[TLS] LS on the work item related to QKD and TLS integration framework in SG13
John Mattsson <john.mattsson@ericsson.com> Fri, 20 March 2026 21:13 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BDC10CEE77F9 for <tls@mail2.ietf.org>; Fri, 20 Mar 2026 14:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id El_PCk4WrU6x for <tls@mail2.ietf.org>; Fri, 20 Mar 2026 14:13:25 -0700 (PDT)
Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazon11010024.outbound.protection.outlook.com [52.101.69.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E38C5CEE77EF for <tls@ietf.org>; Fri, 20 Mar 2026 14:13:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JHAc+P/6OJSh5ADGgwgHtQaZY3fKWDqaRgLFbXcFNEUx6W91wC4cSqBrvDNDU/dmWn2FjkqkDu2Z5uuH9nyee0z7o9CjZcIB8FdUgwbfhk6J9HTEBxkbgpisWdomq00SlQS1Uneu17a9hmuvXUkXj0RdZvOXoYhQk2KI85j6JCV2hJeYlEne6OuHo42tSgfjLzxqWMO47fvyTldQVQdtHajtkNhD+A6tA6cTWuPo1YKGm3INGlD7w84K0EGmXpfzH6KJ8n/Qwmm0uvm70p1aFD+fjpmxoliVa6hX582Z06IlrocgA3YmbxCPXJ2bU11xHcLPSFvQNptRchZcaT3T2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fsBP2Qvnfw7t/em9QjZJDSCKUDO6KbSQpSc7rSLRvQE=; b=TjKrbruO08JFECgu9zCToeq50AfVQhvZpCtL9P2JlTtJhIlcFNMXeCtkp47pU/Z9CzYG6R5QfierTf10oormXXuZ4F/DXWU6olmYqCJn1BsbtPiwPpGB2pMd/9HvlTHwQ10fzPKuGfpMoW9RTkNnzOyMAnhdAD48UCTEf2dxhxBBN6NOTeEOAyuzlFEi2pU41kM0yw0YYscM6VOy7TX+iB2qTKYKMi5Qs4qywSiysGPNpCwUSdKty0RUDqd1z/KHGmRvtdXd3XB5LwJJJn9a6ClYZhWMzgXHIHBqOJBg6fMMtxOqokUC7jqg2z0fleC89TrWLhOr2AiuF5/cWxUe1w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fsBP2Qvnfw7t/em9QjZJDSCKUDO6KbSQpSc7rSLRvQE=; b=EOw1hBlkLg+vD3woBGG3Ad4W+BFpNKjlGon+9N2/SzPgW+2l9VPe/DaYusBvuvqG+ryeQnWun7HRAI4AMoU0V/Kv+ZUvPUvJ0n/QOpOtCuIukK/wtrjg7A1IQzzCHo36yFjExD2G21ib+fgt9p2DBV0eGmWwO+l94ACZZX3cZXOn8Xu5YPD7/CVO0lq5RcP3ATXFQ4Djyic9sqGinJT9yYtRIPy0hQQdc4DmBJWYhunW3PHhwkcvjwcSC/oHpeAtNHHK7vxCpEd9JQOqMZsby+VdLqUFOrdvidjb+8EXnlWYR0WwhC7arVA8AqG9j9snkzQ1jnRVDLnW9EWlZ8XmWw==
Received: from AS5PR07MB10596.eurprd07.prod.outlook.com (2603:10a6:20b:6c5::15) by DU4PR07MB10229.eurprd07.prod.outlook.com (2603:10a6:10:592::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.19; Fri, 20 Mar 2026 21:13:16 +0000
Received: from AS5PR07MB10596.eurprd07.prod.outlook.com ([fe80::c408:8de0:2e1c:17cc]) by AS5PR07MB10596.eurprd07.prod.outlook.com ([fe80::c408:8de0:2e1c:17cc%4]) with mapi id 15.20.9723.018; Fri, 20 Mar 2026 21:13:16 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: LS on the work item related to QKD and TLS integration framework in SG13
Thread-Index: AQHcuK0QcdaylumWUEu+S6JKlz1DqQ==
Date: Fri, 20 Mar 2026 21:13:16 +0000
Message-ID: <AS5PR07MB10596F6F561F755EDBABFEC35894CA@AS5PR07MB10596.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS5PR07MB10596:EE_|DU4PR07MB10229:EE_
x-ms-office365-filtering-correlation-id: d85faeb8-40ed-4041-e9dc-08de86c5811e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|13003099007|38070700021|8096899003|18002099003|56012099003;
