IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

"Salz, Rich" <rsalz@akamai.com> Tue, 07 October 2025 19:36 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 422406EE1253; Tue, 7 Oct 2025 12:36:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com header.b="V/9zviz/"; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=akamai365.onmicrosoft.com header.b="kcbpuax+"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lk0tsNOKz5PM; Tue, 7 Oct 2025 12:36:52 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 923286EE124A; Tue, 7 Oct 2025 12:36:50 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.18.1.2/8.18.1.2) with ESMTP id 597JTrQw030927; Tue, 7 Oct 2025 20:35:50 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=903CwOdtQNKKUOadH1leFt tb4Nd91PmbhPYKwiikHa0=; b=V/9zviz/W2eKWdf6A9ZJchBQk6jrkqgboZmcCo 1Xe+3SgBynyzI+jpJKsAKzsPv0i3Bd7ahAbXavffqLItmdYJzaNkVIRpQbeyAAcn fQTlY8FVj+5Jinv7sJMnY/sMaHYe/JP25a/jVvHUzHrv3IGidjZ1H9brMRNU0Ijv 3pf7Y+a475UEDpAoM40kn31NBuJjAWUfp+81q5iXe71Ea3tz9ekrPPuanJ37qfAw EqLBP/4/Q284KK4D5+yDx81IpuijbAZ1P61y6H1ZbKrSc23fVA4oUdjDCeiZNqM9 MW6XGIV7Hpqmb8k9i6ywfeVnkSMpX8Ol8EFRZ7P0+zGVrO4Q==
Received: from prod-mail-ppoint5 (prod-mail-ppoint5.akamai.com [184.51.33.60]) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 49jrngtsj7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Oct 2025 20:35:49 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint5.akamai.com [127.0.0.1]) by prod-mail-ppoint5.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 597GlEZb016571; Tue, 7 Oct 2025 12:35:49 -0700
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint5.akamai.com (PPS) with ESMTPS id 49k1j93uc2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 07 Oct 2025 12:35:48 -0700
Received: from ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.37; Tue, 7 Oct 2025 12:35:47 -0700
Received: from SN1PR07CU001.outbound.protection.outlook.com (72.247.45.132) by ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.36 via Frontend Transport; Tue, 7 Oct 2025 12:35:47 -0700
Received: from MN2PR17MB4031.namprd17.prod.outlook.com (2603:10b6:208:200::22) by DM4PR17MB6977.namprd17.prod.outlook.com (2603:10b6:8:18a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.9; Tue, 7 Oct 2025 19:35:45 +0000
Received: from MN2PR17MB4031.namprd17.prod.outlook.com ([fe80::4082:17d0:7c11:1730]) by MN2PR17MB4031.namprd17.prod.outlook.com ([fe80::4082:17d0:7c11:1730%6]) with mapi id 15.20.9203.007; Tue, 7 Oct 2025 19:35:45 +0000
