[TLS] Re: Fwd: New Version Notification for draft-usama-tls-risks-of-mlkem-01.txt
Peter C <Peter.C@ncsc.gov.uk> Tue, 02 June 2026 22:22 UTC
Return-Path: <Peter.C@ncsc.gov.uk>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 46768F9A76E6 for <tls@mail2.ietf.org>; Tue, 2 Jun 2026 15:22:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780438948; bh=/iIClNpA2Oqbvz7xJp7XsunPb8cTWjzWOFMyg+wwuf8=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=hU+GEU7Yo7euPInXktViIRpKZ6Gm+WWISpnS2gb0lHrZcJm/CW3F3Xe+MZVCOyL6m KpGRFiwlwh2wGI7jMmWFb0mOUFioImTTzZLm3CghWauOU7MK5Wcw5dDH0aASaorELR 9p8hT4b1liuNp+ZQynExUGhazjGKUvY7c06rTyR4=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TuqAJG9ZMMcn for <tls@mail2.ietf.org>; Tue, 2 Jun 2026 15:22:27 -0700 (PDT)
Received: from CWXP265CU008.outbound.protection.outlook.com (mail-ukwestazon11010011.outbound.protection.outlook.com [52.101.195.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 0C409F9A748B for <tls@ietf.org>; Tue, 2 Jun 2026 15:20:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xMlpkG1qEsDqi9yGHyvxfA3CnirFo8eWbtJgtVjFsdDBRQcx/LX0byxi4J5FCxTbyjANuFxHtjUIxG1RIGCGnF51723qCiEeGpWrj9fFYi+QdWsF04xjO/xDrV7bfeLge3QyWskj5v6MeWFu2MlYw0op/EAc8jDNH36bBTP7oztSONtQiuzWFttt4v5MYZRGHTNNf3PBxsG0r9o2HrtQrEL20eAxxUXrvIph75LN+q7DRBuFbT7cdeXG00bcdGwjnwLpTHrbMWYmYABtYofh/MPYXdRE4vRvW/XBUcFRUUXMcgGffKVXGbVfr0Setq91w+lwnkj2NzH0KZThnNbebg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:MIME-Version; bh=sP7CRpGlXy95z0v5aBMT/qMtN3wExaRQ3J1aSNBNjic=; b=loKfQ/Zlt1XqQv4LNTs2x0HH2QG+KcQTqmZAgyguIv3SPhzhmCJvM5TwFQb7vDYeqnmPVPBK/1Q6Tp8FbmUBgPqnr5WNU2m8sten5Fy5lmZqZLW/T6WJpdxdMfYM/yPFgXcoYs0SCEugyZ5IaJ11AyJ1jb8FB7FveOjx05iBwGJs8F3dWdnMaXb5a624W145ZBqJhXTZ+PmAAnedb9XEJG3yKIYUlNymH93TVxt3jIeBfMry12mEmgIDao8Nsg/lAqqk876SvEctfbmuK6ym2ThlmIl/0yVnn88dPGhg55wxL4tAPMaQOctjiKMnvy8XrC/6aev/Gq2mqy2lzK5SJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sP7CRpGlXy95z0v5aBMT/qMtN3wExaRQ3J1aSNBNjic=; b=tK3septUK/jY4t+IXTNvofg3EYF0MSjiUjpOv8qBjonFV/sw9Ull2Lm9bTluEmjmPJ08tkiuxDo2Oxu70TYP3S2ZDo92B2a8QZ1d3TNi3RN4UwmOrYGqrJfG95a0+kxV75uicMRpQKpKTmxTIT6g05BVhhPWgJodU0a38YZwx978ztNyho0XjjlVcCEa5XnwS1jziTK7OjK6zf4oJUbRMkdgeTvg4P90k2YrGOmktaIWWCijAmO0ZiyuzrsU8bgzDpo9ZlqkcXXJS4qsyuI2FgITxChn5Zm7MmjxHNhWzTWzbeStQV4YM1k0zhGLTluvLRFNFqhNRQCLOIifV0125g==
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:31d::15) by LO0P123MB4283.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:16c::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Tue, 2 Jun 2026 22:20:17 +0000
Received: from LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::f4fd:1da:be9c:c46d]) by LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM ([fe80::f4fd:1da:be9c:c46d%6]) with mapi id 15.21.0092.006; Tue, 2 Jun 2026 22:20:17 +0000
