[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Robert Relyea <rrelyea@redhat.com> Mon, 13 October 2025 17:13 UTC
Return-Path: <rrelyea@redhat.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 18C737293E2F for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 10:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ceOpi8mQ-tN for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 10:13:07 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B166572916E8 for <tls@ietf.org>; Mon, 13 Oct 2025 10:05:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1760375121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zGRWxS7bzX+1oX2oaYITHJ8BFH/5XR2zPyt+3KQyMH0=; b=KVbMYnxAaEwvRH8Ii0WWUlmvergarDL7xU6yB76m4Cq13oYDMTS1GxQxdXLJr9bpaOSyml aT5QuJ7Lkzqg/2XSH8QQSw5fuS/jU7p+GPamwRoFAMaWxuR88M6kUVxx66A1D/rsORDEhq v6l/neOXwMtM1MHj1zoAwMpQIetb/z4=
Received: from mail-qv1-f72.google.com (mail-qv1-f72.google.com [209.85.219.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-459-5qOSl0MdNhK7V6XIjyup4Q-1; Mon, 13 Oct 2025 13:05:19 -0400
X-MC-Unique: 5qOSl0MdNhK7V6XIjyup4Q-1
X-Mimecast-MFC-AGG-ID: 5qOSl0MdNhK7V6XIjyup4Q_1760375119
Received: by mail-qv1-f72.google.com with SMTP id 6a1803df08f44-7c547f51b36so230392286d6.3 for <tls@ietf.org>; Mon, 13 Oct 2025 10:05:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760375119; x=1760979919; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zGRWxS7bzX+1oX2oaYITHJ8BFH/5XR2zPyt+3KQyMH0=; b=GWfFGJED9qIjr6EfrEPDfLwf+cv33FpBoC0tZG/M+RNLr0oYUNvp6miTbk+1uvcFH8 TQyCpHs9rnoJqFANzoZqNLybmt81UP8UzArOAFHSX9sdNm8LlPfThFGg3W+WWnlW+PP/ WECCfyveswZLH4R1rOMGlexrAEgJo7ZwP4rNn6PHBb7fHGd0syECASIrLmQBmh9xEPFd RE7CkQ8i3d8W/1YIDdILQJMlchfChiycO+bDLHsENvclroocS0jR37ZH2xy3iFE654ju Pl2hHLuqX5YNpwXpcOOoe0kgrufoW7GwGewk/8zeM0GgvKhOgPvNUp6hp+6UIZpJ6sX3 2HkQ==
X-Gm-Message-State: AOJu0YwDrmYgd7F/4UgY231G1HtMOaLzSMpdA1Pf6UrhMhsoexN3Xtqt CJi6opNeSji5GPczR3ufSxc24hoygfaIGLSKQxcwc1YJ5vtG/l61ACrmMyJmiMq1G74s2mYj9p/ hLvjMgqtu7Xx3aNldVKYi3ZVxrcNg0CtDJiBmVxNzDwFgl2wsMNLjlgrrXBqEG0Pqb0xlv633DQ DQAfZw4YI9BX2qMjdVaAkIE5U+7rM=
X-Gm-Gg: ASbGncuXSj6FqxZhxLGLxDDJ7SBDXl6dOW9Bp8hTQTRu76gQN5zyRUXnG/XTPF254Hf IvJq2zPu1s3PPeVtluUhSNAMULV8TyosoLgrNx1Yxm0KQ38/9XC0zABdg1ifVZZRUv0cj4FayUb Ivms1fv5Q82HN7irij9fLhawNiEvt6iDucrOjRixdYNxveLcjfrfwgs/8XfuwGdX5Ojf4sbBBH8 5LJycmx9FVpNf8jthyKGV1lGplAu6OkTj5bVkYwEikQRg61neaD2Jt9w1EbFZ3E6k4jRMpOZ8Z9 fMURT3uTJHQj8Rl3zV0zXfS7LGljNH+txHDpGeKx00w+qhsPcg6Fxw8MOPN2pykoR8u69NBz
X-Received: by 2002:a05:6214:1d2c:b0:809:5095:414e with SMTP id 6a1803df08f44-87b2ef34850mr308192666d6.38.1760375118683; Mon, 13 Oct 2025 10:05:18 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHJyiibAzytwQCABUDFgpfcR0qw1cP1H6jE9wVbbPspWt4SORFdFwoSQAXRZbl61n7rTVGdiQ==
X-Received: by 2002:a05:6214:1d2c:b0:809:5095:414e with SMTP id 6a1803df08f44-87b2ef34850mr308192026d6.38.1760375118088; Mon, 13 Oct 2025 10:05:18 -0700 (PDT)
Received: from [192.168.1.172] (c-24-4-56-48.hsd1.ca.comcast.net. [24.4.56.48]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-87bc35b1f1dsm74614276d6.59.2025.10.13.10.05.17 for <tls@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 13 Oct 2025 10:05:17 -0700 (PDT)
Message-ID: <6fa72b5e-bece-4864-90fe-85b48dd3bd8c@redhat.com>
Date: Mon, 13 Oct 2025 10:05:10 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com> <f1d0705d-57ef-4866-b718-3eb0714430e3@dennis-jackson.uk>
From: Robert Relyea <rrelyea@redhat.com>
In-Reply-To: <f1d0705d-57ef-4866-b718-3eb0714430e3@dennis-jackson.uk>
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: JyMZuOR_kZNsMbztYV_8QBNsK5PEH01ThPDMZ47-LKk_1760375119
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: HPTSVQFSAPYVUOKKSFIVUY2VZTXBVZ35
