IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

John Mattsson <john.mattsson@ericsson.com> Fri, 28 November 2025 12:05 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 15DFD920AF79 for <tls@mail2.ietf.org>; Fri, 28 Nov 2025 04:05:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rYU3uZUpHPL7 for <tls@mail2.ietf.org>; Fri, 28 Nov 2025 04:05:25 -0800 (PST)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11010056.outbound.protection.outlook.com [52.101.69.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3FA36920AF72 for <tls@ietf.org>; Fri, 28 Nov 2025 04:05:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bXBhvLzkgxfQfMBIP4hCy3PKrlcfJ24Z7vwPeFhExerVz+HGeZ6CUVtb8T652MDR7FiaDRyAfVMeIXDURCDBZ3yXcOeU8SFRZ0lVb1LPDuGAb2elgsAxd1S0ImbblhUx+YvlP+OCGiMh1GBESWycK2rALeU/I0cfrj4LIW9rtXNaWMEYpgnTIpa+SVyzo/RXsGMO9HykNGA0TWlLmfw0SJM2avMINalMooUe1R1A9oo0h8tQbEYE9Zg228jnShjeTTFlqeLIVAPJ9WOya+fuGkxiL+pSmEi5fmsLtSbMSZKu3lPx75A0VTli81MNh49QnOT2M6/4jEFktzAJAxYi2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4RTUV/AAIzAvqvVPCTZySRsfC1sSJjDrLuPy+A5fkl4=; b=Ac9919Cg65h4UE4NF9ZS0/aalH8G7q5je1h3jBgIT5Rjx8XNricRysCx7qJ3OkV+AJ/lyKR6F64Yt1x7o7zHoLWRdO+2RKfcWmZ51IIuLIGuZ2DdEElA0QniqDQvSVr8CBKkvhrSgj2LtjaezYi6WhC0qwBQ9GCET8yGtYXrO6WTWBluNgBZnh/QEKsE6jGCk5JdpnDukxP/OeI9PtVxwOBEWMTNrz9+xkWIX0f6iD8l5NpFUtzhNK6Vrc2J0+RPMVMnv2n7HCyekGuNkTVkGNXNuc+oChTAVJ5IsylPDvDG7H+XA/YUl12f6q6LCjJDUVglzKDlqhuUSMR9Zh5YdA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4RTUV/AAIzAvqvVPCTZySRsfC1sSJjDrLuPy+A5fkl4=; b=x6sM9sgLGV/6UPb7bCdyP6J5dLY00o1KI1dkTuCVlel2vq56zuRz+kVZNx3L1Pk5rUYYquCEP6xd6EtmtXuyIVcBtFnhnMnLIa//LZBbyqFOCeJefYoZVZlvrrkXVKc/TFTEzHyp3WYsd3UY98Q/mp5dCY6mdf3SH/f/2gluUC+q9YFk4R26iUqA2YPamc3bfuaZ/SctiChIMGHmirjtQVRLwsl5ktuSYCkwF3On1tWq4Y1BvUZIStsCt6FKy0++SX/chp8HQFsOCGTQmZXdtH1mw6BiXvgHUo5cWcXrzcziF0GXx9jeLTlTkvmXQLo05/T3A34NQBUV0hPeU15kFg==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DB5PR07MB9444.eurprd07.prod.outlook.com (2603:10a6:10:48b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9366.16; Fri, 28 Nov 2025 12:05:14 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.9366.012; Fri, 28 Nov 2025 12:05:14 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>, Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Thread-Topic: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
Thread-Index: AQHcYFkBR3nA627bbEC1ulP26GUqjA==
Date: Fri, 28 Nov 2025 12:05:14 +0000
Message-ID: <GVXPR07MB9678A5FAB3C2BEA6E5E9540E89DCA@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DB5PR07MB9444:EE_
x-ms-office365-filtering-correlation-id: a251e7fb-832e-4fd8-90ba-08de2e76635b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|376014|366016|1800799024|8096899003|38070700021|7053199007;
x-microsoft-antispam-message-info: c0GiL8vStM46+yksk51pTfzJs5kX5XJlbmD2gVWkXIkWqytnsAo4F29dvnPAPp3oil8T1eypl7Xb5nBX4ZDGsAfkbSvRvpiiFw2t4iGJYMxSCcssVAGQH8/qiS2koIdg34gKl1cBomv7Q3/juqHXFr3R/9AeePfb1gEDLSDSBWAEFCDirPKzZnaoIdt943ZBRs0hwSmGHtoeE86BsUIPYvonzj6JerW3rb+Hx0HVaZ1GJMoN8MFmiBUByrgPq6Y3q2jaiWBiX4N4nV2dbCPAv9/AoaUYH4kU34JwqnDlabCBQWTrwPWrKJ4vdiAt2HYDbKU9AJ4vSWFg+z4v8EoqLd7i2CKJ/awxkU1AnGikiZqzESazklDXGXHJ99e2btPNFi2y7m/goth8XXCTBXeB+NpIFGpBMmSedz+8pdoddroIEXAC6RlIkeMfOBfShzqTgt5q6DqHcPILWA4GEQ4miOpUcOQiIxAEkvFRo6OBfTU+iJ4XwDFsoKne2NzDAfNpqv8XhR1Spmj2utYd8rez1685ziHViY5VLzAEwc3+hdFGfnX264G5tanQ0GX3rRgDFJnXey8PoM0hNIFkC4zp5Pf11oAGBxOT9pdNbM5kWJhPySJM6XkYZRbzv3HHEb8i/BvDZHCiakc6Rw0QYPypJz/cMpVlYzSnP