From: Peter C <Peter.C@ncsc.gov.uk>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Thread-Topic: [TLS] Re: Fwd: New Version Notification for draft-usama-tls-risks-of-mlkem-01.txt
Thread-Index: AQHc8IogipzYRPFOskKBSmb9P0lXh7Yp7juAgAEjTgCAAIU5AIAAHMMg
Date: Tue, 02 Jun 2026 22:20:17 +0000
Message-ID: <LO2P123MB7051B74DCDA40CE08D295D05BC122@LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM>
References: <178004897406.1571084.15428249207754239073@dt-datatracker-5b4c8598b5-4ztf9> <b9a8212d-cfe0-402b-9a8a-f63c1712d1db@tu-dresden.de> <CAHxYnaNC8it-gRHZPc4n-tgqwmBp06gfhy18sO77wSEJGjSmaw@mail.gmail.com> <CAFN1edrFmOGkrNWg6yXMC5XiOBHOHeJdkHXu=Fh1HQD-+rF1RA@mail.gmail.com> <ah6uNuZDLn4cxQPP@LK-Perkele-VII2.locald> <dcf6c64b-b356-4e49-b054-bc392270a429@tu-dresden.de>
In-Reply-To: <dcf6c64b-b356-4e49-b054-bc392270a429@tu-dresden.de>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_ActionId=83b4a78b-ebb3-43c7-812b-3ebf4cb13624;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_ContentBits=0;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Enabled=true;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Method=Privileged;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Name=OFFICIAL-UNMARKED;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_SetDate=2026-06-02T20:19:25Z;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_SiteId=14aa5744-ece1-474e-a2d7-34f46dda64a1;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Tag=10, 0, 1, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO2P123MB7051:EE_|LO0P123MB4283:EE_
x-ms-office365-filtering-correlation-id: 32577a9d-5831-4b24-3a46-08dec0f52035
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|19092799006|366016|38070700021|8096899003|13003099007|56012099006|11063799006|4143699003|3023799007|22082099003|18002099003;
x-microsoft-antispam-message-info: 0P1eGXlohB4pPnX6Yi7OQnQESjU8pYF52hU138OHoK9ANCp79WVtD6EMRyB/olrPv/iknFkqFRys2HBpAw6a+Ig8bjbzHjgjxqqSPVU0Ry/VbnRCkAOQb2Xz8HPaTOWz0AVTqVz3MeY64XtKXc/Kg1ST96UfgOoLUZsBP+wY5S5Id67UjsHnjopFPjb4L2c6pyBkWFU+tOIkqvHy0NMZwHsauW3QD7SCofLJvEletdtiwOgb5JbA/paIwQlbK6q2ZJcjSsDZMyxBT35lA89R0au0ePK6jhudDAWLVlPX80+yRObnD3TvHBEqZwOhyKLmdQ3xwcWNk2NbdZxwyH4iW4mrdk5NudBSPZEvu2DioZ7fFyVw42GY5BNCwgsf09ve5nsqJx/mGEOsbqekIyVDjZ0HGXmhl04c6/NRn3qlcahB7Hc8AkDKEmhuaFfv9a0WKjzlh3N6km55ZCSxrg0IvnsstdaqLCFS3TXJMMVjlVHHcd0PwMxOgIUYp0/CrHLSv4HbR1sgAQsiW2XvnHquqQBta5X3kaxeAkbXt9gwdh1RzY2sbf2/FlPYtMDxeSbsLvjU8K4QdKgfJie/VjFlzqcHSz2tSEiuuafGgHrjw6/fuIjViD+LctHgfoW/4U2rsBBraaKriHQm6bEE6wvfUjQqYAC/j/GpI/QGvBatdiH1SVejO+Q9I0+3CeV8YfIXICtNemH6clbPMU1hNExKhQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(19092799006)(366016)(38070700021)(8096899003)(13003099007)(56012099006)(11063799006)(4143699003)(3023799007)(22082099003)(18002099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LJTQX