From: "Salz, Rich" <rsalz@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>, Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHcN5ono1sPELaPike3XhGAixQhgLS2336AgAAbRYCAAAfuqIAAAT6AgAAPBaU=
Date: Tue, 07 Oct 2025 19:35:45 +0000
Message-ID: <MN2PR17MB403102CA22C73A7A8C7F5896CDE0A@MN2PR17MB4031.namprd17.prod.outlook.com>
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com> <CABcZeBO+3u=1=ueNscq+O74Qv=7PC5NedsGsugp=GZjVqtODoQ@mail.gmail.com> <CAMjbhoVcxTfppSrkC27F8uf9hKvqTDBsG_-dzGtWbjia5YhmXw@mail.gmail.com> <aOVWcf9JFllri-vG@netmeister.org> <87h5wapnqf.fsf@josefsson.org> <CABcZeBNkfF125WE3vbWrAZ6zW2KgGFtAQKiC4=z9GmxoG99rQg@mail.gmail.com>
In-Reply-To: <CABcZeBNkfF125WE3vbWrAZ6zW2KgGFtAQKiC4=z9GmxoG99rQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR17MB4031:EE_|DM4PR17MB6977:EE_
x-ms-office365-filtering-correlation-id: 697edde5-d510-493f-55ae-08de05d8b605
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|10070799003|1800799024|366016|8096899003|38070700021;
x-microsoft-antispam-message-info: V4HVzjbImElF4v8CqVIN8byPm7k2ToG9Nlo7rwgs/Xwj/GZfuNYCxHI/6kXeQVRdETXF2igLG56Qd2LaT4CbhYpun8A9WDgcEJO1NZ1yrQ765x7qOC/20fdMeeyoYBHJuWc8SjlzKjgtdUfrgbMOfF99zAh846GSHMcbdLHIyJshHH0JfCk9BVmnM8rSDO+DzRPgQe1CCd91f97IWQesmUDo52X8yEmJzdED6et7JiWghgvolVmy3Q9Uw8vaebfdBvf44cthfcEaYgbs/FBjtRvESFvVLooAaHTP+scMUwT7AKmss2Q405wPgLS7ETSTRHNf13LbaPWcT6PRVshmW/LwvS8xjHdbv6EDDh2sCrYsFiD83lkfHWaQ2aXHbIzji5Xxc19PBrE2bsMaSr3BcfwAGa8GHLgbSjrvJrEjlOWXHEscsbXRIG+8SUe62shyWVmEpV+NsPZfTC3LMcBKom+5Hp0oj+49K8jw6kvhOHGYcFIhP87ETc3LDnFW2cbiNOMH5DEcw2BAD+25UmSOKT17kmsCae4ajD2w4TzxI7/n+WQJEOapRSQMm8kqJY2qtW0wDVAwt8yGocUKnnkH5NdBzjQmzMX5GGbWyFPpqQrqU0iHloUbCVYrL8bNkhRk9/9etEEY+MKwvI43/8lW8CUQhoGoz7gp95ce6AdexinIIb7iwLWsNF6amJxKiDwLY3ezBQGm+zrMeMC6+2n3NylaUNMjpFVVggtK4dO6w+4jopT6MiC89YYUPfTtv/xFTR0XP+PEAuXPEkKjR+Xyq5iGSz6h0IvJse9v0x64Xta4dgRjFPfUnsAXC+jL3aiW6qddcSEvvR62ghilT/UECMfXat44uk5DrmiQBPjhtNYVv4ZlLxWtrwcN4pKR98U3LSXQ8LWMO4C5u/QY0L3kQcBJQ2rXiQdSYskZC+3927Ok07k+mgM9vvwhadx3gLLF/5MBxuix+8j7m/vpBxvf82fgiRASuIYlmy6Lq91LESh9cdpa0vJnFK2hERGhE3EOJqBuR71Tex5mgv+wc2mHaq5Lg3ZokA/y+UlTtLhpDHuxJi+X3W/QM0jKi5BXn80wHIDmNF5FYBr2MdiTRCHcCx3SwFpwIQzNPVvSCn9RT6Qvo+92HV31DN0949bWMC+UF7kiH8G8I3/xczBpKEoejeUVrjr7AYqwlqkTc+gexK3r71rssKr3AtD58+gwpB0bXgw9v4927O7juWnlvx9NH478U+G88+4t9UiBsT6s9PhpDof3QGnVTr2KmHnKTtbNQkHjkDw+JEr7ZdvlSAipbBH9B9Swrzegsf6QlnnWU5EdcMwt30jTBEBEteCsDnp8okKLeRRHrz7PS4Al4ubsF2DnXZplJByp/gWraOFsZkLPOtfZT2P8f+CnXVC6KDsy61Id0qQI6bll6j/1lAoDu2Eh6ma6RQqVDaS80uttfaZxwPtSN7cNOyihxQSLqV/Uc13tKu5Q5yFi1OpFXc+ttLcZxt53FrPD+AQ2TI5+WjoB1rWzw78S/KNcDMk5E+9c
