[TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 07 March 2025 10:08 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 073F78C0C22 for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:08:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oT4oX6FQG3xw for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 02:08:19 -0800 (PST)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E2C448C0C1D for <tls@ietf.org>; Fri, 7 Mar 2025 02:08:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1741342097; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : content-transfer-encoding : from; bh=9tJusOOT/HtnAJGSJS2kEdjW7b+sZA32CekSAIsbTuE=; b=TsF95w99AoBjy0zR/8U+pWy07Tvd06pK51cjUn+b6RzjQZiSeCIU7sdOhmGGc8BaUDpqY bO/0+SglNQdt8WeUnFW54bXebpgX0aKD5NQO+bjnv0IU/f8r5zgyB/3tcWe6ETiuByZ/CmS xB20Ypdt9uywRavVMZSwh2hSr5U0ufs=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id 1BCD993558A; Fri, 07 Mar 2025 21:08:17 +1100 (AEDT)
Date: Fri, 07 Mar 2025 21:08:16 +1100
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <Z8rFkDPpU_cdo7XM@chardros.imrryr.org>
References: <ecbe460a-578e-4c2b-a58b-adecbe63abdf@cryptonext-security.com> <Z8mdhmuunvsHEhkZ@chardros.imrryr.org> <AS5PR07MB96758D66E90B56568326199089CA2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAMjbhoVhWt6bS0GeMqJDu6goQ=zNXQ_yHLXYukN6Q4O6ij7AtQ@mail.gmail.com> <Z8pv88GK2t_95t2a@chardros.imrryr.org> <3e3c6310-984d-4288-9bca-afdaf187b892@amongbytes.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <3e3c6310-984d-4288-9bca-afdaf187b892@amongbytes.com>
Mail-Followup-To: <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: TJLN2XFOQB2SSYXG5SG7JQ24UJWHM2CS
X-Message-ID-Hash: TJLN2XFOQB2SSYXG5SG7JQ24UJWHM2CS
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/goR_UBE8IIKutsshJVST6WVTbq8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Fri, Mar 07, 2025 at 09:00:50AM +0000, Kris Kwiatkowski wrote:
> Indeed, that's very nice. I'm actually running OpenSSL built from a branch
> vduc/hybrids on my server
> and X25519MLKEM768 seems to work alright.
Support for the hybrids has been in the "master" branch since Feb 14th,
but preference for hybrid groups (HRR and all that) was merged on Feb
26th. 3.5 alpha will branch from master on Tuesday next week.
> May I know if you have a plan for FIPS certificaton for PQC after
> release?
https://openssl-communities.org/d/SRthdwYI/has-openssl-decided-on-next-lts-release
Tim Hudson · Fri 21 Feb 2025 8:51AM
Yes - OpenSSL-3.5 will be submitted for a fresh FIPS 140-3
validation.
--
Viktor.
- [TLS] ML-KEM IANA and draft-connolly-tls-mlkem-ke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Salz, Rich
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Bas Westerbaan
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Deirdre Connolly