IETF Logo Mail Archive

[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 17 April 2025 21:17 UTC

Return-Path: <prvs=820212e46d=uri@ll.mit.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AC9B81DD3028 for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 14:17:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiUK3-y6Fwcw for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 14:17:33 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) by mail2.ietf.org (Postfix) with ESMTP id 1CE7C1DD301E for <tls@ietf.org>; Thu, 17 Apr 2025 14:17:33 -0700 (PDT)
Received: from LLEX2019-01.mitll.ad.local ([172.25.4.97]) by MX3.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 53HLFKeu175243 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 17 Apr 2025 17:15:21 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=t/+jADj22P+OC0znlrOgq5o+OrwHw5B6LxZxNxaeB18IPic0d1ciDcgavCLQKiGiQmm6W30+lH6DIJc9JO52qMm8E+WRQjGKl+sI0q3+vgLE7HXJJF2HUEdZko4AQPKJ4JgVDuc8r/LcHyFXJDMUDQeGVft10bC1M/533k65ZY9ILEngVKzyw1KNIDszaOzZPCgvOeAL3UhnSE+Zb8Uzpm9XdVral7C8bo0qVU6FWFBzU6Ht5bSbwotTpYtq0t6ErV5uVes8vnsPp1xavpVFbihOgd0E7cRlbOCrbGhhZ862mW9IzlDUMGDVr5x53DRh53w91ESbguThyfl05DMnHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jE2x0Im6z+JFU8Rj3CluqlNsVzJMioAn670Xw5sYx4I=; b=Lh8NIang0ed80eZtUqFUc2wLe/jSCyL/9GSo5EH9p2ozKW7DG9N7ImOWIEHhf5Scz+jrmMaskMnvUaLSLkXFqPpoY2uQrqS1foB2nrw0WELCgAype6bonvV7PgzK6iia+3t7+7/H3aBvIYF6eblT0ezmstlfF1ev7AYx6oFKdMu3nZHK98eFZrxWW6u9k0EombSfz2izk0PE4VPFb8UEJisSZQHHaUgzhvSR3BmR4Nw6a4Gn09i66fAG9L93zLegX9KjImyZjlVaFuggcfamwYgy1x3KDmhUuXA8h1J83rXyVNaG5ccI9eDvH8ntptTK0uZ5Qluxb68JwkWLTV+Hrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Salz, Rich" <rsalz@akamai.com>
Thread-Topic: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbr8D1fIeuFLcEp0qEAoezR6xNsLOoWY+A
Date: Thu, 17 Apr 2025 21:17:29 +0000
Message-ID: <BN0P110MB141930A9829053013376FF7C90BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <5dd1e81a-c37a-ceff-b89e-b4335fca07b6@nohats.ca> <56e646395f67e27ff11a092d5989c1c85eba2563.camel@aisec.fraunhofer.de> <CAOp4FwSJpvn6f=3utd4yBE=ftkXQ4h38FT3VQ1XOhrubqgu0ng@mail.gmail.com> <BN0P110MB1419E8DB9B38B33F41A6234590BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <IA1PR17MB64212A6A5AC34467EB83F2A5CDBC2@IA1PR17MB6421.namprd17.prod.outlook.com>
In-Reply-To: <IA1PR17MB64212A6A5AC34467EB83F2A5CDBC2@IA1PR17MB6421.namprd17.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|PH1P110MB1697:EE_
x-ms-office365-filtering-correlation-id: 48e5dfe1-be50-4e1f-61ac-08dd7df5427d
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|8096899003|4053099003|38070700018;