3RJPyUBHy8bLN7IYqmiM8Pj+XKKxW7XFlcC6aG9DC37+TRvJFJny87XKfu2WqYO7B9zBF0IWJoh/lWN/fWh0BVrovy+ozMU98ITXjHFdV0fExtn3/8D2Ftxzar0M66yvZ95/uGoUDuiXCfRkExxgUF4JJp0Z+kLhtfC9nkOmPw3Wdto8OBHSe7Kh45jF9mxKNwzSjuioJ878rZeocpCmqK+caq+aSVi0ZADUpA9hgvzX+BcTJ4hd6RuOnebn4d6LA0Ok++4qajAbx5zO9w2WC19shsvML2jihNrTFzcsYjoSRwPzoe+7aP3JH8q96awPaFvAw1v2NLNtw+TCEBnBti2KZEwU+r7sgyZFLenKK/8x6bQG8ZpRvDixFWkg1/Q5wEMcvbtXnwZiPwtDMhRFI0lbGOoSW7gfxWiFNRVAFRh9sBrwXRLJYwoGP3pRmg9S0er8dO8D2w6dEcSg2vXamvs4T8TW6E9mr0qNQgcB0kn6mgdmOuMSKB0fn87Txd0eOCbszSbKgoZQZzwJ/gdami73198cvVypTyP1h4ZhoI5fYg2XSeohwyj0LLE5pnndZn4jYFFmk1n4mMjGQ9I2JIZQAjx/isv8fBeI/SMEHYTqY2XgROVjtZPA6p7S3nIxrNt73ZJhrfh/NaxHo5ehEa99ZB2L0bvhhZADeBiXiGZlkBrddiHBsaxRSCujPjZLFULjT6pmjRIGI5ho9oX0cmipkZcDPDek4OpAQQaKm9mLJiTB49Gm/ehN7FXTQPi5vA1o+fiQnTKSgQFmRoaUQ4HB3ZMEQxWs6MGvmuFAQrx2qBQn8V57dyQNlmq+LzqY/NchBIuBb/OcBrB1LVWD5V5Hq5yVDV+0pynHc5rQqFDTAhR72aKuindNfCzzgld5C1xLv686UWc+NpKz+RmMrNILbmf7Rnazun3ag2mROUdhS0ph2luF3Z+3zl18Fl7dyzcS5hmloU21nZPGj9gKl3nWJqvi4o31+QeUuX2XsOs3X3DpCoqOzq6axtAuNqpXaWMEES40Lr/F7BiCDtdlI9LVGSUa63ADfOnYaH6YWDzYd9U/Kh0DmajxTN10UCm5RYdm/WA24eTJ/NjDCsELHBUp2RwXtnMI2vNI/PI6TK/EtTEdb2ZCaM3WbTWkz6h6nLMfOULJ4kHR3lm/k2xop73/4vylWEa77Yk2+3UvAUi2CMhmZoZ3WDxeR5zsTzueqeqrOyW3ryWC5P7yrEU6F/gG6ZYv1UBGuzJkpCUNRY1m0ySjPszMuPZTsJnFHFrVEcgR9bZB8cejM6nx1XSuWHmR4K8gCaCCPyUh6Gnt0SJM91ViPMkSCL6WjME8cROGrwdBkwDd+f/XcddnNOKr/+hyioMBgy0ZS8Gn2t4vvuX80Avx/OoNSS+XISK7qhA4KSwANUCUAjbJkfj5E+IN21oSQSVPOjbHgyNfp97RnrODFgHFv+YuxawlfEZjISDemC91oXwV6uhQ0AWMg73UtLGAeu/Gb8yR0JhkgFL4JXYLkbCCEN2F236qw4JMIXpcr/QPUofUvLXS024ajotWfFPDq6AbmN6sfgG4R6Qm4NScj4aOD/jrJyI4rCpzde8BxYqsntiuaZNH3JKVJ8gvhoK6vp5niN8I3ZuG0MiEgg8Hrdjqk7bUhMfascxX3Kun5FsKqMrcBp8thRxs2AwXN1rUFbIMZs3QWaAOVQAW9wMTjpMgfkFcOrnRTxRybknuy88hRhkTAEPzdRZdQ==
Content-Type: multipart/alternative; boundary="_000_LO2P123MB7051B74DCDA40CE08D295D05BC122LO2P123MB7051GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P123MB7051.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 32577a9d-5831-4b24-3a46-08dec0f52035
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2026 22:20:17.2597 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uueZVgMa1vG10SVYgTzNRqELLYEflEqF/zkIJlN5Xx/w1lInVlQEgakyU1+Z1orK/YMQbSq2djO9Cm9re3fEMA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO0P123MB4283
Message-ID-Hash: Z4MMGSY2YR4D44CQ75A4L452IKIN2JMW
X-Message-ID-Hash: Z4MMGSY2YR4D44CQ75A4L452IKIN2JMW
