[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM KeyAgreement for TLSv1.3
Alicja Kario <hkario@redhat.com> Thu, 13 March 2025 10:01 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 65B41AC64C5 for <tls@mail2.ietf.org>; Thu, 13 Mar 2025 03:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQeBPAuqZ_cO for <tls@mail2.ietf.org>; Thu, 13 Mar 2025 03:01:25 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BC4DAAC64BC for <tls@ietf.org>; Thu, 13 Mar 2025 03:01:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1741860085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ue6x7wN8silWnhbbyFUFOuL9de5vZKefcrWv20AWy0k=; b=ZIFNe3VTIBreGoHfhVx9PuqRodO3++j90GKzoH+YoxCQEYvTgrypd/+lf0TV21zqAs7Tk1 8ezFTqqYJ+SsndnjZTt0KOdPJCGEXfxmKUV+GnYqrYBrksfVxkI+NTRNLszLDk9o6x9WZj giE8Y2p+Z58DsMYz4f8+d6AUJIesPzY=
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-25-CZHoJcQHOGKv12XZkaTqIQ-1; Thu, 13 Mar 2025 06:01:22 -0400
X-MC-Unique: CZHoJcQHOGKv12XZkaTqIQ-1
X-Mimecast-MFC-AGG-ID: CZHoJcQHOGKv12XZkaTqIQ_1741860081
Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-43bd0586a73so5129045e9.2 for <tls@ietf.org>; Thu, 13 Mar 2025 03:01:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741860081; x=1742464881; h=content-transfer-encoding:user-agent:organization:references :in-reply-to:message-id:mime-version:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ue6x7wN8silWnhbbyFUFOuL9de5vZKefcrWv20AWy0k=; b=jAMjgiPcTlgEZkZXr2XLsgU2X8s8YwHYxlmiw2dSfS0149RkUaq42/9xyKq8+5g2fV sRYF4wDUraS3mUNeEPrEmbe4IBz41ybFcpt/ZBzKsywvgQnMe7n8rYHygvdRAx010rUz 5ebjWWcVhNJ0q7sPa86eYbhox8kNoQCzWlrXmZPyCoE7Ul2UrEqMbzhvC/E/i7J8YpTl Ap8S21HCiQXBIVI4QWWHuRrDhYmf5S0sCnySW4TccFrl43yuZX7GFK1rCnbN+jlSIYyZ z6jVo23dzczjLc5YcBJMnoQkqcLHZL1MpCfJlj7KYoGXz6lMwc4VRPcAFSwG/N5SZm1M LLvQ==
X-Forwarded-Encrypted: i=1; AJvYcCVvstqwlybH8Gq0XCbCSy8x4ZuUndxs19k8rRxxtm4MMHoopA8eNSleskQ6HuJYKauXV9Q=@ietf.org
X-Gm-Message-State: AOJu0YzsJLQKNqnDpMRxwsTF5M80TTvGNiS8HAq7x0IuGCpBmxqpNssi 7gWuYIdijl+XU+UBOtHe06uO+alvGO4FNBIuv6J5Qffq629kmXXD8P5ejLprYvy42CyBlouB+Sc dnw72T9xl92yzNIBpjZo5amr9kqx/PZbNCZudqPo+
X-Gm-Gg: ASbGncvjFJdSDlBy5J3QjEP0TV8Nj4Ub1aLH94CdkvpjsEn/pWJ8giiS2NHjhPUllwA 3Ft4GwanyIwwRu3pWEo0Vth1qHYpaZHdk2ybtrPqz0q5NZsRv/2Q7O0f7bIVTgEcvfefekZE/0t +jqUm2rzW/eqYUeIxN9Lr7KC26nIZw3otvJKMwZmbzll5OdhaRJOdn21usFdvfWHq0bygOTJp0v y/u0hNNy4fE60NnpZtZb52ShUXba/G73NK4F83kw6jPGID6ti9HbqcwqMlrn9kwljG3CiGx/aTD I7P2HoO2RaJGKSNjIMKJ5fma1aWWLaW8Qg==
X-Received: by 2002:a05:600c:1d1a:b0:43d:3df:42d8 with SMTP id 5b1f17b1804b1-43d03df4496mr94225635e9.6.1741860081009; Thu, 13 Mar 2025 03:01:21 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEcor6OkOALQB1r/9VPl4c3RqhbQiiITxtY8Dt1294M2pz/udXJbpCrLs7BC010L6C9cKsuVQ==
X-Received: by 2002:a05:600c:1d1a:b0:43d:3df:42d8 with SMTP id 5b1f17b1804b1-43d03df4496mr94225345e9.6.1741860080629; Thu, 13 Mar 2025 03:01:20 -0700 (PDT)
Received: from localhost (nat-pool-brq-u.redhat.com. [213.175.37.12]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43d0a8d0ca2sm47654415e9.37.2025.03.13.03.01.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Mar 2025 03:01:20 -0700 (PDT)
From: Alicja Kario <hkario@redhat.com>
To: Loganaden Velvindron <loganaden@gmail.com>
Date: Thu, 13 Mar 2025 11:01:14 +0100
MIME-Version: 1.0
Message-ID: <0a812421-c74f-4171-81db-8961a9f6d8f6@redhat.com>
In-Reply-To: <CAOp4FwQSAdbaZB_Az=Z3ZSoOwB+agCE8OwATUSm7vYMBnN3xdw@mail.gmail.com>
References: <68EDF12D-1C97-4823-AFFE-19BF261D7034@sn3rd.com> <8B632BD4-A604-4EE7-BC32-DEE8F7472338@sn3rd.com> <d2be6dc4-c566-4506-b400-1ddeaff73258@cs.tcd.ie> <CAOp4FwQSAdbaZB_Az=Z3ZSoOwB+agCE8OwATUSm7vYMBnN3xdw@mail.gmail.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.15; wayland; Linux; Fedora release 40 (Forty)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: h7tZlpFRfhNSE2XhIKwd7vzjMhPdZRxBRh55JkktXW8_1741860081
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: JVH5FYBWX42U6I7D7FWLAD5YALT3WJMD
X-Message-ID-Hash: JVH5FYBWX42U6I7D7FWLAD5YALT3WJMD
