[TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM
John Mattsson <john.mattsson@ericsson.com> Wed, 05 November 2025 09:06 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 06B9E834CF6F for <tls@mail2.ietf.org>; Wed, 5 Nov 2025 01:06:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id urv9g2Rc0dtl for <tls@mail2.ietf.org>; Wed, 5 Nov 2025 01:06:05 -0800 (PST)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11010011.outbound.protection.outlook.com [52.101.69.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 015AB834B6BE for <tls@ietf.org>; Wed, 5 Nov 2025 00:59:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SSo7hFiLyI2C/zRX58RBBLxDnNISj6wnCcjdiTzWSPECv9p1DQ0uCqy98IcuI9Xfm+d+365vn+QLLIGVYLgLjRjPDO9jJIHOeN1SlCZkow6vhs8+sHXkPgFoi7ZJWWh3t/za2StLtxmmzHOLATLYfb8/liqVcmmD529gxWSoD36JCuJm1pvn+FR4RklZuf4392RVAltKdR2/RphOOkgY1dh+jJZOPQBArggiGTy6dDpjR7nAQxuRI7XTAA8rV5U5RXpnYRj/YKPOlfpmjtiN/CODKhLLv2pjRbKevTIx9W6WtVKK69OLLTUfilZwmJ9N0LaFxoocAVmFkST8odARtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oqhjRABqmzlWDyKzSllSVGEyg+oVoV9uEhVgFI7PgXQ=; b=XjIEMnAT+s+z/8aW5hohTLU3rLEendBPHng7XKVlBC9Bps88XYz4nv2HRbZTFbz8j+yoliv9d8NxdwEFb/Lg+GNwsqNWDU63lOsLQFY6/jgOzPcyoiDHrgA20ziVMO7Hf/qXxARnIpxbf5CoG+0ydDaof4QPsqHSs6l3sCVWg0kxOEGhxrt9MZcgWG5SOgF00OljQabG+k3MVy/k6feK64QORwvVa27MeKQMEetGSgD5oFxds4x8LkJsTzgQGeoYYxft9jczA8q10O/wocEw6BoSsjbjDQvMm59/N++mu9T6h5M65CZbS/VgEYIlSZAzRB1/bJrkDwcCoY1eokSuSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oqhjRABqmzlWDyKzSllSVGEyg+oVoV9uEhVgFI7PgXQ=; b=TeRL2ZtF4BrgGwL8bcKyxfeDeIR5Nz8Re890zv8nZ1wqwXQuWiwQG0antUMdA7RpTPmtkCwaIbyIG26mqPX6oPs/bmSddZYutwp5kcD6xFTmQXnMOgrSz20iEmwOgDFytsVBuUnAnkOmZNZkJS6XgTwV8affI6qPL5ZX1Z+qK44aPd0KnjepxwIe4tK7gEiMhcQ61xPL4zMRVrB4O+iJdE8yFILhlqHQGX2WeSAhWYrlPE7NZ3RBQsLoOJ6nUlffHRfNj5te3aVDL0szliRxdao2ka/KLNqm6cXryXGaKBuZJqwRHaOqSgjloMSNyKNFGqk87YY9/aL+G3YtMOhPuQ==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by VI0PR07MB11179.eurprd07.prod.outlook.com (2603:10a6:800:303::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9275.16; Wed, 5 Nov 2025 08:59:27 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.9298.007; Wed, 5 Nov 2025 08:59:26 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, "Bellebaum, Thomas" <thomas.bellebaum=40aisec.fraunhofer.de@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM
Thread-Index: AQHcTizAvWYPAwi9X021mBENYl7UKLTjxIOAgAAAuU0=
Date: Wed, 05 Nov 2025 08:59:26 +0000
Message-ID: <GVXPR07MB9678736687974A3B1B553FA189C5A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CAOgPGoDsX09SEUXr+Tq_m_5bs+erCLagSGMrAVohBRMqOkAtRQ@mail.gmail.com> <0bb9483f1bef258d67d543c300b1035fbca4680a.camel@aisec.fraunhofer.de> <CAMjbhoVT1p9O7LDeVq4OWdEVMD=s9zGTn3h_47U5nnqLAW0RUA@mail.gmail.com>
