[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thom Wiggers <thom@thomwiggers.nl> Thu, 27 February 2025 09:52 UTC
Return-Path: <thom@thomwiggers.nl>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 098052A8A1D for <tls@mail2.ietf.org>; Thu, 27 Feb 2025 01:52:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietfa.org (amavisd-new); dkim=pass (1024-bit key) header.d=thomwiggers.nl
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietfa.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Oz3k2pxjt2D for <tls@mail2.ietf.org>; Thu, 27 Feb 2025 01:52:19 -0800 (PST)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 920902A8A00 for <tls@ietf.org>; Thu, 27 Feb 2025 01:52:19 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5e0573a84fcso957864a12.2 for <tls@ietf.org>; Thu, 27 Feb 2025 01:52:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thomwiggers.nl; s=google; t=1740649938; x=1741254738; darn=ietf.org; h=message-id:in-reply-to:to:references:date:subject:mime-version:from :from:to:cc:subject:date:message-id:reply-to; bh=IUkfD/favUmQuGY/CqQ0mgSIqYcz7ipFyJEhbQQc7hc=; b=MvupmbkYUD3NbmgXYdJP/dmfGaZZhphNDzuMoe3DWsornp4IHgx0sotudDLqap05Pf Y4cbjINFB6bPeqrVsiMQcFiX6HFNhfpuL1AairktpI9md2yZC19UE7nPywGZLBW5+6E+ LvJVPqmIOIzJpJ4Dca5JHHTozwMkHt7idIqQg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740649938; x=1741254738; h=message-id:in-reply-to:to:references:date:subject:mime-version:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IUkfD/favUmQuGY/CqQ0mgSIqYcz7ipFyJEhbQQc7hc=; b=mROxN7lyagn55SL2QddyukBEByGQUkbOSJ9IB52PN9vtZLJGJOfqTn3UlzVYTf/XSW x/VNE+vFpH9xGVEwORinf1cevW7KTIcBpTUQorJKSC1MHPh0aSYa3TPSBShzRoPIKhsb 8ddv71jn4Q/SARtCcw6qOfAUBRw6yyEAJ3BgNL3Rt1Ajp9EeH8qMBhMZnjVg7haOms0P CzXWiI0On/2QJSFKbuh7NXLved0MsOrxtkrKbyTzXLlMtOFVQmV7A0cSdkGLVWgORiqn hF/br+LSXiBeEw8Umdnb/5Vf4W1SoQd4AFr/+2Ob2n4LA/oumA3M2dBQ1sqgeAGGASvP BWHQ==
X-Gm-Message-State: AOJu0Yz2cMj5yCuNzoKNDF0LlIr+0aLb25sl1IWAvPOEnTz72g6KPTHn vc8lUb8teMGm5xJ73E/1OOW+6XRsAzhFnRQMvacKWthscJaLh4BPFKLOYHinisg9JXUGJHTlk8g q
X-Gm-Gg: ASbGncs8n557XI1EHjoxfSO/wn5BW7toY4kcxqP0HZqOoI/84psWKhLZNM1Mt61hNEk ScHsPvB6Lwz0ITuDT/g8IYjcNkLzMMzoeesd9OtPopHg9vsYZtMw+jibRIC6i3mctwVMByqib7n us0gL3vTsqEET6amcn5ugJ+oG/MDbSNedPg7WN1hzYH4XBSoZgLg8HjfjeF2j1NvCOM10256nMK o5EzIeH6I+Tb7xcPdpULmI8XfbjHvNwN56ucsmyo70cdth41RtonDeH1LAAIzeH/D70UwO6FXc4 3MXuMpKnZRRTuGYD6GreUPw6zpW0grTIR59LZbYQPnUOmOzhzNqpoj/griVfnv1uygVpu7kEo0Z dZzM3wg==
X-Google-Smtp-Source: AGHT+IFv8TTabobS4airChOgx5gFKJ+70divfNwUk/3YwwiHUzidQ61yyoHb2Q56lTy1FoB29qlkVA==
X-Received: by 2002:a17:906:6a04:b0:ab3:a18f:fe7f with SMTP id a640c23a62f3a-abc0da301c3mr2632161866b.28.1740649938151; Thu, 27 Feb 2025 01:52:18 -0800 (PST)
Received: from smtpclient.apple (139-165-187-31.ftth.glasoperator.nl. [31.187.165.139]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c6ed8d5sm95411166b.101.2025.02.27.01.52.17 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Feb 2025 01:52:17 -0800 (PST)
From: Thom Wiggers <thom@thomwiggers.nl>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B25B1D61-ABC0-4A8C-B301-AD2597CA56E4"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.400.131.1.6\))
Date: Thu, 27 Feb 2025 10:52:06 +0100
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net>
To: "<tls@ietf.org>" <tls@ietf.org>
In-Reply-To: <E0D776C8-FD56-4D0B-BDC1-3AB88A8CEE88@heapingbits.net>
Message-Id: <CC472E40-3B0C-4417-93F6-CFBA4F271D6A@thomwiggers.nl>
X-Mailer: Apple Mail (2.3826.400.131.1.6)
Message-ID-Hash: 5OTC3N4AGDIQKBQZRXM6WCCYKLSCH2OF
X-Message-ID-Hash: 5OTC3N4AGDIQKBQZRXM6WCCYKLSCH2OF
X-MailFrom: thom@thomwiggers.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XC6XzovnJH_8pWCZuHUPFXczuZw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I support adoption of this draft. > Op 26 feb 2025, om 20:16 heeft Christopher Wood <caw@heapingbits.net> het volgende geschreven: > > As I understand it, the purpose of this draft is to specify an interoperable key exchange mechanism that we can deploy. The draft already has code points allocated to it, and they exist in the registry <https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>, so I wonder: what is the point of adopting this draft when the important work is already done? If it’s that