[TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
Tim Hudson <tjh@openssl.org> Fri, 07 March 2025 10:22 UTC
Return-Path: <tjh@openssl.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 902BB8C20EE for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:22:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=openssl.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wGMu6IziRrqd for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:22:16 -0800 (PST)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7D3788C20DB for <tls@ietf.org>; Fri, 7 Mar 2025 02:22:16 -0800 (PST)
Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-22423adf751so20101825ad.2 for <tls@ietf.org>; Fri, 07 Mar 2025 02:22:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openssl.org; s=google; t=1741342935; x=1741947735; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=QaO7GIZy8RaHXI5NGj2feWWLLxJKQCjbAlKKH7H7vC0=; b=V/aj4ci+3l9Lpv0d+vl6S8sUy3JXz6O58wpf80W63HdxzQpmU5uXhC3uu1ejI1sJl3 b7POKUowaJs2QWGcblkC/m7zhl18zZ6tXWQ4Mho+08LZs50YAzvKds71pyMsTVG1V/y/ uOnJsZ89N4sBjj41qT0MS+gWwlHOJhOBMMC2bWBbns3MlXpjvR5esHLfNKoSXKnytT2Y WBJHm2H0pAu8MxyjM/j1GOT7AiO2KApPxT+M8ytgpaialVQlN2wU7tafaslNcZd/gnxV a753O03ResJlKcPcIbaPr0A6Pi38/IBAZHWDtDTTgqaCeDLRJVVmEn4QQN2DoG/xSeHl m3qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741342935; x=1741947735; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=QaO7GIZy8RaHXI5NGj2feWWLLxJKQCjbAlKKH7H7vC0=; b=M5a14j/0LH0+jG8JL7QIWCqCHm0euEbgBR+E0edMyjHfyx1m+KFOYxjPUqQYUCo0wo aLKgqsCuwCbq74EozEwyNQk0uUSPneRJ+qjt0R2yDR8bM6bdpdYMvxHBgWSNMaRYwGjH EwZ/sfZTmtdNhdvqmwR+hKMNDU9Hnx7KiNvjEPNHsbNvtBfx4+S7Tt/2tlyQSbJkswSG M3hR4cgEX0cfumZ+QRAjOm4KQrHgMMOCuylW/ewXlpH8FpThYSG1zsqkrFznwYAZzPQh LsychZMqd0K2mk6+t33/Tvz4e0Pu9/s9Mx9yhKflc4mFWUqYmxzSH+Clp43WmKLvovNW jYHQ==
X-Gm-Message-State: AOJu0YwmT0jh4mSVA7R0lNhRo4kOddWxK0pdsj/DLlF/KeWsj+qwlqAc /Ezf+wveBOKUYm/CBAQzLSw0aNL2lLe+bGf4bW/RIbh2NmdKJzy6dhPZRBqWuAAPZ6+q+GlFae5 NMiUeI3qxc7mmso+SYa4G96UWgen0DGeDM3ZmPboAyxW5//YUxM8=
X-Gm-Gg: ASbGncsZbJJd8VvKVCieWtmmfnKjE/4IiYIJ1osPaTBMNvlHiI57WCNTAGlfRnvxhSC /aX4Mzx0Ky7/4JRTEbYplltFsORuOLnjkF5KAtfaBYRZj6WJGPLv70zQZuvY8WWNHoWmFbrC1nm hPb97yQfs0k486q7/nxKWf7q4p
X-Google-Smtp-Source: AGHT+IH6tSpgamc7FEgONe1m+O0JWbLFVwZvmDvrAaqmw6mQVX3F22L3LK6DovOPvLDwZ1D1uv2M1uHgxNSjLsFkdEs=
X-Received: by 2002:a05:6a00:3081:b0:736:ab1d:83c4 with SMTP id d2e1a72fcca58-736ab1d90f4mr3292604b3a.0.1741342935376; Fri, 07 Mar 2025 02:22:15 -0800 (PST)
MIME-Version: 1.0
References: <ecbe460a-578e-4c2b-a58b-adecbe63abdf@cryptonext-security.com> <Z8mdhmuunvsHEhkZ@chardros.imrryr.org> <AS5PR07MB96758D66E90B56568326199089CA2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAMjbhoVhWt6bS0GeMqJDu6goQ=zNXQ_yHLXYukN6Q4O6ij7AtQ@mail.gmail.com> <Z8pv88GK2t_95t2a@chardros.imrryr.org> <3e3c6310-984d-4288-9bca-afdaf187b892@amongbytes.com>
In-Reply-To: <3e3c6310-984d-4288-9bca-afdaf187b892@amongbytes.com>
From: Tim Hudson <tjh@openssl.org>
Date: Fri, 07 Mar 2025 20:22:04 +1000
X-Gm-Features: AQ5f1Jq-ZyYXdJ-LZaNnpk_5c29Jl-VfRe4Xq1Pql8B9FRy0fdbi-UYrhmZFBNg
Message-ID: <CANKrMkhzfjuLqYEMu122bRM609TFmCdDrJmV_ZkgnUuurCz3GQ@mail.gmail.com>
To: Kris Kwiatkowski <kris@amongbytes.com>
Content-Type: multipart/alternative; boundary="00000000000018830b062fbdffe1"
Message-ID-Hash: SN77Y66OAR2YNEEDRXHPX2JUBNHLVZBO
X-Message-ID-Hash: SN77Y66OAR2YNEEDRXHPX2JUBNHLVZBO
X-MailFrom: tjh@openssl.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_K6d16V7Hxg3X8CgySq8EWuo7wY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Fri, Mar 7, 2025 at 7:01 PM Kris Kwiatkowski <kris@amongbytes.com> wrote: > May I know if you have a plan for FIPS certificaton for PQC after release? > Absolutely - OpenSSL-3.5 will be heading into a fresh FIPS140-3 validation in April once the release is final - and that will include the PQC algorithms that have been added. Our testing for ML-KEM, ML-DSA and SLH-DSA uses ACVP published test data as the basis along with some interesting scripts to get the test data into a format our test suites support. There is also a multi-vendor KMIP PQC interop running this week that has vendors using OpenSSL-3.5 and Bouncy Castle Java 1.81 (beta) and that is exercising the same ACVP tests via KMIP between KMIP clients and KMIP servers - but that is in the context of the day job rather than OpenSSL - see https://groups.oasis-open.org/discussion/kmip-tc-interop-process-2025-for-pqcpdf-uploaded as a starting point for information on that activity. That testing also covers X25519MLKEM768 for those vendors which have that capability enabled. ML-DSA certificates are not within the scope of that test activity. There is also on-going discussion between vendors about a PKCS#11 v3.2 PQC focused interop but timing and participants for that haven't yet been figured out. Tim
- [TLS] ML-KEM IANA and draft-connolly-tls-mlkem-ke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Salz, Rich
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Bas Westerbaan
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Deirdre Connolly