4fDHLgmHv4SDkvHUBODym80o+03FWwdueZhWmGjeO652zGIWXVcFHKGHtn7iap5vMauDbo+QUZbVYlXyrf1rsQD9sjbnD8YaQncRTIVIbI3PvnPPvo6mt+M/rWCj8CWMFU7uhP9/9oI+kQxLWrdRCjDtME0moF7IrkNsW1xbyz16Fb/6yJ+ZbmwZhdn3mufot0S9AMo/ftlLMrKRNx7r8ve3d3VJZjbZV4OlW4Q04qtkHaZt+Mx8RBqlEwtA3Zx1Pb6z6FUIHVITT5PtFR4PkAfZu63v3roJnjfR19LmjHrOc6X49Xv71ycTYHrVqMbifwIwv9nzng14OmHuuF1kK31Rg6csxPBfRcEt2PGSCtdnQS6qayWY7kOKnXlBsqniGkeRgf779lApbO21HHg1uoHK8hkrqx82bAL56PPWs8KekmI2bUmnwKIwQLUb1FeztU1xG7dQ+NpzwjCvWVzAmTzKpAuBeinyLP95Wgdhz2UUYH8vJXyrdrWZwonrdIrIeYN52Yojc4qKpw+egP06T2OBchwH1ils+DioK5s82Z6qDOGZYid7vfnJwp3nG4UdUuGZ1dpmliTYJkejJlJaymPtNhd+BT5IxlFzWKzd/nx7Hhzt4Hkof8QVbZJgid6SzAoqFNpfzAIYuFuppsRytBkIvhaTF9zA1iRJSMSGQxocECOGa/w5VbKiqNN+2J1j4+DnvRzimghig1HsZIW8sWRWWrcJi8JV0CLi0MnNs2GodNTJPU+KX1Xn6MVIVkO21SkhGLVN993cULhi04AYcHWfCuhIP1moNGo+61SoaeBolxXj38BIzPN5P1WbZz0sZMW1qabVGX6G+m3VcRHT32lMKAE/UiI
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(376014)(366016)(1800799024)(8096899003)(38070700021)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5p/glAtNV6QnePoaaIDRgMqLJZMWgoKHF2flIZGRQv7HAZe78oo6s2yDnUDtl6hQEQSQnlqwwmLgWxa5KivvK0S5bCzpnymQ7NHdeeSfX+iNilioPD/DQILsd2OiyCWD0wMeoj8iDwdqnieOiovjGIEJBFK/XSQjC3+91dosoeXwIrV+ZQLZMW9csYGQKlbMICuESKdJ3KUGxVj9a45YLhWy7Vazm9N/dryFqamijwHEDKRxCJFkTJUH9V7YNy0mt75krXjxn1/TUdkWRoERGTYulqehFMj4t/O21M7dxFlh8EG5kTaku1IMRYaTVDWkHbJsg6FF/mtQvyThAVJbn3usp61yctfKmzysCiRMRc8sLvXmlhj15jFXmlnxB8nF8RY2HCbJLxK0uTRSnu0aVM5wFNFE/LUpXRXYCdEpiu6/uJsOIvkF2HeeCFtvobdlA819E1pCSr3GhPqJmVcZapoCc0pIoWsnnAdcQF9ApD0P3Om6DcVcQdNYo/nZtf9SPtOa+M8xAm7BCU/ulMdn7N+gVcnCqRV3wUBWPMAn1MvIsQfUQUe/lMNlyKbl13uPodc32nno1ngVCLA2W4IcQm1xBUtI6YE4iKg1ljdOprQZXlkeOkpJUGyzvM6P3YyC2mtHBDaKe/R2/AODHVOOtNoom6f7D09S9JCSG3aihopeDInwPGM2kel3rs3J23NCx9fRf2tfbH6d35PK9UBK2LNIvjdiA9fEQ8HfhpWV8XFD3dGfngNer7DnyCE1kXcSmFEi9Fnkg76GpAigrzRCT4kH0zHnxzAxz4/XlVrl1RMNL0wfUMk6hOWq2PA2KaugEJa1LxbeVxsWkFMkntTpg5dfwhgs8J3tf5hIv5K1M2ZdSBEVtwAHNYVQ2dRx2r5Lm9EILkl81YP2oIaqoDQ8RtkCH1PHXnFDJ+EVGYSDtHD/5koOJrLUgqefi8Bf2WHkLaTJhJ/n8lSHCaPOOSjL3t/1QZwtBwYprek8MDNOJBU1DzPCCG13C+17OVT9weYl+05grmNX4nybW5CcaNBw9NO5JSISgQPAud6waZA6Bo749srz/AiVeqtTYQWmpOT7IZGTOOc2/Zx+FHNmEWK3Yl9BKk6I8AnrnWPhD1EBfSCGcUTZByyaU9qLis/AyOhiWPB1bF/IM9tD8iUwQjMSudbvxceOuQUanRnzySszqoxO2Kpc6J8drC/7k/uSbM+gkzw+f2syb44qCHGM4JlQrygaegjpN0WZgDvTrbgLKxuJ6E8sI1bd6zS8quJmsS6XNeKnNqfGZRxNc+dINqKcKZw4ESS8XYqOtKlkIWPU+JCkOS7cHSDRGhClD30e9v2VrrDCkLlzPt1NyFty+DQq0FJG96MnmVvRe370lEDQg2hFSAF3rWTEsX6fQ2F084nlFFFlOEBmnmEtvOXX2HY4RRHanwMSyPjIrMOzibmAk8pgV/4kXJyJc7qusdYdpSHRQhaeUZp14XmfaaZqBZ7v56rBWSIVM31mPyqm+/KTgiB2Nq6DFnuc+BgqYqcd9NRrSLMh/EsrxYcAWSw65QnpYSrM4eAjPis3fgI1V5K6adZXv42AdlCQfrn5KTZlRAKTKfZLR23r1/+IYVOouUDpfDJ/GyMyrwDpRqnoFkU0fG9Q0xK9qZ+9GjLr0s9vv740CBFZTLRwfxhe/2yQrwUBJkPhGNa4LTEJTRlhXqxMBOY=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678A5FAB3C2BEA6E5E9540E89DCAGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a251e7fb-832e-4fd8-90ba-08de2e76635b
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Nov 2025 12:05:14.0795 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ovw4JXP18YPbGFLVG3CfjD0ZNU0I/PLVh56AVeviZvUJGKxNDYcI2H1ARY4TmjK2PrW1lV0r+gwEJ/jPZrCicFWo3nTCFwCC/HvGjmgVp1M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB9444
Message-ID-Hash: V7IQJNWEG6ZNBRMBYX7HYE2QQJY4DBX5
X-Message-ID-Hash: V7IQJNWEG6ZNBRMBYX7HYE2QQJY4DBX5
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Wv4PTvpaNmS1NtgXEBdejtYGx4k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi,

