IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for Use of ML-DSA in TLS 1.3

"Salz, Rich" <rsalz@akamai.com> Tue, 15 April 2025 17:57 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 241AC1C6ED30 for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 10:57:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.54
X-Spam-Level:
X-Spam-Status: No, score=0.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SBL_CSS=3.335, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com header.b="IWp8pTmQ"; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=akamai365.onmicrosoft.com header.b="aHiurhQN"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3v-MwY4E0UaA for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 10:56:59 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) by mail2.ietf.org (Postfix) with ESMTP id ABE641C6ED2B for <tls@ietf.org>; Tue, 15 Apr 2025 10:56:59 -0700 (PDT)
Received: from pps.filterd (m0409410.ppops.net [127.0.0.1]) by m0409410.ppops.net-00190b01. (8.18.1.2/8.18.1.2) with ESMTP id 53FH7PWq016973; Tue, 15 Apr 2025 18:56:59 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=oprf/ZNVEdAQxFkeLrvrVV KQrC1ZavKtAMS8UJb5jzA=; b=IWp8pTmQISd7X/TDIjEAY0W7FL9c6lnB+8LW7h HAEsfGOr7X7t+4MCU2yj4HlRYz+dNjHewiiz34+gDae7/Es3xp/VkD1g9hvF30w9 IcVKvaYHY0dPXd7PVrh8PlpQ+/E8admVY2AQNHmvdzAhJXCthx3P1IjkZtHxRoqM ysKHzKhveHgkNvu3kQEFlAuoIrypF3zMoEPW8tHmPag356foWmU3flXhFu+VPZjs YGKsiij+1IBxtxYejHnH1Ppc73g1+vy/HEboCM2JMvZtjdIplBC68JL/gcLRSdX8 +Ff+aAca56sJ7MKHQFpoJ+vJz3m5nkecC/zn8asYiJd5naOg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by m0409410.ppops.net-00190b01. (PPS) with ESMTPS id 460338yrnx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 15 Apr 2025 18:56:58 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 53FGDC1U029380; Tue, 15 Apr 2025 13:56:44 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.206]) by prod-mail-ppoint1.akamai.com (PPS) with ESMTPS id 45ykgw2x2y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 15 Apr 2025 13:56:44 -0400
Received: from ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) by ustx2ex-dag4mb7.msg.corp.akamai.com (172.27.50.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 15 Apr 2025 10:56:43 -0700
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.247.45.132) by ustx2ex-exedge4.msg.corp.akamai.com (172.27.50.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14 via Frontend Transport; Tue, 15 Apr 2025 10:56:43 -0700
Received: from IA1PR17MB6421.namprd17.prod.outlook.com (2603:10b6:208:3fb::14) by SA1PR17MB5092.namprd17.prod.outlook.com (2603:10b6:806:1b7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.32; Tue, 15 Apr 2025 17:56:41 +0000
