From sayrer@gmail.com Wed Mar 6 10:48:17 2024 Return-Path: X-Original-To: tls@ietfa.amsl.com Delivered-To: tls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32629C14F5E5 for ; Wed, 6 Mar 2024 10:48:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.106 X-Spam-Level: X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzEMRlk_L3Dp for ; Wed, 6 Mar 2024 10:48:16 -0800 (PST) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD2A8C14F5E3 for ; Wed, 6 Mar 2024 10:48:16 -0800 (PST) Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-a3ed9cae56fso218407366b.1 for ; Wed, 06 Mar 2024 10:48:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709750895; x=1710355695; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NoLQdmBsYONYOodTOu5GlX3Hked4w7sOCHkxwApDbGw=; b=YOGSMeI80zGDR4+gMaj/qsyCz1rqmQtrACdnARTPpzOykMCPMxHBAnA2CxQkXdze+P 1jbXDOC0alhvTJ2CEp+F25or3BpdgNJw96JHwJonLTmCMe1rWmM0YUZZON1h4Qsn2bJ6 FWSpXccSAg6H5PFjPc1lKkimkaEjfWH/Ad2d3Uz5itEbT8m+fcqmF86J6tBFQpdqYqQq vkC/JCKV+jEyAUtOaieeQ6L7AG08iF3AAAOPVUdxGsuFS6JDl6GnOGFTQ+Jo8Yk2Ve2e Fsk2kFROFOb0jbQWQRF5DV4tDBNtIQXUkIWG/vraGAUuT1l+XQLKpvl7cHyriBOxWEx6 /mWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709750895; x=1710355695; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NoLQdmBsYONYOodTOu5GlX3Hked4w7sOCHkxwApDbGw=; b=WVGTP6mpFYaWfpali3q0Ik9Z93MwnOMG8D/NN8PCtrMzTSUVpSN6bJydTMa8URUeuf qT62S/uewJ7ukzlqmiJMXq+6Y+tyjFR5Ij13ZTS6IggBT84t/HV9It+cyyyMX3oDS6jQ zha/FEaek7w6Kn9UuZfHVoQD7xnK1gk97tiaPmB5/kwevKCbqK8P9eKcwR2Pv6m9ez4m pYxHRZoa7xbptWVQX+kL1QmQA18xK6STy/DojRR2qhaUPSX/2mBtHVTud0WXTUTKwptk B2ZUlMWK4YLtfR1TWWl+el9p8QTt8ClykGYnNJuBFmo/eZAPOo+FR7WaDYkiw/0532vn 9f8Q== X-Forwarded-Encrypted: i=1; AJvYcCWETQG2wXaQ6EMn7scVPyA7jGO3LUyTYNQZyf0FVfBKt/mIxqqmjpTG1Z0Q4cEuxC7H7N36+/6rDMvxVto= X-Gm-Message-State: AOJu0YwtlztxpL/7PmsAHaPnFgro53FV+HgpTc3RzrViVnY/KOd4qllN 4Chbo7XDcui5VU9IdwBhiG0PZHl5BlJfpgXN6swQJKgHteEUMIVo56Tb4mA1t6aXA3EV7PG9LoY /DeV+lwmlsTkPi3+ikbBufguStIo= X-Google-Smtp-Source: AGHT+IFJH3870slAAWgKKTG61Aty4mO/wHY2b3hbKiVe/SV7Fe89g/CAE6fQZy6UqXE36Wgbp98HpcCHrfAGtlS+1I0= X-Received: by 2002:a17:906:d287:b0:a3f:50f0:7a0a with SMTP id ay7-20020a170906d28700b00a3f50f07a0amr6088668ejb.20.1709750894449; Wed, 06 Mar 2024 10:48:14 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Rob Sayre Date: Wed, 6 Mar 2024 10:48:02 -0800 Message-ID: To: Eric Rescorla Cc: Deirdre Connolly , "TLS@ietf.org" Content-Type: multipart/alternative; boundary="000000000000b7de6d0613026662" Archived-At: Subject: Re: [TLS] ML-KEM key agreement for TLS 1.3 X-BeenThere: tls@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2024 18:48:17 -0000 --000000000000b7de6d0613026662 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Mar 6, 2024 at 9:22=E2=80=AFAM Eric Rescorla wrote: > > > On Wed, Mar 6, 2024 at 8:49=E2=80=AFAM Deirdre Connolly > wrote: > >> > Can you say what the motivation is for being "fully post-quantum" >> rather than hybrid? >> >> Sure: in the broad scope, hybrid introduces complexity in the short-term >> that we would like to move off of in the long-term - for TLS 1.3 key >> agreement this is not the worst thing in the world and we can afford it, >> but hybrid is by design a hedge, and theoretically a temporary one. >> > > My view is that this is likely to be the *very* long term. > Also, the ship has sailed somewhat, right? Like Google Chrome, Cloudflare, and Apple iMessage already have hybrids shipping (I'm sure there many more, those are just really popular examples). The installed base is already very big, and it will be around for a while, whatever the IETF decides to do. thanks, Rob --000000000000b7de6d0613026662 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, Mar 6, 2024 at 9:22=E2=80=AFAM Er= ic Rescorla <ekr@rtfm.= com> wrote:

<= br>
On Wed,= Mar 6, 2024 at 8:49=E2=80=AFAM Deirdre Connolly <durumcrustulum@gmail.com> wr= ote:
> Can you say what the motivation is for being "fully post-qu= antum" rather than hybrid?
=C2=A0
Sure: in the broad scope, hyb= rid introduces complexity in the short-term that we would like to move off = of in the long-term - for TLS 1.3 key agreement this is not the worst thing= in the world and we can afford it, but hybrid is by design a hedge, and th= eoretically a temporary one.

My= view is that this is likely to be the *very* long term.
<= /blockquote>

Also, the ship has sailed somewhat, right? = Like Google Chrome, Cloudflare, and Apple iMessage already have hybrids shi= pping (I'm sure there many more, those are just really popular examples= ). The installed base is already very big, and it will be around for a whil= e, whatever the IETF decides to do.

thanks,
<= div>Rob

--000000000000b7de6d0613026662--