My interpretation of the sentence “In the absence of an application profile standard specifying otherwise” in RFC 5246, RFC 8446, and 8446bis is that MTI requirements do not apply when an application profile standard is present. I also interpret this wording as allowing 3GPP to define such an application profile standard, which is clearly how 3GPP understands it as well.
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2279

I think it makes a lot of sense that 3GPP can forbid support of weak algorithms such as TLS_RSA_WITH_AES_128_CBC_SHA as soon as possible for them. I don't think it makes sense to force an application that only communicates with itself to support algorithms it will never use.

Cheers,
John

From: Eric Rescorla <ekr@rtfm.com>
Date: Thursday, 27 November 2025 at 23:37
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Cc: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)



On Thu, Nov 27, 2025 at 2:14 PM Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de<mailto:muhammad_usama.sardar@tu-dresden.de>> wrote:


Two concrete questions:

  1.  (trying to phrase my authority question more precisely) Is IETF the only body to define "application profile standard"? or do other SDOs count as "application profile standard" as well?

TBH, I think this is an undecided question. I think it's reasonably clear
that IETF Standards Track documents are in scope here, but IMO there
is at least a reasonable argument that standards from other SDO
would also apply. I don't recall this ever coming up, so I think people
are kind of left to interpret the text for themselves. If there was a need
for an authoritative statement from the IETF, I think we'd need to do
some kind of IETF consensus process, to, for instance, issue a liaison
statement (though see below).


  1.  Does it necessarily have to be standard track document?

I think the term "standard" here strongly suggests that the document
has to be Standards Track.

It's not clear to me what the practical impact of any of this really is.
The IETF doesn't have protocol police and won't do anything to you
if you violate some IETF standard. Sometimes those standards are
part of purchasing decisions and the like, but presumably if you
are buying an implementation of protocol X and X uses TLS but
overrides the TLS MTI, then you expect the behavior specified in
X, whether the resulting implementation violates the TLS spec or not.

-Ekr

v2.37.1 | Report a Bug | By Email | System Status