IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 26 February 2025 22:00 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 31EEB24D621 for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 14:00:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.538
X-Spam-Level:
X-Spam-Status: No, score=-2.538 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhL5Mk7RhQFc for <tls@mail2.ietf.org>; Wed, 26 Feb 2025 14:00:10 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2091.outbound.protection.outlook.com [40.107.243.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B3F5F24D35A for <tls@ietf.org>; Wed, 26 Feb 2025 13:59:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FHhsaPeCTNvBZ2SUYGOX3OLbaZrlu5BAKDv+nL/1wSwkRvH5mnUUNGOAhQqUZq4rTwZahMNy4QnSB6MGCmHfYBmXaKFZ2vBApYXqyFK/Q1q6Vp8Ytq7sISCDpp0dd66hkH6ZyFR33YqxlZq349MHVKZF3k8xE98syT8j4MXTWYzj42bDUTRzinLa6+Kn2VkI6GXm7LJzjMgEeBKMHVMmS8BoNDbBaIPQ80Q9Io1gNXS+I/nP985ej9s79PYyteMMntfJVnA76/Cx42nOsRxw+IH5iGGakHOmfrkdyy01qx0otYXdZsQiqaJL0KJgoR4zBki8z5z04yjSA+VuaxVhSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/ubnHqqJlw9u7bvr0yaTJ7rQCJLRU67WRzDy0JoI/r4=; b=R0qRgP8xSgL4rG1UaooFC7/ofNKT0pDy88Mgej4roU/bJI3V4s2YH/0nlYzaZk0rArGb9nBVk5VjCRLZ0U/kLLU6yy25ZLS96jldhZeOootwS8Zp1chH7ibkGEsn4aM7LgH4MvNKnm1xU6AD+AVsB0tpLvayfgyBR9r4/Roc0+xi7bhNUqSwDzefOwO93qAaMhjlDrs+9M2xKvdqnwQRo321qnxBlLKTa7TNNvAJV1j1xMdxN0Y7hyyZaM6CMkpAm6lforNkmbDbNtErq+IW18wXbN58sUSJD7dyE1gMNJMkBdlPIvBt1aYlDt19ZBuErO/krFLOjxgNEK/jV4kbwA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ubnHqqJlw9u7bvr0yaTJ7rQCJLRU67WRzDy0JoI/r4=; b=TnnpUYCIsMIaEQ4R/bmoZGZAdRBsIrbzAXh72RBbrx7tLcdIrYcC83HzeKA6xVb721Pu9rv2LXyZrNw5Zm1GHfo6VInrk9Jp5Z/VuNvUPZ1EeII2weNZEj9tWv7C607QdsqUBDjWv1gz7A1eSAl85SD4zDNH4a7Rh57FxQs5o8o=
Received: from CH3PR21MB4645.namprd21.prod.outlook.com (2603:10b6:610:26a::15) by CH3PPFD45DE36A7.namprd21.prod.outlook.com (2603:10b6:61f:fc00::186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.15; Wed, 26 Feb 2025 21:59:33 +0000
Received: from CH3PR21MB4645.namprd21.prod.outlook.com ([fe80::1500:f463:653c:c1c6]) by CH3PR21MB4645.namprd21.prod.outlook.com ([fe80::1500:f463:653c:c1c6%7]) with mapi id 15.20.8377.004; Wed, 26 Feb 2025 21:59:33 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Jan Schaumann <jschauma=40netmeister.org@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [EXTERNAL] [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHbiIa1hKgdKQW3gE20NRd/n1CjNbNaE6kAgAAOPZA=
Date: Wed, 26 Feb 2025 21:59:33 +0000
Message-ID: <CH3PR21MB464551760AD9D3C03BE0B5318CC22@CH3PR21MB4645.namprd21.prod.outlook.com>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net> <Z7-CbKePNWI1FdOH@netmeister.org>
In-Reply-To: <Z7-CbKePNWI1FdOH@netmeister.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=e0ed663b-9895-4261-8613-8ef90b779bdf;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2025-02-26T21:57:49Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Tag=10, 3, 0, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH3PR21MB4645:EE_|CH3PPFD45DE36A7:EE_
