[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Benjamin Kaduk <bkaduk@akamai.com> Thu, 17 April 2025 21:35 UTC

Date: Thu, 17 Apr 2025 14:35:19 -0700
From: Benjamin Kaduk <bkaduk@akamai.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Message-ID: <aAF0FxjVgb7EGdGR@akamai.com>
References: <5dd1e81a-c37a-ceff-b89e-b4335fca07b6@nohats.ca> <56e646395f67e27ff11a092d5989c1c85eba2563.camel@aisec.fraunhofer.de> <CAOp4FwSJpvn6f=3utd4yBE=ftkXQ4h38FT3VQ1XOhrubqgu0ng@mail.gmail.com> <BN0P110MB1419E8DB9B38B33F41A6234590BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <IA1PR17MB64212A6A5AC34467EB83F2A5CDBC2@IA1PR17MB6421.namprd17.prod.outlook.com> <BN0P110MB141930A9829053013376FF7C90BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BN0P110MB141930A9829053013376FF7C90BCA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
Message-ID-Hash: WRSLIAWQQL5LY5FUZRPVDMEAJ55TOABZ
CC: "tls@ietf.org" <tls@ietf.org>
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UzMtK9AOH_EET3Is-uZvsTNwVR0>

Hi Uri,

[trimming heavily since the text/plain component is made of lies and I don't
want to misattribute nested quotes]

On Thu, Apr 17, 2025 at 09:17:29PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> 
>    There’s maintenance of the code for both parts of the KEM and ensuring
>    they’re properly integrated, maintenance of parallel PKI structures, need
>    to allocate the costs for two moves [1] instead of one which already makes
>    some users argue (which can be a royal pain in a large deployment), likely
>    many other things I’m too lazy to concentrate on now (besides, there’s
>    that feeling that I don’t need to convince “my” clientele at all, and
>    there’s little chance to convince this audience anyway, which dampens the
>    eagerness to strive).

Thanks for writing up this list.

Just to check my understanding: the PKI only comes into play for signatures,
and there is no PKI needed for ephemeral key exchange as is used in TLS 1.3?
(For the specific case of ephemeral key exchange in TLS 1.3, it seems that the
"move" is just a software update, albeit one that needs heavy testing and in
your enviroment qualification.)

-Ben

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… John Mattsson
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Thom Wiggers
[TLS] WG Adoption Call for ML-KEM Post-Quantum Ke… Sean Turner
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Russ Housley
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Rebecca Guthrie
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Yaroslav Rosomakho
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Sun Shuzhou
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Martin Thomson
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Viktor Dukhovni
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Yaakov Stein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… David Adrian
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Loganaden Velvindron
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Kris Kwiatkowski
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Deirdre Connolly
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Filippo Valsorda
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Jan Schaumann
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Filippo Valsorda
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Deirdre Connolly
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Alicja Kario
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Loganaden Velvindron
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… tirumal reddy
[TLS] Re: [EXTERNAL] Re: WG Adoption Call for ML-… Yaakov Stein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Joseph Birr-Pixton
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Rob Sayre
[TLS] Boring cryptography, and the opposite extre… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXTERNAL] Re: WG Adoption Call for ML-… Andrei Popov
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Sean Turner
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Scott Fluhrer (sfluhrer)
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: Boring cryptography, and the opposite e… D. J. Bernstein
[TLS] Re: Boring cryptography, and the opposite e… Bas Westerbaan
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Loganaden Velvindron
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Flo D
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Quynh Dang
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Sean Turner
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Andrey Jivsov
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Benjamin Kaduk
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Rob Sayre
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Nico Williams
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… D. J. Bernstein
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Nico Williams
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Stephen Farrell
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Flo D
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… David Adrian
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Stephen Farrell
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Flo D
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bas Westerbaan
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bas Westerbaan
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Paul Wouters
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Paul Wouters
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Viktor Dukhovni
[TLS] Re: [EXT] Re: Boring cryptography, and the … Blumenthal, Uri - 0553 - MITLL
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Stephen Farrell
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Rob Sayre
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Nico Williams
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Paul Wouters
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Bellebaum, Thomas
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Loganaden Velvindron
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Stephen Farrell
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Stephen Farrell
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Nico Williams
[TLS] Re: [EXTERNAL] Re: [EXT] Re: WG Adoption Ca… Andrei Popov
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Salz, Rich
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Rob Sayre
[TLS] Re: [EXTERNAL] Re: [EXT] Re: WG Adoption Ca… Deirdre Connolly
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Benjamin Kaduk
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Nico Williams
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Salz, Rich
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Loganaden Velvindron
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… D. J. Bernstein
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Sean Turner
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Watson Ladd
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Blumenthal, Uri - 0553 - MITLL
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… Andrey Jivsov
[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM P… S Moonesamy
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… S Moonesamy
[TLS] Re: WG Adoption Call for ML-KEM Post-Quantu… Sean Turner