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR17MB4031.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(1800799024)(366016)(8096899003)(38070700021);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 94SY/50rxkqSBpUSbZNm7ehdI0AlSCsk6iXjpOUuIINB5W7R5ax9Dja49m0mnx6SzRAbmGiug4XNfOdFir3PzG2+Ydp2s9oh1uDzxMzfr3NSINSoIZhFS4YhDMwVvNEeSmrtozX+yVOwEy5+YdnW+aW7qgYdRLZpypC9pLc7+e3xvemQkETibnUeiX+kH3GU2wGB6XPtYj9EwMwv8G5lSEKTbF8lMzL8ezMbMbME3Ve7NNpeiTL9fJrEToY3wOtOjLbVjpfQaCA+/XkTbTjWiVZNFD7+7Y/QjG6OuyPs1GnClq7PZfz8nkX4phCJymMWp0nXjoRtX1yIWvAJBnejAJOHaNWuEYW1R26GdXUikDLnbnsLY3eEia+CbXzQ5R5Za0YvP7zwVWEAMwdfzkvvNRVw30HxWmYT33L6I82H86TztSDsjDgh7KLITqQXtwDghrM2F51xBu20ICr3AAQm5jLunoj+bs7EYjNwpND9yPzG2aOgckzhIxoxnMhbtr1j58sHRbdysUuKxmN1sUUa6AILL3RnewoPQQbi8SV22/KzvtL2BBYQVa8adegGZ6XwgmA79tokjiLYJS6VB99FsiArVQauKLDyKwJCtppekjlS/NQXrHllazzQ/DSmXnpfAldTVR/RokzetGJowmMICaCRjInZEMI3UFHvWeJbDpTtirBP0yUWPEMWUszZyD6FettIyhva809eqWI/qbNXJtjshRE+dbBgTFTpZkxf4cqn3YWtEzY8SNzuQDvgWRelEzQC16aklJEYFAbLQslHMSYhMOf/Llo7LeXZko9qofT9R4M+ph8pHAhZie3uvq5Y4GzBueNF2YfTcE2scTE/fLz3gLCpUXgz/uM4W/wbraIlUvOwIRppX6m96TU9nPnSPCTMsnHsA9y6UyOtdj+GEYjlKXB2xErjexQB0aEQ2KfRkTg+wypdfIb+kAfDupZmNU3P4oyEu3hf/IgCuhFM0nwacVLHqhIxkj7I4HPEykRxAu18hWf9vTA8oWswS7RQXQLlkNYy9kWIOsdlRqj3cJqjmfFwn1Lw8GRQPTrhLgYLBtrWP7o7DamWANvGeg4+SwmZxvvav9yRt9v1Y2QtraDxARKZhnWKlf+BJvH9aRRgS94q/fDRGs8U3QjTHbkZTtNPftVZF/U18fp0uSj2/X8BjBxFu0uUZbDFmrezIox4qZF1e7NmCpZ3CV2TRSbIFYAK54HqyUVuyhnmin9oQwfdeRiVRCxt3MKqjykyWYm3N7rx8Zvtza1BOGT32ZsE2KHDEo0ArBduzmjcbLBagnmzfzTIJmSW27gLCwYrlZIWqXE4HQF3TPnXzcybeECeT7oogdhFKk/+w+YH7mubYn7YSvM0vovuItQGnG0xKcpTmqYMVsvtaLh/YgxSeum/BtB3quO+vbmD1TiVnlU7PpYaZcN2DgaHorKL1AemKE73k7iZV/bf4KAUQi2UjtwcxJ1jwCxFAtwfAMqFkrQUm8aX/ewhYnb2GGMNa7Q1IFD4/X8By+6U1kNum8ipGnWqFYDxYdWdTbxfH4g/4t9+FT44oV5KiDxgDJUMvfPdx5x2pisKKZl08XbsRNDUcW5CCJEMnaoZ8uCCm/xtMEHG5d4YQUQR5cP2+u7aAMyVv5mhKh7lElaLehwUXkxFs9VorTqWeCZmTeXNmq2hOmRfeg==
arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wJrpIJ6RmCus8Yk99U6eavwr3XKdcWHsRHSkgPnl9QlJcbl675xS0CSfjx3VfOXi69KX5e10t3KBRCqYaHDEhusvJ/QwV5FA2oshcKTMEiTWAmJABQz8wMGzumJYabt4qX6grZZQ1bcUWpSPYgp4/m1ToKHIPJQNjAb2n+oRWJzEEIL5DQ//aElxBz3Oa6/7Pe+XLD/CxqOYwmTzFUF+KkZ9wcoVLQ/QgmslY7tHqjIWH2IuufXlucvucTGZ4Ak/DKF6fUIIvZtB87vDR6lZdO4pVEBoGZrbTAsO/1LSeXs8tLh9J7ApPgHVFnNZ0Rr38wtF6S44q1hpzNn/+b2S/A==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BnakSPT2bcE901YN4Ggr2/FG5aj0hWTkiRTXOlTW7Ro=; b=hKyXo4PKgGm8/SL85/PVWcYrEx1QWZu5jEmZBDcRT557F7MOHRjNi4lSYcmSs0bnLMakRr9kC+qJ1h+9MF2m26XmrfVQnIskYcmQZeBT5N+LeHewdP8nveUwxPCx73V4hu4pA5THdUVMYKCxN0i/5Y1oU4FSX7tqMU6DNCRzxYTQODA1uCfM/nR5vu4OiCbSpULK9jMWSvC3HAfPXd+7kpgGATu24c1oXvzmjccezW8hph1rTyHca54jJ0TIL6Nf3dcdWmEnzGg/o41vThzc4EZY6/RQTb+7h1f5FpIWPhF1mBQn0DGUSD0AR44CxOsNiifrmrUsFPSBQP4t+kVa/w==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=akamai.com; dmarc=pass action=none header.from=akamai.com; dkim=pass header.d=akamai.