IETF Logo Mail Archive

[TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 05 November 2025 03:04 UTC

Return-Path: <prvs=39745951d=kpanos@amazon.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0B4D18329B04 for <tls@mail2.ietf.org>; Tue, 4 Nov 2025 19:04:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=amazon.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZjm7jPoEYmV for <tls@mail2.ietf.org>; Tue, 4 Nov 2025 19:04:38 -0800 (PST)
Received: from pdx-out-011.esa.us-west-2.outbound.mail-perimeter.amazon.com (pdx-out-011.esa.us-west-2.outbound.mail-perimeter.amazon.com [52.35.192.45]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3348D8329AFD for <tls@ietf.org>; Tue, 4 Nov 2025 19:04:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1762311878; x=1793847878; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=y0Ai4CgGhEvYhU9e5CB3pz1/D/Jz9yy5WRLKX4nbtG8=; b=tr1isM4AnC2C5b0QteF1oytSUMGCEgNrKMsT9c7Cv3bIkbJgJlwdEOCA XWBkiUdybAo/7e65DtmDRPn/Q+60pP7z/feUypaQhXQsoP4gWl1Th83n1 Bz212YoC3+Yx7GLKlxsIAmsnS+6bDRNjScnDZMMk9MuUfuVoAhAG7x1sq 7mhJJ2OwELI+UrrJZRok9z9mhqLmRnmZA4uDG7JptqHAOPfLzy38ueXwf e/DLYnpnr4jjVnHyiiCZhrcMPQ4scllgm6ZCDInclHfm4WX1SJZ+PwKH9 +Su1ZE+6Ebs8ETHyNWgRwiA8cUpBV7e9KpdTjdQ5FsYB0Z9cVNv7s1Bp4 w==;
X-CSE-ConnectionGUID: bIGTConVQy+ymjff67gZ0g==
X-CSE-MsgGUID: z4mTNDCaQ8e+W8BCaYra0w==
X-IronPort-AV: E=Sophos;i="6.19,280,1754956800"; d="scan'208,217";a="6183996"
Received: from ip-10-5-6-203.us-west-2.compute.internal (HELO smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.6.203]) by internal-pdx-out-011.esa.us-west-2.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Nov 2025 03:04:35 +0000
Received: from EX19MTAUWA001.ant.amazon.com [205.251.233.236:24739] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.6.26:2525] with esmtp (Farcaster) id 23aaf289-85b9-43ed-bde2-1f21342c5fa7; Wed, 5 Nov 2025 03:04:35 +0000 (UTC)
X-Farcaster-Flow-ID: 23aaf289-85b9-43ed-bde2-1f21342c5fa7
Received: from EX19EXOUWB002.ant.amazon.com (10.250.64.247) by EX19MTAUWA001.ant.amazon.com (10.250.64.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29; Wed, 5 Nov 2025 03:04:34 +0000
Received: from CY3PR08CU001.outbound.protection.outlook.com (10.250.64.238) by EX19EXOUWB002.ant.amazon.com (10.250.64.247) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29 via Frontend Transport; Wed, 5 Nov 2025 03:04:34 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oulSITFaxLwqlcuLm5R7QPRCNVwkLWnEhhOYkVR4m82usE3Psvi8bh8ipJph7QdFHndrbaWeLUrhRozFiXEg1Xgmo8lDwbKDLn5lZ6u98ETSluHhPbZYa7V3Xn/2afBX/EKZTtK/kiHA0OAWnvtOdHuGwGFqvxuQ+jbJfZLqDuw7cJQY54QKXxr5yH/JI3sIJUiGTIASsU0v9WPT8SHkHTqs0KIf2soP3OoL95pHAVaXpSRgQNyxprQkhtqPkQqRvb0plFzsI2HKPY/Us4oxOUtVv9ZrTr/OZlGE5Ngu5Qbs3zsn1lq5svu1GX3mcFL3WpSQNYOqribA9bH5O4+CQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=y0Ai4CgGhEvYhU9e5CB3pz1/D/Jz9yy5WRLKX4nbtG8=; b=joeWaJ3OK0Meqe7RO1Boo1Filcnb2jB7zw3PM07GgidRQkOzj2nFnAUnvUlZ3LGinK8xlfpG5vzOBShYBi9SXmAmwgW43Bd3jFdCS2WAJRD1BtH9+d1/vrtVBnPmSf0BedfxgOohh0vXvtQamRtosYtXeyH5RTTHe5T2wYNZKih+SWElfhCNggL2qbUdoYRp0wH3pXzjNqrGrmNxzPNAR1gqNuTghfV1p3+V8IkOKdw7NARj1svbjPpC8Cwl+4eM5q/B6ncmt1hAsFBCBJ4un8Q0OC/cxrpkgzren2JOH6KfUNFLwWs9uu3R+DEqndKI/+EX5Xx/AWlA+FHN2BmVKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amazon.com; dmarc=pass action=none header.from=amazon.com; dkim=pass header.d=amazon.com; arc=none