x-microsoft-antispam-message-info: fmFzw7yQj6mdGbx/S1qvhZ0ykeE8J5kjz3ua7KPVxH6e46E7QnHAHyJKmyg2M/qPKTqZQFj2NbmgK35dsHFxCap368+dcTCnXxX4MCwxdgM0XE9D2Ta2u/w7tJu87ifNE+f1O+e01n8tUqBxiSHhrTE5ohkIqOh+m9KjEIuCrs+3Tavvu5SjliGqNxOmCwjiO3kgKmXsKeuQqvqqSGH8zdeURmyvESu4kFYKdH04inbWMNXUnzBxFYUmF8PkSSmPzT66Cdh0emc1XH78uSxhnsE4PJ+vNpBLDiOioGwJ9KZ9i/XMsA+oVAhs1QpdtmbBTFJk9mFNCYvt6rs/GJLzSEDGIe2KQUhu5jN0tTd8DTVKMAY5FAygmI4gswbP45HXt/FN5zE3UyjUUN2xukAB5wBSWrFxS27fbmE3b5yWGZK79H+fICNSRH3NdgrF+xwzxQXm2Ee1QiBn14Lyi296U1eF3e/wOXgLzFUN/RHkcV33KyJa47mSaIEZUJHCM+Hg/SEM+BzxKMAAsEAQn68/RUx8ff6q5bYdjnGBETVAl3hJS5pv1FsR/wLvJK9PhzDjUoILcgcPHfktln+WlXGsFuEK9nbesCgJRsRtwDyGUdF88DYDBiZPIgjRd+x4/LgkVQapdPvshM0hCppjUlT/qZcgSUAhf1zA/7rYBPu9oq2wiJZ/8tikLkvwQWBCqtXA6XGurUYaC8e9GtDaVze7VJ4M7jy+aJLZwKfGxy9XvybE1fe+cJP4BTDGi4i8JGxt
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS5PR07MB10596.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(13003099007)(38070700021)(8096899003)(18002099003)(56012099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tzSRChW5JfF9P+0MvfUCX9porVTQDNNCLHe7KeFt6lSnXMKjzl40JJPJsfpQQ5oFG17eEj2hzm64cWFpt2ls4aufnVGuR9xh3MLwylvcS6zQNAJaYsa33vwD1IZpoRDrU/dZdZwXwYYddd3xw1KRtZG0560vfWG68muUqX2DTVaWzq5fZMjDuxgNkzV5aHxf2pR+d7RT7FSj4hFveF5COW7AA54Swp93DiHvGbyxIENiaGbyIjkx7QedFzpQJ2b7sBaPzp/KvrIND7HNgR9dn49fMWrUUAEAtsCANwIttAUjT4h0t1BRkpCBBufyY4sAeoR7RjkA+6Ybdy7ql7nhERa3N17muQGMsecOibgCjJubiniY9bctJDLYEqVD+HatxUpb0Ye4iks7xwRy1b/uh7CYxaTZnq7ECBMpaw3lhmi6qOzBYcFNBIDhXy3PrAwa4B/HlvmN3p7zIg7gUu1K0RwHvfxgb7svjhViFIfgIhE46oAWQy8Q6yo7sFwc0rUomFNweEGv5RSfh8aMrtpL44v81xoMcpzkABoma2KwkBPH99K4dQgthtZiYCMIkcQKbuLFqyJncgBuUuHbftI5oqqPOOZPTezEb2i2Hm0dxiWGrhMiEGb9ALg8hegGgeB7tTZaDMVURbdQe+20DHqR8Qg4T44fyBpsQxrXdfCGCPPmPSX7JDSXNFkzTnrJq0tdy54OoTYkwM2VTjL2FIRO7zpQO0EG7cxW/RrCxS7si+XS9d2MClAjXGJoJFniWcvz4NbHFbqij3sBHcIMlK/u+JkHyyh+k3zicQsfYOEzeEh7+rDJDBnzuxFPRIIBh8QIDoqsg7Ntj4VdBlMNic5ZgtWQm85dOZJzCiZZE462jfKSscq20lCC1sBv1ur9N+0kFU4F6hxOL3lBbHJ31LzCC8CoqfoxePJ4haHOJrNDAHiIaowR/6wPXZGwrca8i4ubsITaeUh1MS5jrdmmpLOJiaiHHDeTyTFEm2HIYVCBo4O0At2rKrk6yMFhTPHcryCwilVlYiRjLLNOg5ScmD1PswsygQtXoVt8aNhwV5iaMCsydIg5EXFyC7q49AFhdH/u7aWozTFLGhEn8vVYygGnrK8gqujgTpEsr8tDFmZUuoKP40jM/utZ4tqda2+clQ2eaHzeYXrMmNVdbA7ziiBT8nxOBTPve/LHpoD9D1pCIt7uWxUejvEUtq9miLyvMVysEYItchfWvIzy44L9U+vEjnhfzKI5dzKH5oh6Qvi6NLyMNDDlSUdTJ1QVUZKJJASDKq1/PUGTz0OyG0IKDRjMNQtrwre+RRWrpzrdsmuVGFtAC4cFB8FiNnKt06j7zl2Qfo4iIBzOyO/11ixcgS/gVBVfLSqwiPU85//NHhoyXU/avVyRZht4FOegm6jlTKvRsCJPzIaIur9OAJIEwua5CWlXmbXWxpp+5OkclVgSgLNisZN92ZfoCUsDmZfU8DvTt1BPEyJ5cKchN2GI7eU/wA+c1q3UjnTdskrcEOyq/G5yqd6GwAiWhLIqJIzvwwlr0k1HJnoBmHOTBg0nJHTjpwg4qcY/+PIrMv4znU7Rs096xvDLvMlj5OSGHVrVH0+wuegE4e64NB35SKAL+hR2YRNyl/euyCxxB/I5rfqRDwzshIk4trAGqk5MWAaGUqASNqwIkmvITiexwjDQXI/0LzKrDto3KYfGKGieYm0W608PzNn9bdhIFfY/yXZIfx1L2o9GmgLq5m+c8QB4Peh7/g9SOD+HqG69WX4Odiv9tghDbygDsXVhNMNzSkYtPHOR
Content-Type: multipart/alternative; boundary="_000_AS5PR07MB10596F6F561F755EDBABFEC35894CAAS5PR07MB10596eu_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS5PR07MB10596.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d85faeb8-40ed-4041-e9dc-08de86c5811e