Received: from IA1PR17MB6421.namprd17.prod.outlook.com ([fe80::895c:51c5:a4ee:93d0]) by IA1PR17MB6421.namprd17.prod.outlook.com ([fe80::895c:51c5:a4ee:93d0%4]) with mapi id 15.20.8632.035; Tue, 15 Apr 2025 17:56:41 +0000
From: "Salz, Rich" <rsalz@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>, Sean Turner <sean@sn3rd.com>
Thread-Topic: [TLS] Re: WG Adoption Call for Use of ML-DSA in TLS 1.3
Thread-Index: AQHbri3ExtP8QRMME0yg5TX3YU/pDrOlAt2H
Date: Tue, 15 Apr 2025 17:56:41 +0000
Message-ID: <IA1PR17MB6421C4A836EFE065848C9EF7CDB22@IA1PR17MB6421.namprd17.prod.outlook.com>
References: <07CB46EC-758E-4204-901A-CC8812B33A5F@sn3rd.com> <CABcZeBMDKGQtMMaKASsV74U7p-vXQr8Fj+AbqAjHwpsQJY_B9Q@mail.gmail.com>
In-Reply-To: <CABcZeBMDKGQtMMaKASsV74U7p-vXQr8Fj+AbqAjHwpsQJY_B9Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: WKJl2JBJ6NX1TjRKv2UBdxi4uVrGuZqe0k7SBvj+SYi0FYvX9lZ5PXN5x0k4rqd66hNpU2SMSiUkPoCWHvE8tLGJo6jVtu0YfdZEokv6D2g3pKcVKs0Ee/KCHLxCIBaeG/LvkegeVK01calqjdBxBIfIFZ7z1633gih7aLJM1EAAf+qLkIJ24vFmncE6sU+uO6Mgd3z56XbM98V6N9xfhy1i2RCy4y0RYW82Beu+UcEBp2ICC0x+2yTWpHq3wNWVu52gsMWnY7gTyLISUZFRnxiYs6ASQBWCxyoJuoINmhJbrI3NiN6wVedwOuat34K27/BHOgXMIk5zFSF66hiw3L7w7hF9xLPEh+zMGknq2dn7PJVYfQ2LwDRoylsCBO1FwLJMI4oTMBVX9UWZQGtJQNyju0QK+sp+YDMcGjuVyYp9G/l77ZK+kmQQX7FaPg5/Dh1omgMgpqFMtiBA/CJNo00RpRIT0SSdZg14G/9iZwbRLHFTO/HNGXYTr+vx7nzYNgkx8624H73NPKRsvs+0nvrIfZFgSLL01+aOofnM2d6dE3lUOObKf9H1pX0GA4mr2uINBdL2T8wwqQBahg1WOlfUtdeagJxVikRbrHZaGqjOJhOTZwHZ4l87/sgR/V30+D0j8T0kVQlw/tl3NalDjg55T4nD1NpzTbLgMdGtTUxZuL+yZqc2kAlvEek6Wrbpv1jVBJYLcfSab7rBSzJ5Lsb7iU2KmCQYJ+/ApBGvVqmqF0AKX2sN1hkYT3fU/kjsBDVFaUNu+cbGQGcFjqxyO7e+entzgRqZBHnsUh4FtXZukvh4if5QqrW6gPjUnlOKG7/UgBt2O0A8ybzANnZ7nQz9fRpnCDJ2T1UNGPBXLbWMevbWX6hy44jmSW93Blxtm8IZ9p1VpASBZqNfwRHsY5Cil28TU85ViDDRSU/lv/cTkgcv1J/0bvOpullFrTF20WWin+Obc2sTa/Hmq5BAr6PY1gdIqqhMFTC35wl6jXyi2uVVH6Qc3Zhkp1R7JJXYKYpslWwdZXIVnGVep43eUkeZoaQ6KsoRRtgaxizzgZh8HgO/u24zjBEJvcoz3nG0dWSbcqlZChD2ktAiIcMLhMB3dWVpk4fr608yoCjfhmFY+/BRqicUFPeATKKTqoEsYuAqMP+NJVjo3Cysy/bPmkvY39qCpkSH3UIfdNCKE6clZCF09CndzjT/Q20zo8gAzl9/1WKGfIf/zL77CZClRjoNYTK2AlJqQNV9fK7CL+wGQi+l/em2nJ1T1qx5IlIgiYut/ox6bHPsOUPTLxsibypiZKYvVjHyJemW96SqaeZgteqsv9AjjhbvfoDXRyssMaclZfq2oBfiWd3dNPhdtF1DzNb0MCR9oBWozWYGZ80Cuzlf1dzgTg7uQpYbhIbBOXEiAevS7FnSI0c9CPDdX66KNmhdTVBfIc4HBXG01iu3zdX1WIAoZw0kPgWJfIYrus5IGaQia2bOWCSDljp4XQ==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 