IETF Logo Mail Archive

[TLS] Re: Form of Appeals (Re: Complaint to IAB regarding non-transparency)

Nico Williams <nico@cryptonector.com> Tue, 14 October 2025 21:46 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 69F167397ED3; Tue, 14 Oct 2025 14:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pC8oKVqkQsrx; Tue, 14 Oct 2025 14:46:39 -0700 (PDT)
Received: from dwarf.ash.relay.mailchannels.net (dwarf.ash.relay.mailchannels.net [23.83.222.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A4D127397ECE; Tue, 14 Oct 2025 14:46:38 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B48F06C1763; Tue, 14 Oct 2025 21:46:31 +0000 (UTC)
Received: from pdx1-sub0-mail-a226.dreamhost.com (100-114-209-192.trex-nlb.outbound.svc.cluster.local [100.114.209.192]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6C9B16C0F2E; Tue, 14 Oct 2025 21:46:31 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1760478391; a=rsa-sha256; cv=none; b=IWZQBxkeF+jTkthbK0AKUBaEiKiXSOp8iGDlf0biKtecBG+fGRanZS2DspdHt8wYUgB3h2 tts0WFGYRnsGtaiRtDkBZiabfueTt3XboXqJVJ/rCTew70U7kIMid0nfqs4a50NUezj967 5S6N0ia/lQWvyvHsRvVtp+m3+jcySFpY/yvLkXbxiB+Rd0slgtzAw1tAp8rNFwMKH/m/4s TqTltDvhXY6oryLRvBr3LYk8osqk5nCARw6ohF2EEnZN68SPBDJKjFkcb/IbaF21XrilwL 0l2FuQajwbRIe0+7dzvoMgG6OuDfMrpM2EjWt7vz42f7Ublr/aL9FtjAPhmFFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1760478391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PJgJf44/83io7IwWHtyCbmdGF5K0rL9yVIr24t7KRqc=; b=ItRvPQ9QgX3iMNNf32Y1KE0jpgFf3axRd/oxQFC1qCScV9zxddI+BVFZtuUmqjVqvBt4zJ THoTbmXGEqglf7bdYFiH04DRyhzXGYnKQHud0DiKLrshvPurxpGGHd+58Sf3+eRih/vLhR +/dAByd0xlOFr1M9JnKTC7i5dvqTfnEq/a4CjoVYX6Yio37LKgAr2QnBTqKsFx2rygKGnN ufvWMXhJPIUAuKpb6mfVx82jaE5AtLRaLOCN/YhhzRGlIGm0hAnTkbAhiUqWBIWUfkQTlo Mu6F/QVYH71umlh57MyZ3iV4aAg0/13tiSYQDJmwyUpDb2pVUR5HUDGcVp+J5g==
ARC-Authentication-Results: i=1; rspamd-777888ddf6-m65v7; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Harbor-Abiding: 01092f0b3fa73b48_1760478391540_3839711119
X-MC-Loop-Signature: 1760478391540:2791798538
X-MC-Ingress-Time: 1760478391540
Received: from pdx1-sub0-mail-a226.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.114.209.192 (trex/7.1.3); Tue, 14 Oct 2025 21:46:31 +0000
Received: from ubby (unknown [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a226.dreamhost.com (Postfix) with ESMTPSA id 4cmSTf4PzJzF1; Tue, 14 Oct 2025 14:46:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1760478391; bh=PJgJf44/83io7IwWHtyCbmdGF5K0rL9yVIr24t7KRqc=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=OgXVrC2uiO++2xEwgS/pEpZ5DarcX6YvGCKJv8Dto1IgM5bouHk8mWrJ2DvfgOqo1 qYiKyHE3H/vp4b6h5LJY5sjg1ZEEuPJEjB52cQzky3pClarDssgNteV2PXG1zPlkbW ta77AihtMcBLZgva2jvPrFrhDhp6ZctTgfXCyJulpFzaf23m5ZA0Xdy0auhQO6nvGM PhqPGHxf9lZ9AYf9nM0UQfoR3HAJ7yFS2/sqZA8AjBKoZIoin7oI/uqJa+In+CSRie ERlj1zD6k9OlC8vlvQ5pGLfTZfbPPi72GqgSyB0icuWmRaMOp7pK1Eiplwoi1Ew7E1 PDuYGj6mdzUQw==
Date: Tue, 14 Oct 2025 16:46:28 -0500
From: Nico Williams <nico@cryptonector.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <aO7EtDJNruOyvugy@ubby>
References: <20251012120146.248204.qmail@cr.yp.to> <CAHBU6isG-ATTayNpDZf1SpraCeuy1m0a27Z3jSqneEqYdg5H_Q@mail.gmail.com> <aO6j1Noy3mwbOInt@ubby> <aO6x8BLq3C0ED5zO@ubby> <CABcZeBPT50V-ow2Fb4VhrZmBEb1tLCMLuH2dBng1aE+x6MfPxQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CABcZeBPT50V-ow2Fb4VhrZmBEb1tLCMLuH2dBng1aE+x6MfPxQ@mail.gmail.com>
Message-ID-Hash: PMCZXVANKTYPPU2QFHZ53SR2P234PO76
X-Message-ID-Hash: PMCZXVANKTYPPU2QFHZ53SR2P234PO76
X-MailFrom: nico@cryptonector.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "D. J. Bernstein" <djb@cr.yp.to>, sob@sobco.com, ietf@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Form of Appeals (Re: Complaint to IAB regarding non-transparency)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YjYKiztu3JmWiaAUz0O3szeMHMQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Tue, Oct 14, 2025 at 01:44:22PM -0700, Eric Rescorla wrote:
> On Tue, Oct 14, 2025 at 1:30 PM Nico Williams <nico@cryptonector.com> wrote:
> > I should add that if the necessary codepoint registrations are
> > Specification Required (as they are here),
> 
> Indeed the code points have already been assigned for MLKEM.

Right.

> > then a policy of non-
> > publication of PQ-only suites would have no real effect unless the
> > registration policy is changed to be IESG Protocol Action.
> 
> This change seems like it would be very unlikely, given that we
> changed to the current policy precisely to address this this
> kind of debate (which has obviously not succeeded completely).

Nonetheless the industry has been burned by Dual_Ec, as you know, and
this looks like it could possibly be repeat.  Given that we can't really
forbid pure-PQ, it should at least come with warnings to use it mainly
where performance is essential and mainly only in, e.g., corporate
networks.

Thus perhaps we should indeed publish pure-PQ as Experimental and with
caveats.  Granted, people see "RFC" and think "standard", and don't look
inside, but since it will ship, we might as well have an Experimental
RFC.

[0] And the extended random that enabled Dual_Ec's use as a backdoor.

Nico
--

v2.46.0 | Report a Bug | By Email | System Status