In-Reply-To: <CAMjbhoVT1p9O7LDeVq4OWdEVMD=s9zGTn3h_47U5nnqLAW0RUA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|VI0PR07MB11179:EE_
x-ms-office365-filtering-correlation-id: 040fc6e3-7e75-4253-4975-08de1c499f9b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|7053199007|38070700021|8096899003;
x-microsoft-antispam-message-info: 6TBQrCB7bHkML+tpcJWqZUFA2entqc6gC6lpD/1DM7HfFhjGtH9Rj9KWg32PQsDSqrE3O2ioxWLpSH6U1rr12P/8bvwYg4Gb6SXPM1x3WzcBAvL98TziXoPsx+PuBDXxPUSZcgWb9H8XrqI3LmvDrZUGPCC/fuRQ0kL4qtyP6NPvgLyILIdq8SPtiocU4Yyv86PmaMWOMzrZNBeJh2a+9W1cWXj0kxEsKdXfnC6CQg8vwY3Dg0QmBabjn0mLMd0t25AcP1WGytCIHSYPFu2PcAi3m7WaymDQHnLzWIcML2fNd/ROsTeZmzm0kE8ALfXbFC7tB800GnfM+aq7d7NJuooWo/oj+F1TWiI1b/0BlCWXvts5rR7v6jhzs1IPw/y2yp7ZQVDaqYE/oywvhFetaiPdYjZ4XLs+IVI30KudmrBJ/vxyLzyNIJspITA9PQGZN4eYoQ43hl3TISB4Q9g2tLa2DZbcFRnjEFEpFrnFa7KPeO3xgTTqn9dnrDVV186Mk6OvkOg1CZ2/Idtc7CtlNb582mvXAPeIYRUnl4k+Xt5dRzF/Mbz7zK1b0fSzLJwlVAgRH//swle3gKBwEZsAxCYW4RdaleMJwu9eZbCCUgeIBEWL6vgovIbdGXH35P0xnIu+kB8C4+to3vwtvQyrnHQujvckZvOLC4JSfATkfUevq/Xh88tJrNdvCDPhrazbvWujcz2p5sqIfCyvPnnIRKu6ef1Ivjw4O6wXJN+01PAIBIujcZO1ZiaI9kbpbda4+mxVyQyvmfhJj/DXFTP6aROPyED/0xTEeFFunXhyao+NvEGgeye5uLRHxUd36CGpJtah5ZEDdz5soRpSV8AH+8tQKVNMk3qddPUzxEwH1tb26bdBQub0EwaLl5TndD3G4GvXSxPgYF00OxPL1J14g+d+cIWsWeu2N2BF+7OGnWxC/8sW7lL//dNwkmohT7HSPQdRQtf49fqf8nOg7aluTQgW0N8bFbrkRGHPRhgHehDdBMzau4n9mL9O+D8lTuGM2QsKZdG9BVonWhX4io9pDFlq7YOAr1h5DdYIyYeEupihAbbNoYy32IfXh27daxmqGPR/zWTK5A+K51vjZKDAki3LIVpesv9V3k0Ti+lyW5uD5vTPXd8OiMbHLNRo8tKbJU+ocfirm+WQrTgbyDe3dMmxNxKSAeK87NG2+cCbrE0ypcopX5y7UEFQx8Vtugrd+DpAfw+zbM+/ZcdAexozgc5je+IBBSZzEk14ZwUFZxj3MB7F+nfmoKe0VaQ2s7qvju/1maugqtiSHCq7FJrkGdg5K/ehqE72I5JeDlcgvcuT8pwD30iIeze8zGLzn0iuHiEELBbUdiWeghY0cPoOuqhGl0lCGx+Je3Y8GF5HKsZbAGoGo++sJNY4pus9pEgn5vIkEeiWOtujD0hfe24uNVuzQtIYFIUP2PwAELG1si/vP9XSX85A3lzLfhhGEQoxa21iSRzDvTZMj6BdDN4B+cWpz2J/6XnRruebfh1oN8Jl+IL/XgwIt/3YIPTD3Hvh
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(7053199007)(38070700021)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KVzyiaCBJ60PHjsQmRKDEF3uCuIF1ina9jmT4RtluXCRC3BIDaY06bFPQgGS35hTMAYW8qEtJnAr0VY6Y3NZpQiFUEWAIF4c42602Vp0PCqNNK20xRUhIEfat1jV8HMLg2bBXdFn8qY9mQ/z32tY7B044PG8sxcARFrxnklQKXWZeX50fUSgz5BH/DpkmkPCwLCPUpGm6UlRu6dQ9UsuBP5mk1Sy0lc69MfnzhN5ih++UBjf34Hr1ogo7LY1c6t3QqRsscXs0w0BhtYAFoGsby6RW3+T9NeVvEhDxHah1Tx703iwCwT/NRs8LJzeZxZCLjXif77k0tDoKR0dvvYmrcHe1ucQ/l7x/nAgjF2cFUONZMuzqEE4mskyr9sf5oiAa2n/aFMlBzynkv/5/iSLTItDzn+qyYCQA9RzAu1ci7g5x02HHFHyeSOvQoD9X91o