[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Eric Rescorla <ekr@rtfm.com> Mon, 13 October 2025 15:13 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AC4A272811CE for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 08:13:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hc5P77n3MuQl for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 08:13:03 -0700 (PDT)
Received: from mail-yx1-xb12a.google.com (mail-yx1-xb12a.google.com [IPv6:2607:f8b0:4864:20::b12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 71D0172811BE for <tls@ietf.org>; Mon, 13 Oct 2025 08:13:03 -0700 (PDT)
Received: by mail-yx1-xb12a.google.com with SMTP id 956f58d0204a3-6360397e8c7so4470763d50.0 for <tls@ietf.org>; Mon, 13 Oct 2025 08:13:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1760368377; x=1760973177; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=imXz51aVqoHxJnfpXWDhc4Yjn6V1wmLFg0N0SHtYy2w=; b=SQvbMROvWwdBcxM4hq2oGPl6PxE5I8mxgiZesMlP6uL888SloGBAe/TjHUhZeEDn4q 6UXAKTH7Gk2Uuq2ZAwnnCz/gpWloaGOfLuDA7rd/w8VpirrpgYZH6qIcQECHWq2OYzIw DTVVE/55iFKgeHGQ6yl2zxOrPEfg8UlKHs65JTkxUGlBiCO/Hq3jIaaXodNRYhBxiTwc 0W6N9dDFRRJiO8CZ1GgFHbMsObn/1z3VUTqUOcUyio80MKGmg8h5O2BkBqy936GuvMRq 4nf6c2x48yT45Qi3npsmGggr8Wts25Vgd6zDS8Gle3mbByb/nbbKMR32lb+Hc2PcVs0m GxfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760368377; x=1760973177; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=imXz51aVqoHxJnfpXWDhc4Yjn6V1wmLFg0N0SHtYy2w=; b=ahmeldGhEQfigly2RnE4gh/6hEsvn6IwQSmC1iElMPYyC+B6aE44V8ztsKHV1FZqII 44PD6N6UfuLbMJ0g2V1FSyn9w3iY7xF1VKU5j60Wn+OBAHHNYJGveFiQfts05X3yCGUp Kqov0g1Nk27aAKVnqR77EhL/nKaPW+VJbBiVde6BiaMJgSg0CFdOCqC7El3OYFv9390R H6wmcsOo+aHtbbosfph0NqcpyUJWzNyQwyzKk1VjEu9bHiRsp5RMq40k4JOvuaqdBvDr D4BolzROTxPWMIMVRiLc8fEJ3uJhYNsKMFkX2Ia30jyaL8yFsMZEl56KIS/Dg6hJRFzf MApg==
X-Forwarded-Encrypted: i=1; AJvYcCWiJwrSVc5MTwj4HdyYcN1ek6paiTvL/z5ppSDx0UMNaJQJRJclMj2KWYA6VKC2vtuN3Wo=@ietf.org
X-Gm-Message-State: AOJu0YxujTB7y+v/FxKxUXNa2p20gygobiiKfbc4b2ieikcXyKY1VDfz xS8RmJOLShiRCXGeUZfm0DRuC10Z936h65qJKNhaRD1/BGJQa5FwtTR+Wf5MvN63ZTYRIxRbOaU xVPqBHX3cYDXyWJ6VbXSHfYmqZNfAOtj9jFHPw/KWYP1dbr7MJQmHE5svyQ==
X-Gm-Gg: ASbGncunofVJiFokz1ZvpAcLm0eW9us4vLzCEqCrqOqMXZFdvMFJT9WyP9a6BEiFbjr Yf2u1Kuf/vP9nTgJy2p1QCtg2PhLsfaF59M8Ut6K6UyBEeYJuh2fjk6vnURIs6CGN9JopRZsnMI Wj3qaXzcj5vbC3GPh1/UnVOW6pEONHtZ82s+2PtKg3bDPditzsSWjoIZtT0lOOApUFkDbfnVUl/ pDsrV6IIYI/StTW1JuBaOAwhhROJMoa5QxxZbIV090m1YOxIDF+bxjur0lwtTHjQ4gWgjUVvxwo VQPKoShTUl1oIrmPOO4NVoAkd7EVOttWSLEWirLNqCP2j/4ezd0=
X-Google-Smtp-Source: AGHT+IGFhLgPEDSixFlbb2V5kQ8fBQfDHpTbbKyFX1teyCY0ORhewNYa0pjUa7s0ADZHYFYkuX43NFoTNr4DY7GaZ1Q=
X-Received: by 2002:a05:690e:441:b0:636:10a7:bf74 with SMTP id 956f58d0204a3-63ccb8deddbmr14325022d50.34.1760368377022; Mon, 13 Oct 2025 08:12:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com> <20251009160139.42473.qmail@cr.yp.to> <DM5PR18MB2326D93261B74BECF06061B4ABEFA@DM5PR18MB2326.namprd18.prod.outlook.com> <GVXPR07MB96787960DCEB12341CF0651789EFA@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAMtubr1iJigyhRKaGdwoKsT_EuNy_aB795N2397aRdKCKabxdg@mail.gmail.com> <a3e63086fe2454597303c49eb05f3fc3f1de855b.camel@aisec.fraunhofer.de> <MN2PR17MB4031F0049A1FB8578E19EACDCDEAA@MN2PR17MB4031.namprd17.prod.outlook.com> <d7dd49bf7ce443d48ab4bf5e4388db7a0f9f2e16.camel@aisec.fraunhofer.de> <MN2PR17MB4031A84C3DCCD414B6B65DDBCDEAA@MN2PR17MB4031.namprd17.prod.outlook.com> <afeba42b74d3022a4d7ebb8bcb90357175132fe6.camel@aisec.fraunhofer.de>