X-Message-ID-Hash: HPTSVQFSAPYVUOKKSFIVUY2VZTXBVZ35
X-MailFrom: rrelyea@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dOL3f0RIJLIS-gPsTc2MkgIXO9A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On 10/13/25 6:10 AM, Dennis Jackson wrote: > I support publication. > > I don't have strong feelings on which recommended bits are set, but > either X25519MLKEM768 alone, or all three, would make the most sense > to me. > > I don't think any other changes are warranted. Any additional choices > should be handled by a different document. I also support publication. I'm fine with any setting in the recommended bits. I would prefer that the NIST curves not be removed. The fact is what every IETF decides, our products will almost certainly implement X25519MLKEM768 as preferred and default, and implement the other two groups as optional and our customers will chose based on their business and certification requirements. bob > > On 07/10/2025 14:46, Joseph Salowey wrote: >> This is the working group last call for Post-quantum hybrid >> ECDHE-MLKEM Key Agreement for TLSv1.3. Please review >> draft-ietf-tls-ecdhe-mlkem [1] and reply to this thread indicating if >> you think it is ready for publication or not. If you do not think it >> is ready please indicate why. This call will end on October 22, 2025. >> >> Please note that during the WG adoption call, Dan Bernstein pointed >> out some potential IPR (see [2]), but no IPR disclosure has been made >> in accordance with BCP 79. Additional information is provided here; >> see [3]. >> >> BCP 79 makes this important point: >> >> (b) The IETF, following normal processes, can decide to use >> technology for which IPR disclosures have been made if it decides >> that such a use is warranted. >> >> WG members can take this information into account during the working >> group last call. >> >> Reminder: This working group last call has nothing to do with >> picking the mandatory-to-implement cipher suites in TLS. >> >> Cheers, >> Joe & Sean >> >> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ >> [2] >> https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/ >> [3] >> https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/ >> >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Paul Wouters
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Working Group Last Call for Post-quantum Hy… Joseph Salowey
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… David Adrian
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… tirumal reddy
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Thom Wiggers
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… David Benjamin
- [TLS] Re: [External⚠️] Re: Working Group Last Cal… Yaroslav Rosomakho
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… Martin Thomson
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [External] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Filippo Valsorda
- [TLS] Re: [External] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: [External] Re: Working Group Last Call … John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Dennis Jackson
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Stephen Farrell
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Birr-Pixton
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Christopher Patton
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Appeal Response to Rob Sayre - was Re: Re: … Paul Wouters
- [TLS] Re: Appeal Response to Rob Sayre - was Re: … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Peter Gutmann
- [TLS] Re: Working Group Last Call for Post-quantu… Yaakov Stein
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Salowey