[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Martin Thomson <mt@lowentropy.net> Thu, 09 October 2025 14:53 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 05E4870179A0 for <tls@mail2.ietf.org>; Thu, 9 Oct 2025 07:53:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="droIJ2NU"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="CgEu0IzE"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kaDofeXpRzG for <tls@mail2.ietf.org>; Thu, 9 Oct 2025 07:53:04 -0700 (PDT)
Received: from fhigh-a2-smtp.messagingengine.com (fhigh-a2-smtp.messagingengine.com [103.168.172.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 514EB701799A for <tls@ietf.org>; Thu, 9 Oct 2025 07:53:04 -0700 (PDT)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44]) by mailfhigh.phl.internal (Postfix) with ESMTP id A2FEC14000C2; Thu, 9 Oct 2025 10:52:58 -0400 (EDT)
Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-04.internal (MEProxy); Thu, 09 Oct 2025 10:52:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1760021578; x=1760107978; bh=Nag+qGlNdbByGYoB700ed0GdGckHrZpnra3Wer1Q3A0=; b= droIJ2NUcvE4Z/57BzLZpC7VLx3H+Nk7lBc7PjTgQrM6nbZoEyplJcrn83aczQpO RG6LIz4iVySDdWQY0CkwGgb6DfAeQ8fotQptEKwPSWvVa28dBa2GlO+zTKwW1Ysa ecvm661c/o3g6PSoMSFgY96pXRvHlUQtQjPVD6XqY3n85CDUKbSP5gNeWblbRvPK SjGPsy94pPu5rMUydYx6DOgzG92rKcVNoWzG94/+zU7GN22QqgYASNk5i3os011d iNUmcI2O/3PIz0Z/9RZMottfrMDRWePwGOIzy8q0qrLZn6QMW37ahe5VnVMW5Syt iFMZcOMorm+au3UV+ZU7+A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1760021578; x=1760107978; bh=N ag+qGlNdbByGYoB700ed0GdGckHrZpnra3Wer1Q3A0=; b=CgEu0IzEzJOtY0kTm 62MIZe7ZSacszeC+vxN2lo53FC6C83YPcUt4wDV9z5RHC64ij/mFcr5CC91grXCt d/9XIDYMZZw9VdJMalDO2i4ooocNsQgCM9r9bGSS5hSmT7qdXxDLnLi7sAouh6BA txcGCQLLcNtfH2qyZGeiQGsT3jfdDT9TjikKC83FVo6p/83vESERLdeumbBbktgf Z7ifZPtGT8DjrM2iZ6db4RbIr2vBVvOdHkCcPUtNRNZ6G5GFWEHtMcA0pWi+NTrf czmyJB6NxvCrTZ+YIIyVyY9sjbnaOXx18BXUvG6+jInNNEO/3adaczjDNGdFMpqr LgwRg==
X-ME-Sender: <xms:SsznaNKrsZ8I5gbnVqO_I8WuEeft8jBwKs2fNV2-_7SYWh57U_8AOg> <xme:SsznaFLSVAF9Q2BnUCmgieruLOQGjLMSkDgxbw6hpLNd-wjiOCu4milmygGYMT3c- 1AzL1L3G8tdXla7baKxF8bcH7Yamk8SJpNU6O2ot_RyrQIoxb_cYNw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddutdeigeejucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucenucfjughrpefoggffhffvkfgjfhfutgfgsehtjeertd ertddtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigv nhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeffheeulefggeehieevffelte ejjeffteevgeelveegieeffeffkeejgeefudfhgfenucffohhmrghinhepihgvthhfrdho rhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmh htsehlohifvghnthhrohhphidrnhgvthdpnhgspghrtghpthhtohepvddpmhhouggvpehs mhhtphhouhhtpdhrtghpthhtohepthhlshesihgvthhfrdhorhhgpdhrtghpthhtohepjh hovgesshgrlhhofigvhidrnhgvth
X-ME-Proxy: <xmx:SsznaGv4htOEDbwNV5_yROicnY3KgRU3unhznbLKE30QbO9Vr-RcEQ> <xmx:SsznaDr4veL2SvoOGxaTcU3NrijbBR8M57PhkR1u5ZNYOc5CaP0j8w> <xmx:SsznaNWO2eLvA0tAzUjOMf53AeIydvy0e78S08KnElNIOU7-FO6nJw> <xmx:SsznaL20ydHCdAv1YRdgDlo_GQOISXfR9sfS30PNHc1POyxGSiqODA> <xmx:SsznaB9ghdyQDqsi9sIhr2vZDgysZXTWz3Bz7oDwdtCnZ2oFTn0KT60B>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id 62D5B780076; Thu, 9 Oct 2025 10:52:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: A0zSftfZSrUo
Date: Thu, 09 Oct 2025 15:52:37 +0100
From: Martin Thomson <mt@lowentropy.net>
To: Joseph Salowey <joe@salowey.net>, "<tls@ietf.org>" <tls@ietf.org>
Message-Id: <5425a40f-b295-4d46-964e-f63c2ae6bd2e@app.fastmail.com>
In-Reply-To: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com>
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-ID-Hash: YDWOHKGBJPI7WMIPOOYPEA2XDTDTCS7I
X-Message-ID-Hash: YDWOHKGBJPI7WMIPOOYPEA2XDTDTCS7I
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/itPglsDz8ZlWI85vco7sCPDjzj0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