Received: from DM5PR18MB2326.namprd18.prod.outlook.com (2603:10b6:4:b9::33) by DM8PR18MB4421.namprd18.prod.outlook.com (2603:10b6:8:3f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.7; Wed, 5 Nov 2025 03:04:33 +0000
Received: from DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be]) by DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be%4]) with mapi id 15.20.9298.006; Wed, 5 Nov 2025 03:04:33 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Joseph Salowey <joe@salowey.net>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Working group last call for the deprecation experimental code points in ECDHE-ML-KEM
Thread-Index: AQHcTgDoDyQxxxNSKUO8C3JYQCB7pg==
Date: Wed, 05 Nov 2025 03:04:33 +0000
Message-ID: <DM5PR18MB23261552A44CB5691E78E506ABC5A@DM5PR18MB2326.namprd18.prod.outlook.com>
References: <CAOgPGoDsX09SEUXr+Tq_m_5bs+erCLagSGMrAVohBRMqOkAtRQ@mail.gmail.com>
In-Reply-To: <CAOgPGoDsX09SEUXr+Tq_m_5bs+erCLagSGMrAVohBRMqOkAtRQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amazon.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM5PR18MB2326:EE_|DM8PR18MB4421:EE_
x-ms-office365-filtering-correlation-id: 4f9222de-d2d0-4803-af1b-08de1c180b80
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|10070799003|7053199007|38070700021|8096899003;
x-microsoft-antispam-message-info: p1wHCA78Rm4f79bDigiP8G2ugqwK53l5lQMbcjvOtMmt3HZGc0VAxM8G8P/20MB4IznDmMFeAF5diLqy2rFoyM2z+MWGO0kYuGeO/9stqRBnps+uo61SidSSQLR6qzYcbxWvJfkso+J1IXi8/M01vWXXGUySUrQ0x52trSugYKdSr8DNsQFjhweRwF0pQSdSjRvRKHEK87bxu8L8U7eJkzmRM4bTudg4NDBPkVyfzKvc1cjxjdk3PvoDgB1iPkDveIGax5ZAAHL+7JQ9MlSCYTWX94/EmjQdTPZajmgd672gQXnYvdH4dEUvBXiq4FrzgMemxU9ofPezchCLRmrUzTYJgYjY4SSo8N/bqJcvx5Ax7ecBA/+0u0P/VSw6O34PYXQ2JGC9auFXe79q52Z2xlNwq/tYr9cjH85kFnhBSS/y7JV7Fpa9yIZQAYv3J8Xi+GgTEzO7atdvegNTx/pyFMAKKdWt39c/C82R2FKAFP0Nm7HsJecMpiuBQ0eb6K8k8UarsFPY2x8PdI3sHT8tZt/lUD6smJDNnoIR74PpCn6YSqqMoX5809l7QhheeCsdAG4Wdvu/u6V72weS2wasUqDaQ1br/ShNonMwJQQzf5aJv3iy9++IK5cMqZoaPwLEKcoqeDXWfyaeDbzp6kdDPRJFN7HH/yjqIVlGZrHqexs9NUbMR9xqhSRyqYtCnthNVeL0C7S2HJNQHtVdeHEWTY9hF8MGOftmTr8H9Tn1dVNOGXT85vIzv2Vpbk2JDxVDDeKz8JVuwXCD75rH21yb9iFVEblGtE/RwqXm2M9GpirGy7a5eMdypVSl/dqcZVhZk3+O0Ja/zpepD7RmjRr4SzcQqPYcy7vmCmW3AnfF4PASSXVDnExZkCWq+4anZb7H3T6jlrMtYzwogKUThqXjWbDlcb0Yr3jedrICxWOVuk+McBQCIAtyl+pYB3d9rN2w2l0IQN0kI1c+1fXu1qSdvqaWMfojFw42J+CnxiDJK0VgjfdWEA8z60o3CYCjsVjln3Y91q54WRwIeOWdcx8DwBD2b7EaKcXDcjr9QTqLV6wM4kTSzTN0cDejrd1fXxZxvnqEybYiYW9pouW45/YYNwA5s5/CnsrY7qjj7tXwXZo9KX4VvwfDVG1dqCUM+tVmNutoLRAiZaUNGy+8EfiF7gMKGniNvO3zSgRFRITSS7GkW23NgXG0EccKftsVLsIu6GRJQwQzYP5G0Yv7c+RjSnX8bZ5KmMbNXQTmN6U0V77Nmzl0WRlph7bU+3e1yRLJfy2wbTGKPeDrxi7vgyGJqHEjogCz1DclEXVzpVKi2eFbsOOVMLpsR5W8pQ6ISV3da6za/HaO+qwhc6CXd5JN9zmTEqY+5z/kd7CAAZ15TXcIP8BN5GRKClxOj9GijQDnRDYPX6Vt2ndO7qHm/4RoH1LwNnC0fISiW3FfmsVHGA79j9UptlXElUS6zwHEtfjnzgDDasdZbeqDwv1NDPw876p6JWXdelXDj2PjR+fOsJztqQIasuk1N5dDwMXF/crU
