34.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout7.zih.tu-dresden.de
Message-ID-Hash: M3C4IQHKTHZMP4YW5V54TGQGOYEIG7VP
X-Message-ID-Hash: M3C4IQHKTHZMP4YW5V54TGQGOYEIG7VP
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ietf@jackgrigg.com, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OPfETEmOmbEneQWrpGEW_sTS7Pg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Folks, sorry for the back and forth but I am seriously lost of what 
additional information we are providing in Sec. 3.3 given the consensus 
of RFC-to-be 9851, which is absolutely clear on this matter:

     > Put bluntly, PQC for TLS 1.2 will not be specified (seeSection 4
    <https://www.ietf.org/archive/id/draft-ietf-tls-tls12-frozen-08.html#iana>)
    at any time and anyone wishing to deploy PQC should expect to be
    using TLS 1.3.

I am listing my confusions below:

 1. Title of draft has TLS 1.3; suddenly there is a section on TLS 1.2
    which is quite weird to me given the title of draft.
 2. The section is titled "TLS 1.2" but it actually talks about "TLS 1.2
    or earlier versions" which is weird to me given the title of section.
 3. Section states an alert for TLS 1.2 but if we are "fulfilling the
    duty" (as Bas calls it), then we should fulfill the duty fully;
    namely, what are endpoints with TLS 1.1 and TLS 1.0 supposed to do?

I really feel something is missing here, which should be clarified to 
the readers. But if I am the only one being confused here, I can live 
with it.

On 10.04.26 16:36, Bas Westerbaan wrote:
> We have a duty to be clear and helpful to downstream users of our 
> standards.
Because of the above 3 points, I claim that in the draft, we are not 
fulfilling this "duty" and rather creating more confusion.
> Being explicit that ML-DSA is not supported in TLS 1.2 and before is 
> part of that.

That's already covered "bluntly" in RFC-to-be 9851. There is nothing new 
being brought on the table. If anything, the draft should cite RFC-to-be 
9851.

Best regards,

-Usama