IETF Logo Mail Archive

[TLS] Re: New Liaison Statement, "Liaison communication to IETF regarding draft-ietf-tls-mlkem"

Paul Wouters <paul@nohats.ca> Tue, 07 April 2026 20:35 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1B972D7B305F for <tls@mail2.ietf.org>; Tue, 7 Apr 2026 13:35:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775594112; bh=SVMJ8cUTXnzydJOX27fbi1QG1+xSLf4g4i6C7NLV+xM=; h=Date:From:To:Subject:In-Reply-To:References; b=FgtlDtjhAIbtQmgUQM2NMG3Hp6lmEu0CSKOwKSBchX7YS3DQbEcUdYrgtY+x19Ihj z2IF1zH338Hz/uJKVlQ3yCRgb3bOKxxwWVFpqvwvKRnSmQbiLQgTeqxo6loMQ96+c9 1XIhHm0fCw0ibiM/+xniOKb5PFUeNfJ9luSus+Zs=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqC109YEWmFI for <tls@mail2.ietf.org>; Tue, 7 Apr 2026 13:35:11 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7B692D7B3050 for <tls@ietf.org>; Tue, 7 Apr 2026 13:35:11 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4fqycS4GB4z6rJ for <tls@ietf.org>; Tue, 7 Apr 2026 22:35:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1775594104; bh=roaBuzultnQMNLyuw9NAVbJ6pC6Raw1fZaKko7Q2+rQ=; h=Date:From:To:Subject:In-Reply-To:References; b=Wmab5UaObxIuQxFUORqpAULVNok6oL9YV9/udjW7eOIOH8C/aV2emPvu49vbXiykU p4cPkddTzTMCU+L3IyhcfPp0d51Z7dJOTX5F/Z091AN/FlKiR08R726+T/I3mXDg74 q5sZf6yM4X7/Btf5CXh+qCP2LEka3sURF1kJl/2k=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id N0f4g3T8iSov for <tls@ietf.org>; Tue, 7 Apr 2026 22:35:03 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <tls@ietf.org>; Tue, 7 Apr 2026 22:35:02 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id E415418B26A3; Tue, 07 Apr 2026 16:35:01 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id E2E5818B26A2 for <tls@ietf.org>; Tue, 07 Apr 2026 16:35:01 -0400 (EDT)
Date: Tue, 07 Apr 2026 16:35:01 -0400
From: Paul Wouters <paul@nohats.ca>
To: tls@ietf.org
In-Reply-To: <CABcZeBPk3fdfPw=S_f5v2E9Y1LUfQL8f6sKvTYG0R6qRHm6rgg@mail.gmail.com>
Message-ID: <b1527204-149e-6979-a344-8d530613e979@nohats.ca>
References: <177515578056.110728.11479383677020007340@dt-datatracker-9dc8fdd9f-qcdj9> <2efcd86e-c248-4cce-a601-b65e3ee4b5ae@tu-dresden.de> <5E23938A-6AAC-44A8-A515-C8B031203A16@vigilsec.com> <CAL02cgRS0VXm9ZyXZd=-ZOi-VCvTbvk05rjbTCm6_ksgu-RBKg@mail.gmail.com> <ac7oEfBv6zLisnIi@ubby> <CAL02cgRyekc5oz5FaGRcLvxcxNrUSYKH0pXxxxATke_SLZ1aLw@mail.gmail.com> <CAF8qwaBcotZqOnY2qJ6d0fRoa=5v0sZTOSWqeqkou+bLJcy9LA@mail.gmail.com> <CABcZeBPr+WeivTWpSCVC4f95fRuSiOytvvBPB_6r+af9Didhgw@mail.gmail.com> <CEB84168-5998-432A-9D62-36E28B9CDFA5@vigilsec.com> <CABcZeBM-eoqh+kJ7H6SiwC9p4tKAt+YiQhzetJZJmPNpXc+5OA@mail.gmail.com> <CAF8qwaALDXR6d=jLD46wXmKHDjyj=OdJ1X3a1AgxF+ByQceeMg@mail.gmail.com> <CABcZeBO0ysBjtbiPuSboP4fAATuVHQxq1TA5TbQ+_Oy-NrET0g@mail.gmail.com> <7A4F9775-8929-469D-B454-B027A0BAFA69@vigilsec.com> <CABcZeBPk3fdfPw=S_f5v2E9Y1LUfQL8f6sKvTYG0R6qRHm6rgg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: R2KW6LXGB2Z2AZF6Y3NRYCQ2P2OGQHQR
X-Message-ID-Hash: R2KW6LXGB2Z2AZF6Y3NRYCQ2P2OGQHQR
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: New Liaison Statement, "Liaison communication to IETF regarding draft-ietf-tls-mlkem"
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/f3wWnHdMd-fn_4wbznrUjPiKvBo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Fri, 3 Apr 2026, Eric Rescorla wrote:

> This is precisely what I said in the text above:
> 
> That normally happens with RFC publication, but we find ourselves
> in the difficult case where an algorithm *is* being worked on in the
> IETF but there is real contention about whether it should be published [0],
> leaving us in an unfortunate situation. 

The contention is whether it should be published now or later, when
classic protections gain us little to no benefit. That is quite a
different situation from the "publish now or never" question, which is
not at stake here but people seem to treat this discussion as such.

Google and Cloudflare just adjusted their deadlines on this from
further into the future to 2029. It seems it would be prudent to have
this algorithm as an RFC now, since we would want to have it ready for
about 2029 anyway, if indeed classic algorithms would fall with a single
vendor / academic budget. The way to say "we published an RFC to help
people gain experience, but we don't want you to use this right now"
is by RECOMMENDED=N.

The other layers in the stack, eg IEEE, sits far closer to implementing
things in hardware. It makes total sense to publish this draft as RFC
now for them, so they can confidently start manufacturing the hardware.
And in a few years if nothing bad happens, and anyone can rent a cloud
quantum computer to break classic algorithms, we switch it to RECOMMENDED=Y.
This reasoning also means going via the ISE is not the right path.

People spend a lot of energy on the "but what if mlkem turns out to be
broken", but lets remember that even without this document becoming an
RFC, if mlkem turns out to be broken in 5 years, and a quantum computer is
easilly available, there will be about 5 years of stored data that can
already be decrypted. That is, we've already commited to mlkem being
safe, and the extra seatbelt isn't doing much now and won't do anything
at all, in just a few years.

On the other hand, if mlkem is not broken, and quantum computers are
available, this document makes the most sense to deploy.

It makes 100% sense to get this document published as an RFC with
RECOMMENDED=N. It solves the problems of the people who want to use
it, and solves the problem of the people who don't want to use it. And
the TLS WG can go back to regular work again. Or we can keep discussing
this every three months until another organization or goverment will
stand up their own IANA style crypto registry and make the IETF
irrelevant.

Paul

v2.40.4 | Report a Bug | By Email | System Status