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2026 21:13:16.6115 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yi0rBvIxP+KWhc+XbXNTp+YOaITbsBT8sOzZlaY5BNbQwoCUU5eWG9rP7UELZNTT82mMk/j/7Y8DZKVfR4T+caY8jYZqNNiBu3atCOL9lDQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU4PR07MB10229
Message-ID-Hash: 2TIX4QHW2XFELEL7HQXPRBEFK53ACPMB
X-Message-ID-Hash: 2TIX4QHW2XFELEL7HQXPRBEFK53ACPMB
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Scott Mansfield <scott.mansfield@ericsson.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] LS on the work item related to QKD and TLS integration framework in SG13
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hvrYDHT18h_M0bTNwCNMhzfm_2g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi, I am worried about the ITU-T work on TLS, which seems to significantly lower the security. https://datatracker.ietf.org/liaison/2141/ I suggest that TLS WG replies as follows: ---------------------------------- TLS WG is concerned that ITU-T describes QKD as a technology that can be practically deployed today. Previous IETF discussions have concluded that QKD is not practically secure at present, but may become usable in a few decades as a defense-in-depth mechanism for point-to-point connections. QKD implementations today are not practically secure, even for point-to-point connections, and are even less suitable over longer distances. The concept of “trusted nodes” runs counter to established security principles such as zero trust and end-to-end encryption. Alarmingly, some QKD and QRNG vendors claim that their products are “unbreakable” and that their output can be used directly for cryptographic purposes without a CSPRNG or asymmetric cryptographic algorithms for key exchange and authentication. This is exactly the kind of statements one would expect from a hardware vendor secretly influenced by a SIGINT organization. The TLS WG agrees with the direction taken by the Pentagon to not test, pilot, use, or procure QKD and PSK-based solutions for quantum resistance, and to phase out symmetric key distribution. https://dowcio.war.gov/Portals/0/Documents/Library/PreparingForMigrationPQC.pdf The solution in ITU-T Y.QKD-TL would not enhance the security of TLS; it would severely weaken it. ITU-T should recommend migration to hybrid key exchange mechanisms such as X25519MLKEM768, which have already seen significant deployment. https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ https://radar.cloudflare.com/post-quantum The use of psk_ke symmetric key distribution significantly weakens the security of TLS by removing asymmetric cryptographic algorithms for key exchange and authentication. The psk_ke mode was designed for constrained IoT environments, is disabled in many TLS libraries, and is not suitable for high-security use cases such as critical infrastructure. If PSK-based solutions for quantum resistance are used, they should follow RFC 8773 (and its revision, 8773bis), which retains both certificate-based authentication and ephemeral key exchange. This ensures that security is not weakened by the introduction of PSK-based mechanisms for quantum resistance. https://www.rfc-editor.org/rfc/rfc8773.html https://datatracker.ietf.org/doc/draft-ietf-tls-8773bis/ ---------------------------------- Cheers, John Preuß Mattsson