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR18MB2326.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(10070799003)(7053199007)(38070700021)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ivXa7QqfoYiVdgWyKmYzGZ2xRzwVv/9u2MPtUCWrAOVXooF5LeM8AB94oVZJB1FB2QDf/U6n+FvrZ5jFG+2o9GeyOossylaHn/NNK939LjoD6TrbRtHIx9KZ4HCpXKdiKP7daWFJraLFwHi0PqPVskpacj11lQ0pEqqihsBkcbeNBtf7vXBAemMKyghfiIJWv0JkTCF0mgSwFazrWfk1hUWOdTCH4ezU4IWFG9xsSxVzV3Vitt/zwoW246SmvKdl4n7fuBU0wCHNKlMhRgQcdJ9zEyMnra/GPF2J+g++aBIZd21AJckNyW6zUEFRUNQ2zcu0BMEFgGC3luxZ3sf8btRAQsrUK/++ur6PlkDT/NEU+AkEgpXgMUja4gVy347xoeHLHN3HkjLmFsekllLHYlvfcSmr3OFlHm2htmLgcaceq3nmqJfmRzoEAbHs0NS2nGhtSOsm/U7VpK4llQSLaJ4Zzvb2zHJEqmMAmKTayyqLNKd7l5zA+mjGpweVuAYgDr0cqLDK79mxEvPcYrSXqgKXVz1oKT/oUKCH7booqK1NeWRhVbTjfzsJZbz0wtj7nGhcQkiZ8ZEpim3/c/HBUbR7HYrUoM3XQRLHvyfxgnSeBMb/Z3HGjf4BJM+wJSOYa5I2Or3DhQbSGainT5DIP51WYeaCKrGH2OK84piQySiDvBoM16TsivuBd8SNys1BTFIffZ4er31fQsjRljEEzAPEB2lRq8bbkq/wBNeUet4uMEEkGNf92IE5XLMbYegQc8dNCqRFI76WaCvD/YfcQLEmIT6A14ntmw3MszHAbRQWi4J/zblZQ6RekLqeH7YprSIez2LlV2ks5jU+nOMLDZ7vfBJcbvN/gSc9tQE+SAZS+ICYc7qrzYTjgNWXScgSvKzJxxGzHaWCIAU1wrvjG7SlsuesBWGECJbNwnk9vewvyj1K2j6SbWjAJ6wkVX5ujAnaM4aWGFcLZJCqfcIMqKbmLg7sp+G6kY+TuvV6hNGDuPqE54ZW5MFk3jGsYp30b0wkPqFgSpIK72c1NKqpJAHK1gcbkvjTzs6B4+yuXcenXelNl8xoaUVvkrbQtbdRDj0zVJzv8Xe9jVXdh88W4rBOFQdRMi8LWC9qZzViDs1O1QY09y2pB1X7ANVmaD3AsqcDxNhhQPj7qHnRS0ZvX8voLJH8FXUQr1ykhHD/MfC1fKBNeof5kbj8jxlAJCAYvYrXkJ7Gw2z7loPQwudTK8ey7DGcps2WR6eQnx8zHynG9D6NRgX/YMwgsurESNDZ1iZ2uABkg69lqGazKdP8r74hzMc0t5D5yqfoAMVod/UNUFr8RWBDKhtaQVWFSNcAZALGmHIpASUI1E0ZRoLUdeYEhpN2lZ56LzYPNjt1XzseC0GnbnuD6AW9m5NFYbCQJ6PVg/36O2j6YJITfDUnj3nzJgaXrBccKt/zLfL294QxN6ia89VMl0fDkr2LaOtPJ7kGeBF1W6eF0qbYZX4MIcPnvmescY3qI6XZSSXnzT2KFI6le6taVkn06WLYuavXTAoO8o0BhM9IAFyRybEOythU5tEfYbvvpzkCzkOQYvker0av3R+f/Phj38a2j5OP6YZ5IdHsmxbhz+UA/QTLv2+V6Idj58qAMl7HpcUQ920=
Content-Type: multipart/alternative; boundary="_000_DM5PR18MB23261552A44CB5691E78E506ABC5ADM5PR18MB2326namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR18MB2326.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4f9222de-d2d0-4803-af1b-08de1c180b80
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2025 03:04:33.0405 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5280104a-472d-4538-9ccf-1e1d0efe8b1b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4F73njq+ZEFh3YHdGwpD1EmNjwkd17yh/9pLcT/bbarE4gXQ90iS23nA0o07APo/vZl4cuCWjpWV4KTuYDI0pA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR18MB4421
X-OriginatorOrg: amazon.com
Message-ID-Hash: 3R3GV3OTJACZBRC23WW7LHOQEKVWUUOV
X-Message-ID-Hash: 3R3GV3OTJACZBRC23WW7LHOQEKVWUUOV
X-MailFrom: prvs=39745951d=kpanos@amazon.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working group last call for the deprecation experimental code points in ECDHE-ML-KEM
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/g1kLjOGnyiZEr5B45JutBuIAotA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I support this action.