7NuHFjx2AVsPHQo77C3gtqRxkWk4vBjqWtuGthrWIFzDH2pgNM7KVbWilhzDzMYuCQ1mE4OJYQvsgBhTruGlUVDNroWjgBD3P/S/wQlEo9x9G/ycE4lvk599+uDbDEMScgUIlsZZJsg/+nJULaxfKG/dBWd60LQ8U2QP+MaPZ7RtM+xh1DI9K+QCMogFs7A3FKduJmqAcMbVQ3rA8JJpxFbsliDX5KA78HuHj/qb4FystzGYrif50OvUtzU6+F5jU47JFZib/TAKB7LmzQbwvYbH6owN11OgWO82qJXpXoDCtLN+qIl19NycN0DmwOoeb17zrPdo4+XAyLQKWYbTfi8BzEzsUQlxUIwZ4+OnbGYIQcd/yw9NbwWnNiKy5KhtjEGJgxvxAP+TP+AWFv0B8fQvmCoe2mw/EIsFwEmWCZ3c2Kawcj44EtKqd+kyFAh+sJOkQuNSwLPCmMTm82inCH5pWCry8XhZMbLjJVIt59jw9hnwnblHFm+vv+VuLwJ3hoUTJaaHg5bMVSCVhtreOBiU2kDclN/x0xgzDJbkzjqGAM0Uajd3p0s6k2+fjm86GVXTH1ekDzxXTzmaiAdn5WKuQX84t/djew6/9zMnF9uqQZ2sFaL5TGkFZJh+xpBxwofB6xg5tDfOcPkkAr1IJ8nvuSJMrYD/WkGJBtaSuWplhTVgYR+yqLgRLUnXIfSBxU/y7v+4FNShs9Ze3BL3yBqjZexfuxePGB0v2i7HBzokQ8fcbO9RGr/iJMCVzfSOqtYChu6HcYKyDvszptDBnQN2MWTKhjA/xUXvAeu0mufKNMozE4wg8aZe8UCcBL4Ct9S3RBIF7J9u1UV6ELYW+jHLze7bcG+frCDBMjytooocTDt5V8rPzEPqOC/EkIZ9U3ls9Z/qCAsBKAzqNQyeHeAxMkroEdDtjUuYQZ/WAozS1M0D7/8Qqd0yDFLiBAL9DE3EzlprrIXyp7eUqVt1dXBrvvfsDuLCUdwVoNTwKF30blnSwAD3zdiUq6Ay/rI0AkmvR+Ad5Tw5g7dD+f1TEzV0BXAhIuBK7ne2e8w84nyxYUUweJMOfGyy70JlXPDLFva4Tws+XGIvzc6gNoFr5n6r/vyWAAqNG0XbdatG5IsSH3B9twNRNVAxe06zrG9iI+220k39J3I5JWc6y4tKOISLlqpcWG6Jews2t7dlVZ0=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678736687974A3B1B553FA189C5AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 040fc6e3-7e75-4253-4975-08de1c499f9b
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2025 08:59:26.8640 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PH1ewUTCYa2tAhTa7GSZSctxA2nFQaQLT9dJjlYDRtSBhei5BIASkgmCnGLQZIC52usH209Dy6EYjoaAWA0qguD8pZdsLqPmr+GtPVWhm6M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0PR07MB11179
Message-ID-Hash: PTTQAW4H3XIJPC4KNKHUTA457N3PUDGK
X-Message-ID-Hash: PTTQAW4H3XIJPC4KNKHUTA457N3PUDGK
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bUU7GqQanoCkSoDcSiinciSSPOI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Bas Westerbaan wrote: >In a vacuum, to me the more egregious inconsistency is that we're not marking traditional cryptography as "D": we know for sure they'll fall to quantum attack, whereas practical attacks on (hybrid) ML-KEM-768 are mere speculation. I do think it's better to wait a bit before marking traditional crypto as "D", but not too long. Agree, all quantum-vulnerable crypto should be marked as “D" no later than 2035. Thomas Bellebaum wrote: >but the picture it paints is that there are already some hybrids with "D" yet there are non-hybrids with "N", so "_surely_ hybrids are less safe” I think the picture it paints is that you should not use non-standardised cryptography except