- [TLS] LS on the work item related to QKD and TLS … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Nico Williams
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Arnaud Taddei
- [TLS] Re: LS on the work item related to QKD and … Arnaud Taddei
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Salz, Rich
- [TLS] Re: LS on the work item related to QKD and … Eric Rescorla
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Stephen Farrell
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Jim Reid
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: LS on the work item related to QKD and … Martin Thomson
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Andrei Popov
- [TLS] Re: LS on the work item related to QKD and … Scott Fluhrer (sfluhrer)
- [TLS] Re: LS on the work item related to QKD and … Viktor Dukhovni
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Salz, Rich
- [TLS] Re: LS on the work item related to QKD and … Muhammad Usama Sardar
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Scott Fluhrer (sfluhrer)
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… John Mattsson
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… John Mattsson
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Eric Rescorla
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Scott Fluhrer (sfluhrer)
- [TLS] Re: LS on the work item related to QKD and … Muhammad Usama Sardar
- [TLS] Re: LS on the work item related to QKD and … Arnaud Taddei
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Arnaud Taddei
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… Ilari Liusvaara
- [TLS] Re: LS on the work item related to QKD and … Yaakov Stein
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Viktor Dukhovni
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Nico Williams
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Viktor Dukhovni
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Muhammad Usama Sardar
- [TLS] Re: [EXTERNAL] Re: LS on the work item rela… John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Yaakov Stein
- [TLS] Re: LS on the work item related to QKD and … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Sophie Schmieg
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Yaakov Stein
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … Bas Westerbaan
- [TLS] Re: [EXTERNAL] Re: Re: LS on the work item … John Mattsson
- [TLS] Re: LS on the work item related to QKD and … Bas Westerbaan
- [TLS] finding liaison statements to/from the IETF Jim Reid