IETF Logo Mail Archive

Re: [TLS] ML-KEM key agreement for TLS 1.3

Rob Sayre <sayrer@gmail.com> Wed, 06 March 2024 18:48 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32629C14F5E5 for <tls@ietfa.amsl.com>; Wed, 6 Mar 2024 10:48:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzEMRlk_L3Dp for <tls@ietfa.amsl.com>; Wed, 6 Mar 2024 10:48:16 -0800 (PST)
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD2A8C14F5E3 for <tls@ietf.org>; Wed, 6 Mar 2024 10:48:16 -0800 (PST)
Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-a3ed9cae56fso218407366b.1 for <tls@ietf.org>; Wed, 06 Mar 2024 10:48:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709750895; x=1710355695; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NoLQdmBsYONYOodTOu5GlX3Hked4w7sOCHkxwApDbGw=; b=YOGSMeI80zGDR4+gMaj/qsyCz1rqmQtrACdnARTPpzOykMCPMxHBAnA2CxQkXdze+P 1jbXDOC0alhvTJ2CEp+F25or3BpdgNJw96JHwJonLTmCMe1rWmM0YUZZON1h4Qsn2bJ6 FWSpXccSAg6H5PFjPc1lKkimkaEjfWH/Ad2d3Uz5itEbT8m+fcqmF86J6tBFQpdqYqQq vkC/JCKV+jEyAUtOaieeQ6L7AG08iF3AAAOPVUdxGsuFS6JDl6GnOGFTQ+Jo8Yk2Ve2e Fsk2kFROFOb0jbQWQRF5DV4tDBNtIQXUkIWG/vraGAUuT1l+XQLKpvl7cHyriBOxWEx6 /mWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709750895; x=1710355695; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NoLQdmBsYONYOodTOu5GlX3Hked4w7sOCHkxwApDbGw=; b=WVGTP6mpFYaWfpali3q0Ik9Z93MwnOMG8D/NN8PCtrMzTSUVpSN6bJydTMa8URUeuf qT62S/uewJ7ukzlqmiJMXq+6Y+tyjFR5Ij13ZTS6IggBT84t/HV9It+cyyyMX3oDS6jQ zha/FEaek7w6Kn9UuZfHVoQD7xnK1gk97tiaPmB5/kwevKCbqK8P9eKcwR2Pv6m9ez4m pYxHRZoa7xbptWVQX+kL1QmQA18xK6STy/DojRR2qhaUPSX/2mBtHVTud0WXTUTKwptk B2ZUlMWK4YLtfR1TWWl+el9p8QTt8ClykGYnNJuBFmo/eZAPOo+FR7WaDYkiw/0532vn 9f8Q==
X-Forwarded-Encrypted: i=1; AJvYcCWETQG2wXaQ6EMn7scVPyA7jGO3LUyTYNQZyf0FVfBKt/mIxqqmjpTG1Z0Q4cEuxC7H7N36+/6rDMvxVto=
X-Gm-Message-State: AOJu0YwtlztxpL/7PmsAHaPnFgro53FV+HgpTc3RzrViVnY/KOd4qllN 4Chbo7XDcui5VU9IdwBhiG0PZHl5BlJfpgXN6swQJKgHteEUMIVo56Tb4mA1t6aXA3EV7PG9LoY /DeV+lwmlsTkPi3+ikbBufguStIo=
X-Google-Smtp-Source: AGHT+IFJH3870slAAWgKKTG61Aty4mO/wHY2b3hbKiVe/SV7Fe89g/CAE6fQZy6UqXE36Wgbp98HpcCHrfAGtlS+1I0=
X-Received: by 2002:a17:906:d287:b0:a3f:50f0:7a0a with SMTP id ay7-20020a170906d28700b00a3f50f07a0amr6088668ejb.20.1709750894449; Wed, 06 Mar 2024 10:48:14 -0800 (PST)
MIME-Version: 1.0
References: <CAFR824wL3sZKoD6OzVpOi8=HZ+aFjqVi4L8UsF8b0p18KOEqVA@mail.gmail.com> <CABcZeBPFidzshG2ZM0+JKc73prvan4_FWTTr6r1byxAeXkkcOw@mail.gmail.com> <CAFR824zbHgwCcHi6C7SATP5q0M7N7rYAjHXt9pGAnK=KDJCJhA@mail.gmail.com> <CABcZeBNth=9q9cyxZD96Ywsw5k0nRk4GbeZA38=P9NmuOc6HPg@mail.gmail.com>
In-Reply-To: <CABcZeBNth=9q9cyxZD96Ywsw5k0nRk4GbeZA38=P9NmuOc6HPg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 06 Mar 2024 10:48:02 -0800
Message-ID: <CAChr6Sz4eu3f0bhJXdEg-zQZsa=MYhZzVzi-HuWaSOeso-F3zw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Deirdre Connolly <durumcrustulum@gmail.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b7de6d0613026662"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YAoTpjANvhrCFtzk6PwPMFFVMJs>
Subject: Re: [TLS] ML-KEM key agreement for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 18:48:17 -0000

On Wed, Mar 6, 2024 at 9:22 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Wed, Mar 6, 2024 at 8:49 AM Deirdre Connolly <durumcrustulum@gmail.com>
> wrote:
>
>> > Can you say what the motivation is for being "fully post-quantum"
>> rather than hybrid?
>>
>> Sure: in the broad scope, hybrid introduces complexity in the short-term
>> that we would like to move off of in the long-term - for TLS 1.3 key
>> agreement this is not the worst thing in the world and we can afford it,
>> but hybrid is by design a hedge, and theoretically a temporary one.
>>
>
> My view is that this is likely to be the *very* long term.
>

Also, the ship has sailed somewhat, right? Like Google Chrome, Cloudflare,
and Apple iMessage already have hybrids shipping (I'm sure there many more,
those are just really popular examples). The installed base is already very
big, and it will be around for a while, whatever the IETF decides to do.

thanks,
Rob

v2.46.0 | Report a Bug | By Email | System Status