X-MailFrom: Peter.C@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "TLS@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Fwd: New Version Notification for draft-usama-tls-risks-of-mlkem-01.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cHCgSJRF571MYEjQaycMf7cIr9s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Usama, I remain puzzled why you believe that the apparent symmetry of DH plays such a significant factor in the symbolic analysis. TLS 1.3 is not symmetric in terms of roles - the client always goes first and will reject an unsolicited key exchange value from the server. As I think has been pointed out before in this thread, the "commutativity" property is really expressing correctness of the key exchange - when both keys are validly generated, both parties will derive the same shared secret. It does not imply that the parties are interchangeable in the protocol. Peter From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Sent: 02 June 2026 19:16 To: TLS@ietf.org Subject: [TLS] Re: Fwd: New Version Notification for draft-usama-tls-risks-of-mlkem-01.txt Hi, [...] The arguments about "some level of symmetry" are unsound. You are right. That was admittedly very informal and with sincere apologies, I revoke the quoted attestation, and have tried to make it more precise. What I meant was DHKE part remains symmetric as before -- at least from symbolic analysis perspective, which is what I am currently interested in. [...] Best regards, -Usama [0] https://muhammad-usama-sardar.github.io/risks-of-mlkem/draft-usama-tls-risks-of-mlkem.html#name-fatt-review-for-hybrid-key- [1] https://muhammad-usama-sardar.github.io/risks-of-mlkem/draft-usama-tls-risks-of-mlkem.html#name-what-if-issue-is-found [2] https://muhammad-usama-sardar.github.io/risks-of-mlkem/draft-usama-tls-risks-of-mlkem.html#name-minimum-viable-modeling [3] https://muhammad-usama-sardar.github.io/risks-of-mlkem/draft-usama-tls-risks-of-mlkem.html#name-fatt-review-is-harmless [4] https://muhammad-usama-sardar.github.io/risks-of-mlkem/draft-usama-tls-risks-of-mlkem.html#name-patents
- [TLS] Fwd: New Version Notification for draft-usa… Muhammad Usama Sardar
- [TLS] Re: Fwd: New Version Notification for draft… John Mattsson
- [TLS] Re: Fwd: New Version Notification for draft… Muhammad Usama Sardar
- [TLS] Re: Fwd: New Version Notification for draft… Nathanael Ritz
- [TLS] Re: New Version Notification for draft-usam… Nadim Kobeissi
- [TLS] Re: Fwd: New Version Notification for draft… Nathanael Ritz
- [TLS] Re: Fwd: New Version Notification for draft… Salz, Rich
- [TLS] Re: Fwd: New Version Notification for draft… Nathanael Ritz
- [TLS] Re: Fwd: New Version Notification for draft… Ilari Liusvaara
- [TLS] Re: Fwd: New Version Notification for draft… Salz, Rich
- [TLS] Re: Fwd: New Version Notification for draft… David Stainton
- [TLS] Re: Fwd: New Version Notification for draft… Jacob Appelbaum
- [TLS] Re: Fwd: New Version Notification for draft… Simon Josefsson
- [TLS] Re: Fwd: New Version Notification for draft… Ilari Liusvaara
- [TLS] Re: Fwd: New Version Notification for draft… Muhammad Usama Sardar
- [TLS] Re: Fwd: New Version Notification for draft… Peter C