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai365.onmicrosoft.com; s=selector1-akamai365-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BnakSPT2bcE901YN4Ggr2/FG5aj0hWTkiRTXOlTW7Ro=; b=kcbpuax+7VqGIisqMuLvv82sxjf0HxSSmgaWErHMkl4SKOgJo24AYSmEPsaHcu4ZanjRqRUunXdtHiUEQo6FNWpyTlyPOhj9Hk/xCs6M+IK7hrQeYJImbQbOxfcadXnUxncE5QKqi5hHHvkrYLeslCcgqcZi/qfpBq8d7m9irbk=
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR17MB4031.namprd17.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 697edde5-d510-493f-55ae-08de05d8b605
x-ms-exchange-crosstenant-originalarrivaltime: 07 Oct 2025 19:35:45.7801 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 514876bd-5965-4b40-b0c8-e336cf72c743
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: 9nRJxlh31SsotVUJZBLWv01E5mzKWPmpNms5xIE2QFcqj6KHpSXq7Sx9/Ni16nH/nijBVL5fHh5oL0HTcp+ZOg==
x-ms-exchange-transport-crosstenantheadersstamped: DM4PR17MB6977
x-originatororg: akamai.com
Content-Type: multipart/alternative; boundary="_000_MN2PR17MB403102CA22C73A7A8C7F5896CDE0AMN2PR17MB4031namp_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1117,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-07_02,2025-10-06_01,2025-03-28_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 adultscore=0 spamscore=0 mlxlogscore=654 phishscore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2509150000 definitions=main-2510070153
X-Proofpoint-GUID: nSki7vzrvtKrUztiCRTyRJH-SZtBtPmR
X-Authority-Analysis: v=2.4 cv=A95h/qWG c=1 sm=1 tr=0 ts=68e56b95 cx=c_pps a=NpDlK6FjLPvvy7XAFEyJFw==:117 a=NpDlK6FjLPvvy7XAFEyJFw==:17 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=g1y_e2JewP0A:10 a=JEtQayyp_rnFA7ZNlEYA:9 a=pILNOxqGKmIA:10 a=LkgTm6VNw4r9vhy5InUA:9 a=dHBIdq3cduGnJKbj:21 a=_W_S_7VecoQA:10
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDAzMDIwMyBTYWx0ZWRfXyG9Sh6nQJ1uC /mkYC9ph0W3ZXZ4Oyt5Be0oYO3+icLabEw7nYlBek6xDe5XYr3htU7uiRwSqAf7pCN6rghKCPW4 cnN7hYqSUYmf8KoMCZkDMOTe2gUVqaxRiXzhZ8neqhsTnT0Rylpz1zEI1ulvrDOeJEkMVlNEaB5 GnFIhK48oJ4o6zfFfzDLqBe/peZu+yz6UssPnBrP0mC3NGTfwlXMGbf94oWYnKl0a6tI+CwOB4m I7GDS+LHesr0poKebR7k2yhT8hx58KVlbOu3nr+M4HkRXTGSSSlPfoAIcOAmTX9QV/7PC/7gp8i mgyVS65zM28FTrmeSAmzwXRyLJQUewLeH3d3Uf+WDsplQeHWMq5pbcV7Dndua/PA8tFApIvrdiu wY6EACIn5+dooXoFak5z/r4RcZG/XA==
X-Proofpoint-ORIG-GUID: nSki7vzrvtKrUztiCRTyRJH-SZtBtPmR