X-MailFrom: hkario@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM KeyAgreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aFIOprZ2tX_mR6NtKlBDwWxjdqU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Thursday, 13 March 2025 06:55:48 CET, Loganaden Velvindron wrote: > On Sat, 1 Mar 2025 at 00:22, Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: >> >> >> Hiya, >> >> On 28/02/2025 18:56, Sean Turner wrote: >>> In response to the WG adoption call, Dan Bernstein pointed out some >>> potential IPR (see [0]), but no IPR disclosure has been made in >>> accordance with BCP 79. >> >> While I don't think the lack of an IPR declaration is fatal >> here, I do think it'd be great if that uncertainty could be >> reduced. I think I saw that Russ tried to reach out to one >> of the possible patent holders to ask if they'd be willing >> to make a declaration. I've no idea where that's at, but I'd >> encourage the TLS chairs and SEC ADs to see if they can help >> get that to happen as reducing uncertainty would be good and >> if we can't, then this topic will just keep cropping up and >> Dan is not the only person I've heard express concerns in >> this regard. >> > > I agree with Dr Stephen on this one. It would help if we can get > declarations from > patent holders early. > > For example, OpenSSH implemented DSA as there was less risk of patents: > > " > The second major variety of SSH is the SSH 2 protocol. SSH 2 was > invented to avoid the patent issues regarding RSA (patent issues which > no longer apply, since the patent has expired), to fix the CRC data > integrity problem that SSH1 has, and for a number of other technical > reasons. By requiring only the asymmetric DSA and DH algorithms, > protocol 2 avoids all patents. > " > > If there is any risk of a patent, can we look at a backup choice for > ML-KEM in TLS, > especially for implementers who are very patent averse ? > > Should I start a new thread ? NIST has selected HQC for standardisation this week... No idea about its patent situation, or if we want something with ciphertexts this big in TLS... (reminder: 4.4 kiB, 8.8 kiB, and 14.1 kiB for 128, 192 and 256 bit level of security respectively) -- Regards, Alicja Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
- [TLS] WG Adoption Call for Post-Quantum Hybrid EC… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Scott Fluhrer (sfluhrer)
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Eric Rescorla
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: [EXTERNAL] WG Adoption Call for Post-Qu… Andrei Popov
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Wood
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Salz, Rich
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Patton
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Joseph Birr-Pixton
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Mike Ounsworth
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Rob Sayre
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Deirdre Connolly
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Mike Ounsworth
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Martin Thomson
- [TLS] Re: [EXTERNAL] Re: WG Adoption Call for Pos… Andrei Popov
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Filippo Valsorda
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Russ Housley
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Viktor Dukhovni
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Christopher Wood
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Benjamin
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Jan Schaumann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Peter Gutmann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… David Adrian
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Mike Shaver
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Jan Schaumann
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Eric Rescorla
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Loganaden Velvindron
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Arnaud Taddei
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Thom Wiggers
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Alicja Kario
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Salz, Rich
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Loganaden Velvindron
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Alicja Kario
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… D. J. Bernstein
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Stephen Farrell
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Andrew Scott
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… John Mattsson
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Watson Ladd
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Sean Turner
- [TLS] Re: WG Adoption Call for Post-Quantum Hybri… Kris Kwiatkowski