x-ms-office365-filtering-correlation-id: 107c9bf5-0798-401f-fa1e-08dd56b0da90
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|4022899009|376014|366016|1800799024|7053199007|38070700018;
x-microsoft-antispam-message-info: aoi6fRIG79q/AaRWXZ+XwJOjoHnGC/X8UIX4LM/4EmgtE0SeDq97TUku8nhYtEMusNOGnNk4IySEF3EXpaRo8jWq6rY50ATtB/KpW25PNSBQ8Om2OJ1irCXGKh5Axi3Tqk//sbNP01NPhNS/AZgFVyegYCqfyk/c4c6wllEXDIEy/eWHvP/CXQXucvthzKrAa1yylGj5+6oUSMVO3NzraOJcSikEycgfYf2JyWpIk6wsxa0zvmsl6YoPDGySCYvnpvfiKRMm85bGDqRMrAWEcXjAK/mnMYbeMBHjDmV0JuGp422YHqITdlTbIblYESdM32Iox4Pqz4ZJ/jxbf4R0QR2n2dbtHuNRWklADM/2aARDJ3SFT8gWm+9vafEndx8HqdZTrRHo6UpSN7F6gzzldgYHEjuyLKTMIRipFedPrvLhCTDOuk/fUjFG55ZGE8H40+eEdYBuoushSrYj8ywYGGLy0Ww6uxnbjBFPObk3JhY1FT/IpGYUahDjsy9vvo7hCuGoWLaePDx9iW+CYpS6FJwDKlrA0oIN8OgyWIQFsHLbGJBZ5XvQ25MTZXTjdtFV9TzUgp2r+gKTLcaVNjnFfcRRFmVD0aE1WPfKT+f44RUXMVkS+JdbwIoLTxmNd4jAfeo3TMsnmFM/RdPtERzDPX8AVpkLEMHPqwL6roKiOwZpQZzZz6To8iY4kKC34Rf8AH1Sdv0mmCPGoudrCckZAcfvrDgkBGJwBuB2B/ijse2vLeZ7Wu8265jXYHrcvBn3CffUr2hev6LsZmlsqziIOIA7iZ71691D6zzJ/m5FhVoTBXyYYcONPDl1dCuP8nK0Y8HfRN5ckm1uWvWrEBSS00vvtCEm3EL6cwJvX2tcat9/+kb3+rCrqySv+XJrmfHWgSpgL04gLCVdDOSWDicvhCQ46efJESJDQ3z1dcq+gunEFPa81a6VjZwEZ1aMK8cIX8pGz9z7JwQw1RQxW5/pJUHWZYDr0uZpcvsAQ8rdqNAzrTz2ZfDvX/L4+IQPbVxjKUXWNCsLAD7oKt+4nyodjO6b4Nk16FLD7a9JvneGQJ8J42de5AyWfkgbmyTzXR5fCqvUVNgOpQtv7/+M1dP2oa9mWtBfRiHbPgZLOuvf9Lowd8dmxZO/S9Ix9B/GSwv4h2JUCGMNOjYa/BZxtICcePNNbZGh3HApkUnyH4XYvuVennSVz2putswI1hGy8lXSwHop5L8EAWY2fTa6bEoOCQzqOj5ZRSoeUm3b7RD1dx3mPluoA3jYZddsZt8DbUYyaxP935vcfRuU8x4JPaLp2MUSMNMuIlEUyRDkjiijrGiC3S0WxLZZuNkpTKKnNUtMbtsFdVKT9baOb53+mpqQJ3pF9mXPWStfHnS68e3mgkWt2Olu01UT+vjMfhX2pbK+wgWQ5kgD7xKOVFMmw7F30q+6dxqgf6GsGni3DC1OQAdxea6z9bKDnPShNicsw+c8
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR21MB4645.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(376014)(366016)(1800799024)(7053199007)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /1si1Bh9iDasWkKBJOS5gXuLK9OqdmBbQNekKEkL6HNAIO1rp6Bbbl+A7aJ2SnyjnERfQWS2Vl8yP87JUUIUa/tAfuBcSNyBPufhe6gPMPQ8Fn5z4oRCFe6Ilze/aynblqB/mgkUpiSFD22cHYIz4zkgabyodwfeyfgCXBavqgeb4MLszCjEUgfAkmMFA2LfXrSyUGG1xKA85fnDJmI4naPDZGOmOFTOe1tMFgmah9/ZxVhjNj5A/ZeYNiFQk7JmRSfn1TlMd/IIa7W7XvVtXwkSHNPVt2SI7MQCvx0RpJvJ3yEvyOLt6pshRFiZOTU1aiC8oL4sbzV8ogS6ehN9kmu3l973ukaNDFOlJH17/Nb4/cWR41A3T2jzJFMGp2O8kF7girmqXT053XZxLAsOe40bFvXc57f9dvO8850AubbVqYvUX/iEgC5V8fi3u7qqwyrOEebtW9gLykqt0fKoj0F/KB3kkieEiq1qZvpy85yPN3M0StEgaNoqhcaRPm+wLZGDD1i9cxnnNDcppq/6TM2/wYf/RTNCL/KAOcTKtuOOGJJrl5lfP/Sv+C5FoiBmgBWpmBMfZSRv3OcbrtZWJCqwFgiOGY9OVsv+fHs0cfUIWgo6LWyhx1RMKX9sZTmIRICovQqQuD+HNQo/P9BGisSI0nax0zg2bL1aP4cAa8b5r5MAiHkLiVw49WE53qoaU5s2ldokWdQugAXwfXLFd/7A2NTINQSYL13UM5epBYsMkxMZo2V6GmJWyUTeJDPytJLuUqekiST5X3ulWdXutlir6ha/99Tdadj+Jzy0afBKOJypveKqNDgnNAWqZlKTr8IvqZW+25fId0NGLYxP10EZJQBD+d/1T7Dp0GFk1GYESaiExAxRAjsJ3FJd3jGjHHAiVV2TcBkLskbmGX7k4joxabt8iyd+AkuQp9C1gB0ySC8utMrHGZ9GPA6lTfqzb02TkA+KYduRaHfeaGECH6079CA4hQOkgoDzERZIE77glyRnJ8WwOiAsjSQFlLXxbmwa1nJl8fZoCjvybeJrVomqhmIjc7/oRZPWHrPs+8GAR76t5d3QMuy9gjxLpJxo84Jhwku7xSTYbEVj9f82qBMM3MvgskH56grWKhJbuGaW3ukCYgEPciQpAkL+94EvRbNE2WgxNGKd/ajy0jKNvvGC0mOl/HhZcBktkPTw8F+Fia+d6jW/I/fjlkAKJP/cz/DkNGS1oQTqDBEAR92SKTZada427Mbg//AVHJ+w57rR6BrmVy1dvF9wAyadXePi7WfQ0eF48pc75gdrRNgJkpw9msfx7eeAncm6qXTmHRSfkAtjdJ83o7nlIG22arLxZDkym2bCi/UxTVmVy1xEvHUODUCGnQHpZMnOUVeRUANmb0+bTVitjTGzlu9UIjNrCzhSFZhbYwtMCrb5wV4x1Ag0SLiRUTwm0Btb180rr8afSxlq3bDgM2JvQgoxkV1V6rnAiXMXN2hjXitbr6SDw4rekXkYjFt7txb96p1hHkAxFYwzvCSpcVdEMhxLQDCx3RGn2yLxyTDWIgqFBdjKYSfReE9Fnv0qyumJL0jdU6ZRS1z+ot+pqInano7oVBpr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH3PR21MB4645.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 107c9bf5-0798-401f-fa1e-08dd56b0da90
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2025 21:59:33.7581 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gN0A1YcQoXm9MWRPL3P1+o4l8Vm816M0TS1ywlqcPluDH7ehSAvgMCZfWAjpwAOEWAaxbPioghGgqNLG8FMqjg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PPFD45DE36A7
Message-ID-Hash: QHWHXQDTSHQB4YYCYEFMSSWHW473N5UQ
X-Message-ID-Hash: QHWHXQDTSHQB4YYCYEFMSSWHW473N5UQ
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UuYw3DHjgd658OmmRpnIVMgulh0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

All we have for PQC right now is some individual I-Ds using "not recommended" IANA code points. We must have PQC RFCs for TLS and the first step is WG adoption.

Cheers,

Andrei

-----Original Message-----
From: Jan Schaumann <jschauma=40netmeister.org@dmarc.ietf.org> 
Sent: Wednesday, February 26, 2025 1:07 PM
To: tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

[You don't often get email from jschauma=40netmeister.org@dmarc.ietf.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Christopher Wood <caw@heapingbits.net> wrote:
> I wonder: what is the point of adopting this draft when the important work is already done? If it's that some folks won't implement it until there's an RFC number assigned to it, well, that's pretty silly.

It may seem silly to all folks who are directly involved here in these discussions, but many software and service providers view a "draft" as immature, not final, subject to change and may not implement until it has an RFC number.

For those who are not actively tracking developments in the IETF and standards communities and who are relying on formal publications, this is an important signal.

Likewise, for customers of such providers it's a lot easier to inquire "do you implement RFCXXXX" or, for interoperation, to request compliance with an RFC than with a "draft".

With that, I support adoption.

-Jan

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status