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1117,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-07_02,2025-10-06_01,2025-03-28_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 malwarescore=0 impostorscore=0 suspectscore=0 priorityscore=1501 spamscore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2510020000 definitions=main-2510030203
Message-ID-Hash: U5W6BYGS7Y43UL4AU5MSI7L7BQ7IGMCO
X-Message-ID-Hash: U5W6BYGS7Y43UL4AU5MSI7L7BQ7IGMCO
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TdOur6upPhFc_GriugHtOgo21JA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

  *
Again, this isn't what Recommended=Y/N means in the context
  *
of TLS. Rather, it means that it's generally OK, which is why we have
  *
four separate recommended EC curves.

It seems like it’s worth quoting the meaning as clarified in 8447bis, which is in the RFC editor’s queue. (TL;DR — okay to use, not mandatory to implement)

   Y:  Indicates that the IETF has consensus that the item is
      RECOMMENDED.  This only means that the associated mechanism is fit
      for the purpose for which it was defined.  Careful reading of the
      documentation for the mechanism is necessary to understand the
      applicability of that mechanism.  The IETF could recommend
      mechanisms that have limited applicability, but will provide
      applicability statements that describe any limitations of the
      mechanism or necessary constraints on its use.

   N:  Indicates that the item has not been evaluated by the IETF and
      that the IETF has made no statement about the suitability of the
      associated mechanism.  This does not necessarily mean that the
      mechanism is flawed, only that no consensus exists.  The IETF
      might have consensus to leave an items marked as "N" on the basis
      of its having limited applicability or usage constraints.

   D:  Indicates that the item is discouraged.  This marking could be
      used to identify mechanisms that might result in problems if they
      are used, such as a weak cryptographic algorithm or a mechanism
      that might cause interoperability problems in deployment.  When
      marking a registry entry as “D”, either the References or the
      Comments Column MUST include sufficient information to determine
      why the marking has been applied.  Implementers and users SHOULD
      consult the linked references associated with the item to
      determine the conditions under which the item SHOULD NOT or MUST
      NOT be used.

v2.35.0 | Report a Bug | By Email | System Status