x-microsoft-antispam-message-info: OoxwQk3uFn7oxp2yyyFwx/UA/9hoTWorQ1WxF7sa68MyES/gfv0r6uWY/Ejf/x9HjTkwFC8CO7OiEyfuBWtUZ/pkJSeZy9biQfo91wb7F16anwyZAXUBpEYCNhY6QZD9yis0CfzWODd5sCMWa+3tSxPp9lW12ei0wqj3NenpxaDNipsfONQp3+xAbtQCjrjZOYgzR0WFLpE4e/vP5FHdF82N6kL3TmT+DZ9g+9J5TE6xoJiOBOcKK3Qq70Ro/NTwQdfHOllXP+K69Gap6PGTe1j+UzB79lWZWSlEyAYeYgUOuFn64RAq76fCNXICueo5Zw/ALUynuRI2mXlL0Fmrr1FzSOrDIy4VjRiYHr9ErLAjvjYcdRUktjlbrVecV3gJk8rKa+XDfl3py6n+N6Y5wjhvm3Dwln7AttgcDwpy2v5m8YPAjZ77biqaLV3k/vDNYsnYwzSrT/qFmCbJKTr8Fe6i4SqJIjH/+ASTJBdi1mwfvC1UgaIrYeaSYHU9rx942puxipmSDRN1N+w+a/0WEwJ622TcA7YU+IMabuZ/Oaxu6LBSH2Y2YG6pT3BTtJD2h3VdQ40q9Qyo4b/NpqgWjkjclvcY6xeMockx070ObzHTYOIEgH/xc5ffcW4TtExY38+IXpXcZJgCCupfo10DIslzy4bg3VKyJy6F28QA8GCnJtT8ZAapjnj9mqi5rh5H28EHvVdC70pt4CLA4uTiYUAqmLA4/8ZjGESxibQN8sIk0NoZqJIDiER3B0/NAP6yQT0LcWCk7VE/ZSkWjjjR1S5PWUa0LIKTvr449aUjDP71g5YKLGlEdRJHdYONUTtsQIAL9V8jfS9OXyj6olsXc8kORGAsAX9NoOfN37oXMPz93tpdmmd2904Y7AX6An9SVhEw71ptqgTrFEJLvE4RQauccdOU+TnE8M0bI02EQq/ptpavRlrQTM3/6fhuu4xDXAtTBc7FeXCnJQkm61upPWhbZ6P29nJVuRsmJM6JOxwWFOS08FeAQ3M5QsHis1HTjyfmpzrQCXeGnaaz2FAxl0H+riIFQdf3rwq827dVAbbpj9/VJ3u8usDpbC3sGwkhN3euzsX1HVur5ZNI7lN0i0pFLGopLDmsMfYe2CkxnQX3IIRRCogF8pcjQK1CKLyhExapGkkCT+IUB32J72/vFAkDTd3HVDH5cnhkOyyA/qrlq8y36yc6mGAorRRPE+QGNaHB1jq7I28e5ZTqcEDjbE3//DodS347n9BMOosenR3+dSinfsyO8GI41T9cXlXP8JJL+tL/CTX8Vo6ORW057ZcsA0M7N9NVrqNTjn4f7szr7R01+S4jtQQ5VAx4p6p2aGrbRBrTLJwdS00MvPta31YVfqwaTQlBVWWHSIYgbwjei2hJBKx+O+P9dzXEdcadXZpUPOtxtm2lRNFGv3YDkOIHsHU9S4PfqZn/ZHbhQHY=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(8096899003)(4053099003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FUmE9uxKeuCoKczXDU7q54Li0gQjH/vmYU+AvfeQm435Ap3phyl02uNgVYtVs6DNLawKWHN+HM3JxA4c1nsvoZKLukfky/td5+LLXZ3UjDz3Udpjkjcs5Q8JEK6eKJzC6RFB4QFONzPsHNon3NkdsVNUTCqd7cbfKfwDRUlfpbXgy6lge8aa6fy/rwDHNImqC2mn2L6hsRyDFSVVkfYcHJyDEIP3Z5yjpJf2omVKbIAOTZysVRNBWUzQn9HQTnmNi5tSviEW1ypiEdiRxGFmhpIMkgClUS9WgDI8qkE0rI6eT90a7ZqYGe1Jixa8N837y6beypizuft8o3ZDRvUXWEluFFZ8dyBMF1v0S5I3STdPJhO9kzEETbre8R/YoOLNTdkPsK7sloJJI+uHka+ml0Em6huDK//qEAm3oxgbGJyp2HEANk964q3QSSQqeWhqMub88bq+Ia8SOP+MZyseGMNd3GjkNxnAMPDHdoriD0+aK/YrhvMV7437Nq4DqdQT1Iw+c2eVtfbDyECwZ0NEq63f2fwH4Vi03EnCWsfR2gXFL8K4XMb69ZUAZpN/wlAzBIddvwN+8X08r36mxTXEgtGFLjPGrwPvM7i7VuEDOrULChkepzezz4F7T6DFWXYPBN8VjpsV/mjtKkVTgpOnPfkreQkJqA19bPJM/8xaxlsrM8X6jSeyQKnjN0wsJkMm8/NrkFTiPZMEfd8E9CktbmkgowG725dcw9D50D5KFYDSX7rOjxSPNiL4HehSTsalapQF4OKI/kimZzcmvcSdY8fS6S9jl83aHb/jZPAs4QzJcPdquvIF3sEAw54684T36qzeGHrKsQUljZYIFoDBruVjf+sSgQPLZHg6tZDZ8qL92i5Q0/EY77PUldkaDoL5aka7uJfA2Lqp1ogaqlrPnsJAwO75PknGNKBmKj+ndO2lQaE2aNT+NCkl2m/dyAinBvh56VEi9WGa4W4r5ag3BFoLf6Bs52OqxXsKFO/lxR3WrPSJ0i6q979c+K/y2BdGT2KE6fwy23zPeESXDhVAob1X5VgqRoIgf3oZt8N9IP9kHLygkH1j8CY6Iu0+t0ASHzMNtkgQhHHbLU3KsIuEF+4tZHy/f0TL5Vn8/e8aYXWV8SDDYcRqQzZ0eEyHCQ2lZ8pzq0OTq6NoOpdIf8VUjDs+PVw0GyXsIHmXtNqx9fDSuMoUWZUPYItirWu586KuUSTQo3aXnQ5TSlxmnT5kWdnECPeYxARvsR5GOs/OaO7sa/sVGYtWhiByO5P/Q/rEpgpv1nUKO5IjQ6VJfMx8Gjmf8iR+sw8UuZap0FOy6Y5gqPUI+T5Wu2Np1pNonQ4z9/ju59QincjrRoGKQCZJP+hLe9xFSCDkrNtyE1//btd5Io+KZnDEv6KyiDQLV/bROSjrCCsf5LkOby3r9pw584I/Upl6JCsj3zjKbKtGVn2SmKQqjKB4cXJfwllZltFpNxfks7+ARf0jL7CU0G4okdbkyGweqoYPNXILrvBi0gqERj5Dhw+54mnbt6WRU51Y
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_27B83255-5792-EE47-B1CE-FA787D5BBD8F_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 48e5dfe1-be50-4e1f-61ac-08dd7df5427d
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2025 21:17:29.2091 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1697
X-Proofpoint-ORIG-GUID: J73BZToXOBQqA02tOEmpk3jEN4LkIW3J
X-Proofpoint-GUID: J73BZToXOBQqA02tOEmpk3jEN4LkIW3J
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-17_07,2025-04-17_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504170156
Message-ID-Hash: 7GKXFAIUIXG6HT2GD3PUXA4C3BPGFAI2
X-Message-ID-Hash: 7GKXFAIUIXG6HT2GD3PUXA4C3BPGFAI2
X-MailFrom: prvs=820212e46d=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Okr-cYCmPp8IDrTKwj1Rsgo0t58>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I consider risks associated with hybrids, so my deployment will not use them. 

Care to share? Perhaps you know something that many others don’t. 

I know that (purely) cryptographically “as strong or stronger” is not the end. Which many others don’t seem to take into account, or even care about. 

There’s maintenance of the code for both parts of the KEM and ensuring they’re properly integrated, maintenance of parallel PKI structures, need to allocate the costs for two moves [1] instead of one which already makes some users argue (which can be a royal pain in a large deployment), likely many other things I’m too lazy to concentrate on now (besides, there’s that feeling that I don’t need to convince “my” clientele at all, and there’s little chance to convince this audience anyway, which dampens the eagerness to strive). 

In short, all those factors of actually running a large conglomerate of organizations… 


[1] One move – to the PQ (in whatever form), then – once people (even those now-dissenting here) decide that enough decades have passed, and we can consider Lattice-based as reliable as ECC (apparently, two decades of study is not enough – would three suffice? Four? Five? Would we still want hybrids even after CRQC appear?) – another move to dump the Classic part.

v2.30.2 | Report a Bug | By Email | System Status