IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 26 November 2025 23:50 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 27E5C916B744; Wed, 26 Nov 2025 15:50:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9bdJm_v2rhMB; Wed, 26 Nov 2025 15:50:53 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0BFA6916B73A; Wed, 26 Nov 2025 15:50:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=8Bm/QqsNzdmwIe74KykE207UmRTTpLD9CmBVqCFlg/A=; b=J6tE3B43yikppfSrv2NMg2a9We JvOGBir/w6hBoQUT2zXt+O1+zCVUx6AqB6QwoMDl8DDA552bywBSDm3DgEGVtNibXnKHu+lBrqgQT RCF5nEOOE9Be6Pm93RqyCUWjBSTeZ5If1vRqPFHwqJjEGl0bqsFG61hFmbylSlP3RgPMxqh5LLax7 CRu3yjhlGlbA/QdJ765TfN1p/6m2W4rZnhcilxjtJgwESQ7dfC+Ih128iHlgo6Z6hI6fQFaoffDbK x6KjYs9Ar8VtaDkutAY6OzljvJ8pdJVAbufmh37DJC2Pr8QA6FEBv70k/cTnpubz94AUdM5nXYpgK ybpElrwA==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vOPHY-00BEon-Ps; Thu, 27 Nov 2025 00:50:45 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Thu, 27 Nov 2025 00:50:43 +0100
Message-ID: <b2593b36-4d8c-431c-ab79-a2dcf94dfe79@tu-dresden.de>
Date: Thu, 27 Nov 2025 00:50:41 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Eric Rescorla <ekr@rtfm.com>
References: <20251126185919.362611.qmail@cr.yp.to> <9ce12b8e-9982-4194-987d-d2ca3a41ea48@tu-dresden.de> <CABcZeBOffkV9eUtpdPp8eWB_eMA1c6-GOMHoZcDs93cGm1kwfw@mail.gmail.com> <10352a8e-c3d5-457e-854d-e72e31fca2d2@tu-dresden.de> <CABcZeBPzabtzCs=zLncyjFy=JHWXzpPb6haN5iFA6=3orXTU2Q@mail.gmail.com> <91f28ee1-5408-417e-868d-bd5af47bd773@tu-dresden.de> <CABcZeBPopk4jSXjwWaX_bPdcgvj6f6wPxTc7+300YmZnLGf36A@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CABcZeBPopk4jSXjwWaX_bPdcgvj6f6wPxTc7+300YmZnLGf36A@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms040604010005000905000105"
X-ClientProxiedBy: msx-t420.msx.ad.zih.tu-dresden.de (172.26.35.137) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: 4ND2HKTDEYASZKANQX2UHQKSIGQOYCFQ
X-Message-ID-Hash: 4ND2HKTDEYASZKANQX2UHQKSIGQOYCFQ
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ou5Arxftu0FhOMFye6XjCMcRPhc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On 26.11.25 22:35, Eric Rescorla wrote:

> On Wed, Nov 26, 2025 at 1:17 PM Muhammad Usama Sardar 
> <muhammad_usama.sardar@tu-dresden.de> wrote:
>
>     I think the draft should have a statement somewhere stating that
>     it is no longer compliant with the base TLS specs, with pointer to
>     section 9.1 of RFC 8446bis.
>
> I don't think that's correct.

Yeah, sorry, as mentioned in the thread, please take my comments with a 
large grain of salt, since I haven't yet worked with PQ. I am most 
likely missing something from implementation perspective, from PQ 
perspective, from terminology perspective or interpretation of terms. So 
please feel free to ignore.

My general feedback for this draft was that since it is the first draft 
on pure PQ that we have, I would have expected it to give a much better 
introduction and motivation than a couple of sentences that basically 
tell me nothing about why this draft even exists. For example, "users 
that want ..." is too generic of a motivation that would apply to almost 
any draft of the IETF. Specifically, I would like to know more about 
those users to be able to reach out to them to ask whether they also 
want attestation. If motivation comes from compliance, I would like to 
read those regulations to understand whether these regulations also 
require attestation. And if the answer to any of those is yes, then 
check out whether these users have any preference about intra-handshake 
attestation vs. post-handshake attestation, etc.

> An implementation could choose to implement just the new algorithm and
> not the MTI algorithm(s) in the same class, in which case the 
> implementation
> would be noncompliant, but it's possible to be noncompliant based purely
> on the algorithms registered in RFC 8446, for instance by implementing
> just P-384 and not P-256.

Sure, but I feel like there is a difference. In this case, the 
implementers /choose/ not to implement P-256 while still having the 
possibility, whereas in pure PQ, implementers have /no possibility/ to 
support P-256. Isn't it?

That is, I don't understand how pure PQ can support P-256. So my point 
was that implementations which have pure PQ cannot be "TLS-compliant 
applications", as per section 9.1 of 8446bis.

-Usama

v2.37.1 | Report a Bug | By Email | System Status