In-Reply-To: <afeba42b74d3022a4d7ebb8bcb90357175132fe6.camel@aisec.fraunhofer.de>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 13 Oct 2025 08:12:20 -0700
X-Gm-Features: AS18NWDjd8AGjthULf-7h7xaBgUN-7J0ev8MYPlArGz2VC-XyxF9NvDGp03ZU80
Message-ID: <CABcZeBNYd0XcdAXkjdUzWoX-cYAQPBi6Y=5JaMWdst3TS8TvRA@mail.gmail.com>
To: "Bellebaum, Thomas" <thomas.bellebaum=40aisec.fraunhofer.de@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c9619506410bb3d8"
Message-ID-Hash: QNLUMPSA4BWVIEZIQMXN7HYUEAUWA74K
X-Message-ID-Hash: QNLUMPSA4BWVIEZIQMXN7HYUEAUWA74K
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "rsalz=40akamai.com@dmarc.ietf.org" <rsalz=40akamai.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iJhVvd6RO9JEQ2ZsBPcSr1kTkDA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Mon, Oct 13, 2025 at 7:31 AM Bellebaum, Thomas <thomas.bellebaum= 40aisec.fraunhofer.de@dmarc.ietf.org> wrote: > Many voices in this LC seem to either advocate for recommendation changes > or be sold on a particular set of combinations already. If the current > document was able to pass WGLC, then changes to the recommended column > should not change this. I don't know why you think that's true, given that we are presently debating the status of that column in this very WGLC. > So why go through Montreal? Couldn't we have another WGLC tomorrow? That > would just move the deadline by the duration of a LC. > There seems to be some confusion about the status quo ante. The current document has Recommended=N for *all* the algorithms. Above, I proposed changing them to Y, which would also entail changing the document to be Proposed Standard. We've now heard a number of counterproposals, including (1) leave as-is (2) just mark X25519 Y (3) take out the NIST curves. At this point it's not clear to me that any of these has consensus, so that chairs need to work that out. However, given that there have been a number of objections to (3), I doubt very much that that would pass WGLC (and I, at least, would object to it.). -Ekr
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Paul Wouters
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Working Group Last Call for Post-quantum Hy… Joseph Salowey
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… David Adrian
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… tirumal reddy
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Thom Wiggers
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… David Benjamin
- [TLS] Re: [External⚠️] Re: Working Group Last Cal… Yaroslav Rosomakho
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… Martin Thomson
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [External] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Filippo Valsorda
- [TLS] Re: [External] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: [External] Re: Working Group Last Call … John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Dennis Jackson
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Stephen Farrell
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Birr-Pixton
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Christopher Patton
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Appeal Response to Rob Sayre - was Re: Re: … Paul Wouters
- [TLS] Re: Appeal Response to Rob Sayre - was Re: … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Peter Gutmann
- [TLS] Re: Working Group Last Call for Post-quantu… Yaakov Stein
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Salowey