From: Joseph Salowey <joe@salowey.net>
Sent: Tuesday, November 4, 2025 2:59 PM
To: <tls@ietf.org> <tls@ietf.org>
Subject: [EXTERNAL] [TLS] Working group last call for the deprecation experimental code points in ECDHE-ML-KEM


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Chair review of ECDHE-ML-KEM uncovered the following issue.  The document has a section obsoleting the following experimental code points assigned to pre-standard versions of ML-KEM (Kyber): X25519Kyber768Draft00 (25497) and SecP256r1Kyber768Draft00 (25498).  This requires assigning a 'D' to the recommended column which requires standards or IESG action.  At the Monday afternoon TLS meeting there was strong consensus that the best and quickest way forward  to change the document to standards track and make the following change to section 6.4 (Obsoleted Supported Groups):

Experimental code points for previous versions of this specification were added to the TLS registry as X25519Kyber768Draft00 (25497) and SecP256r1Kyber768Draft00 (25498). This document obsoletes these entries. IANA is instructed to modify the recommended field to 'D' and update the reference to this [ this RFC ].  The comment fields for 25497 and 25498 are updated to "obsoleted by [ this RFC ]"

No other registrations are to be modified by this change.

This is a consensus call for this change only as the last call has completed for the rest of the document.. Please respond to this thread indicating if you support this action by November 14 2025.

Thanks,

Joe, Sean, and Deirdre

v2.35.0 | Report a Bug | By Email | System Status