some folks won’t implement it until there’s an RFC number assigned to it, well, that’s pretty silly. I support adoption if it helps this work get implemented more broadly, but I think it’s worth asking whether or not this is a good use of an already busy working group’s time. I agree with Chris’s point, but as others have also echoed, third parties don’t seem to really appreciate the finer points of the levels of IETF standardizations. I recently read this in the UK NCSC’s guidance on PQC: > The NCSC strongly advises that operational systems should use protocol implementations based on RFCs, not on Internet Drafts. https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography So it seems we either have a lot of educating to do, or we can just settle for adopting a few more drafts while acknowledging that it’s slightly performative. Cheers, Thom > > Best, > Chris > >> On Feb 26, 2025, at 1:26 PM, Sean Turner <sean@sn3rd.com> wrote: >> >> At IETF 121, the WG discussed “Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3”; see [0] and [1]. We also had some discussion in an information gathering thread; see [2]. We would like to now determine whether there is support to adopt this I-D. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this I-D, please send a message to the list and indicate why. This WG adoption call will close at 2359 UTC on 12 March 2025. >> >> One special note: this adoption call has nothing to do with picking the mandatory-to-implement cipher suites in TLS. >> >> Thanks, >> Sean & Joe >> >> [0] Link to I-D: https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/ >> [1] Link to slides: https://datatracker.ietf.org/meeting/121/materials/slides-121-tls-post-quantum-hybrid-ecdhe-mlkem-key-agreement-for-tlsv13-00 >> [2] Link to information gather thread: https://mailarchive.ietf.org/arch/msg/tls/yGZV5dBTcxHJhG-JtfaP6beTd68/ >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS] WG Adoption Call for Post-Quantum Hybrid EC… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Scott Fluhrer (sfluhrer)
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Eric Rescorla
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: [EXTERNAL] WG Adoption Call for Post-Qu… Andrei Popov
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Wood
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Salz, Rich
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Patton
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Joseph Birr-Pixton
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Mike Ounsworth
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Rob Sayre
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Deirdre Connolly
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Mike Ounsworth
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Martin Thomson
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Andrei Popov
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Filippo Valsorda
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Russ Housley
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Viktor Dukhovni
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Wood
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Jan Schaumann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Peter Gutmann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Adrian
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Mike Shaver
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Jan Schaumann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Eric Rescorla
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Loganaden Velvindron
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Arnaud Taddei
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Thom Wiggers
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Alicja Kario
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Salz, Rich
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Loganaden Velvindron
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Alicja Kario
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Andrew Scott
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Watson Ladd
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Kris Kwiatkowski