9lJbbqeis8ZDqCvbmn54PDWy5NJdsWnTFkuwcW+aqr3qMN6BvUNoMW5m7fiNIRu94mOAUAQeongK1SnQiVfiW/EIAnNCATtnvYt1YUNPYFgW/rBG6ScfSGuSrNrSzsFT38gPaguAyVEOS/fpyyzUyiP7O2eSLqMTsFq1KpJ1OyxQmFZowX3jHNW36gb1Nn5k6dNG35hEmLhXCnPbwNUnzM47ThiD5koiPfl1J+0v1DSyZlSOypdGGlhqzgJFqlA1TNoFSfv7MIddu0zQnwkAyGc7xPHYsypAXXoQ/MncVvQOt3OtWEKrHya7cKSs4kL+Y5H+FWsC8jjSwo4h1M6xoYry9wWaj5j0YIed3TofYC0Lxgx3nvZ6KieQg960r8mFagi1ms8ZIiy/0vaTMr+Z/EnYLphUTYTjDktHE46XvZVnWiyJBaV+lzxgUgn4E2uBcnccp/wpUfydECM98/6+A+XGs1SjB9UdePSlNFPSCIhCIVTILRy8+SzFSU08bozkhysJFjz5SGH6TwLLukf/yEcbABfpWIq6/QHqEpshnx+Kqrl2qBOirWXKDRM10xj94hUOy2Cc73LZDgAXL3MDyEUhcc6TV/z/7LXjzXLK8G8gfqvIo0pPpm1SZdqW3G3yAS4gPGJZSFXJu5ChX2yK5re1pFaIpctvs3EBUGnxvOjK02gnpViQYhSHc6Qgb+rzLqPGxO8o4PV+suClrXQu6YNHfizmQ+YCGwdPiuRF398SnEyKwZLP0LSvf/yfeiSqG3h49cEEhJH3HGQ6lL+snoMorGB1ot1aHYyybJkP8QGQXCzdxfkym0fzi8wysgYAqPSN8vy3DjlDkQ7j64Hj2e0R7QW/9/4zV4Joac2jtXYdFqr7bCFs1S5Tp2jRgzL7Gyqd+gWeuHwFtIs2xQgEbKuAHXX5lnxzgHd9jig4z0nS619s3fydbhYkl0aOSpIYPfwRTZ0/QQjwBVt6BkaUuDTJAd6WXrGAkug7pwZLrdg7X7+153lS4fEMr5s6OtCgzSoJ6TXQTcJMX7O1PmqUzWs9td7Pih7tpi+1gnWyRyGzzhlMgEs7xFVVu4yFRKtaR+GLAplW0HI0P7LbOf9RTcKgDYXmM/4uvvasj6CwCJ9X4e0rxJjckIFRHCD8CHwIMm5vx4DoU0nj1E6P01G0iVeQVkVXTXm6lZQplinryOI5l2muiy8DoYzM7yQCv+FG9LC3PceBmLPuJeMcQO1T480wWyVl7BKBr02ct6a6XJWtVvBkZMjkP2t1DqO8bAR/vGPGGt9xr4ZJMbG4WZTP2uzKzpZEPF6aZLQXShsTUzbkT+qiZkxEfCdxR1/KcXE/O1IJH+2+IjXmxxnM7dzaZXkk0e1DATqZvhfhtkzQQOjuUUSaKi3eh1L58Yg9pnPHKfyIGpjl3U1bCix3CldCpCQ4AnzDaXnR8lxHwYQVwfB7zehYp6lzzD8lCh1RG+4jnSyMvBEysKMcJoQDfIoo0DVQoEkeIu8PTfX7hf115Tuqywwz/4we8gEkCpNAVMqNo7pWa8Lf3kghadGajp0TOF0ORVoHS/c3ySvvl3dC03+0w8iN7vJp1mS0OPH6FFU47b+7G1qIYMNxzdz09hplTojA7sc3o2HyzydR8sNuWoPAxc93ZZubUxoa8Pbcn82YcZhObcES6K/MYBs/t5Y/QQ==
arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fAAP4QXK4MSJ0nOdZif3fTME4u4b4jwUDnHcerxIDtKr4Col5F2VqU4QObk8wWYArXIqqAX2cbDmsqIslpNVPjqIlc/WSdtjvEmHPsRvhYhV+Uzo2Udff4DIiUhHV3AEoUiojEo0OR/0YjWFH8g44tGlqWNiIrLAiyfj7AKw4kfcRNBlC4xAEF7bPrQ+vqb2J2pDVQWXiHuULfcXLQ2lVw/D2mKEiBB0rywnj2mreHVtkh8QaweHjhYWPU5S/LXko49FxbVK76bIZ+Wv+Nn2A5KXB+d+PT4HFyna2vrQwaGbPLaI9J7xIat/6Y0ks7YVzjZ/0TY2ajiVFFlKo3EQjw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eQX+ms8Wp0Jji7KwZ34n+h9uNmzxCOfXst9co9g7sYc=; b=RzRI8hRI1wOPXVtsEtxiBH1mDavuqUt5S7CZ/ZMF+yzFvgqjj+zWkuRq7S1+5DMVOeQbZbZB+DQ3UIjoXby3EFJ2CQrRfYOU2Xx7I2wNSM4saUY/poYl7mdowQ7P16Pup1mSj479Ug0n3/DFqwojUNB7aAe6pLHwfI7keaBVE4PHqsQEcLzc2A6tdRKxoZy+DHj5Lg5yKzTSk5VtYz/FY72iTBmFkrdHlB0driPj906TIjACteXeMLqpZGB/IkUGengtQozotn7kuR67ORYxErsrwlJKuyN8bewC0hEN4tybIdjB/2VbWggzYa5BovsV/913Dn5Rq8FdiI86Uqfxgw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=akamai.com; dmarc=pass action=none header.from=akamai.com; dkim=pass header.d=akamai.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai365.onmicrosoft.com; s=selector1-akamai365-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eQX+ms8Wp0Jji7KwZ34n+h9uNmzxCOfXst9co9g7sYc=; b=aHiurhQNgl6vmOZoY/t+URe2Yl2gMat14odtITh39j1Bn6DUDyYZBlrRbEke/2eQvqODU7sjUxf2kbUqmQWAogvM79ka5cVpL9VgMLlV6SO1rAFj/6o4H/Zsmfmu6wfkfPG6s/DwB1nmB2CDKLEJH5B/d4ZS+AvSLnNChFwvKqI=
x-ms-traffictypediagnostic: IA1PR17MB6421:EE_|SA1PR17MB5092:EE_