This document is good. I agree with others that a recommendation is appropriate. I'd be OK with either three recommended or just x25519 + MLKEM768 I am aware of the IPR, but don't see any evidence that this is stopping people from deployment, which would be the main reason I would hesitate on approval. As noted, the MTI question for TLS is appropriate, but I'm comfortable with the current status, which is that this is getting wide deployment. I think that MTI is almost what we want for x25519+MLKEM, but I'm happy to defer that decision in the interests of making progress. With TLS 1.3 where it is, we *could* decide to open that question, because hybrid is probably the necessary, modern baseline, but not sure that the question is easy to take. On Tue, Oct 7, 2025, at 14:46, Joseph Salowey wrote: > This is the working group last call for Post-quantum hybrid ECDHE-MLKEM > Key Agreement for TLSv1.3. Please review draft-ietf-tls-ecdhe-mlkem [1] > and reply to this thread indicating if you think it is ready for > publication or not. If you do not think it is ready please indicate > why. This call will end on October 22, 2025. > > Please note that during the WG adoption call, Dan Bernstein pointed out > some potential IPR (see [2]), but no IPR disclosure has been made in > accordance with BCP 79. Additional information is provided here; see > [3]. > > BCP 79 makes this important point: > > (b) The IETF, following normal processes, can decide to use > technology for which IPR disclosures have been made if it decides > that such a use is warranted. > > WG members can take this information into account during the working > group last call. > > Reminder: This working group last call has nothing to do with picking > the mandatory-to-implement cipher suites in TLS. > > Cheers, > Joe & Sean > > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ > [2] https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/ > [3] https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/ > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Paul Wouters
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Working Group Last Call for Post-quantum Hy… Joseph Salowey
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… David Adrian
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… tirumal reddy
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Thom Wiggers
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… David Benjamin
- [TLS] Re: [External⚠️] Re: Working Group Last Cal… Yaroslav Rosomakho
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: Working Group Last Call for Post-quantu… Martin Thomson
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [External] Re: Working Group Last Call … D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Filippo Valsorda
- [TLS] Re: [External] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: [External] Re: Working Group Last Call … John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Watson Ladd
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Yaroslav Rosomakho
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Dennis Jackson
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Stephen Farrell
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Birr-Pixton
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: [EXT] Re: [EXTERNAL] Re: Working Group … Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Christopher Patton
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Deirdre Connolly
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Rob Sayre
- [TLS] Appeal Response to Rob Sayre - was Re: Re: … Paul Wouters
- [TLS] Re: Appeal Response to Rob Sayre - was Re: … Rob Sayre
- [TLS] Re: Working Group Last Call for Post-quantu… Salz, Rich
- [TLS] Re: Working Group Last Call for Post-quantu… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: Working Group Last Call for Post-quantu… D. J. Bernstein
- [TLS] Re: Working Group Last Call for Post-quantu… Jan Schaumann
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… John Mattsson
- [TLS] Re: Working Group Last Call for Post-quantu… Peter Gutmann
- [TLS] Re: Working Group Last Call for Post-quantu… Yaakov Stein
- [TLS] Re: Working Group Last Call for Post-quantu… Kampanakis, Panos
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Bellebaum, Thomas
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Robert Relyea
- [TLS] Re: Working Group Last Call for Post-quantu… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Post-quantu… Eric Rescorla
- [TLS] Re: Working Group Last Call for Post-quantu… Simon Josefsson
- [TLS] Re: Working Group Last Call for Post-quantu… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Post-quantu… Alicja Kario
- [TLS] Re: Working Group Last Call for Post-quantu… Joseph Salowey