for experiments. I think the current text in the registry “Pre-standards version of Kyber768. Obsoleted by [draft-kwiatkowski-tls-ecdhe-mlkem-03]” seems pretty perfect. It tells the reader why the code point is deprecated and what to use instead. Cheers, John From: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> Date: Wednesday, 5 November 2025 at 09:45 To: Bellebaum, Thomas <thomas.bellebaum=40aisec.fraunhofer.de@dmarc.ietf.org> Cc: tls@ietf.org <tls@ietf.org> Subject: [TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM I support Joseph's proposal. One teensy nit, given the description of the field, should we mention this is a "SHOULD NOT"? On Wed, Nov 5, 2025 at 9:18 AM Bellebaum, Thomas <thomas.bellebaum=40aisec.fraunhofer.de@dmarc.ietf.org<mailto:40aisec.fraunhofer.de@dmarc.ietf.org>> wrote: So the WG rejects "D" as a means to warn against non-hybrids with some resoning that D is only "for weak cryptographic algorithms" [1], and would group it "with NULL ciphers, RC4, DES, EXPORT ciphers, MD5, etc" [2]. In a vacuum, to me the more egregious inconsistency is that we're not marking traditional cryptography as "D": we know for sure they'll fall to quantum attack, whereas practical attacks on (hybrid) ML-KEM-768 are mere speculation. I do think it's better to wait a bit before marking traditional crypto as "D", but not too long. Best, Bas
- [TLS] Working group last call for the deprecation… Joseph Salowey
- [TLS] Re: Working group last call for the depreca… Salz, Rich
- [TLS] Re: [EXTERNAL] Working group last call for … Andrei Popov
- [TLS] Re: [EXTERNAL] Working group last call for … Eric Rescorla
- [TLS] Re: Working group last call for the depreca… Kris Kwiatkowski
- [TLS] Re: Working group last call for the depreca… Yaroslav Rosomakho
- [TLS] Re: Working group last call for the depreca… Kaduk, Ben
- [TLS] Re: Working group last call for the depreca… Watson Ladd
- [TLS] Re: Working group last call for the depreca… Kampanakis, Panos
- [TLS] Re: Working group last call for the depreca… Bellebaum, Thomas
- [TLS] Re: Working group last call for the depreca… Bas Westerbaan
- [TLS] Re: Working group last call for the depreca… Viktor Dukhovni
- [TLS] Re: Working group last call for the depreca… Peter Gutmann
- [TLS] Re: Working group last call for the depreca… John Mattsson
- [TLS] Re: Working group last call for the depreca… Bellebaum, Thomas
- [TLS] Re: Working group last call for the depreca… Eric Rescorla
- [TLS] Re: Working group last call for the depreca… Filippo Valsorda
- [TLS] Re: Working group last call for the depreca… Joseph Salowey