x-ms-office365-filtering-correlation-id: 7a57082d-db69-4e3a-67f7-08dd7c46e07c
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|1800799024|376014|366016|8096899003|38070700018;
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA1PR17MB6421.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(1800799024)(376014)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: IA1PR17MB6421.namprd17.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 7a57082d-db69-4e3a-67f7-08dd7c46e07c
x-ms-exchange-crosstenant-originalarrivaltime: 15 Apr 2025 17:56:41.1869 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 514876bd-5965-4b40-b0c8-e336cf72c743
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: gVeSvR65DWbG+tkdzIz/A8AOFmF8xS+QQDuInNCpu37BXqPKxvXwmeHXx+Wkn8g5iil1gSnvhMxq8ESWNPcHlw==
x-ms-exchange-transport-crosstenantheadersstamped: SA1PR17MB5092
x-originatororg: akamai.com
Content-Type: multipart/alternative; boundary="_000_IA1PR17MB6421C4A836EFE065848C9EF7CDB22IA1PR17MB6421namp_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-15_07,2025-04-15_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxscore=0 suspectscore=0 adultscore=0 phishscore=0 mlxlogscore=776 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504150124
X-Proofpoint-GUID: YEvKeh2mK7UkVs4b_5j-qP3lA4KQ0EZ1
X-Proofpoint-ORIG-GUID: YEvKeh2mK7UkVs4b_5j-qP3lA4KQ0EZ1
X-Authority-Analysis: v=2.4 cv=SsKQ6OO0 c=1 sm=1 tr=0 ts=67fe9dea cx=c_pps a=StLZT/nZ0R8Xs+spdojYmg==:117 a=StLZT/nZ0R8Xs+spdojYmg==:17 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=XR8D0OoHHMoA:10 a=g1y_e2JewP0A:10 a=NnIZjWyJuzlkOs6_uuQA:9 a=pILNOxqGKmIA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=p4KB4xziv8SDyjnQakgA:9 a=SJNBOdAqBu9_PPam:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-15_07,2025-04-15_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 mlxlogscore=597 impostorscore=0 mlxscore=0 priorityscore=1501 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2502280000 definitions=main-2504150126
Message-ID-Hash: 7XFLRRPLKJFSNULONPSUS7PLOGYWLF5R
X-Message-ID-Hash: 7XFLRRPLKJFSNULONPSUS7PLOGYWLF5R
X-MailFrom: rsalz@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Use of ML-DSA in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WGS37urF07ZEqkonRCyTxhF4iZs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

ZjQcmQRYFpfptBannerEnd
I do not think we should adopt this draft at this time. I would prefer the WG focus its effort on key establishment.
Once those documents are complete, we can reconsider signature.

I strongly agree.

It might be interesting to see how often the signature algorithm doesn’t exactly match the certificate signature.

v2.30.2 | Report a Bug | By Email | System Status