IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Mon, 13 October 2025 14:30 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3E1E2727B526 for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 07:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="rhG43gWa"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="Z0yQU0TD"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP3tRo7FdzyI for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 07:30:33 -0700 (PDT)
Received: from mail-edgeka24.fraunhofer.de (mail-edgeka24.fraunhofer.de [IPv6:2a03:db80:4420:b000::25:24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 351EA727B513 for <tls@ietf.org>; Mon, 13 Oct 2025 07:30:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1760365833; x=1791901833; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=uagKqKfUxR62lSE17KgIZPn3cTOVwPn7PDzzeqELIUo=; b=rhG43gWaTvOS+QikEPNARAGO6fZiVO/OQp7N/yEIGXFSsNqHUIxDi4Vp oT9EZZDLXo5MN9E/taSYKObwIbKBDCXwkk0GbiuoTaP7rpatZU0wzs/rQ /ivUa0qE3zCLZmU1kME/ABx/6tWIKcNz1GjRtrOKzIMfdbRwtAGrIbSer 0yzLUacZ3s8BnySi9P7dbpWJbWyHAXz5GhnDWkSvzYgh/ifQdwHOP6lyp bxCVlBE48uQr7UAZo4+Yo8u5d9zgTEhbLjZrZb8Crm/nKpWANfO5Zy5Uo ofI+J69zEWl/6PuEPQa8amRZaGCb0r872R3gObpYqwNtNh7SLkmiHTnR7 w==;
X-CSE-ConnectionGUID: orfXXDfdS3K7bQ8H7hh9uw==
X-CSE-MsgGUID: chFp+zNtSKG3BK8JzvQvow==
Authentication-Results: mail-edgeka24.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-ThreatScanner-Verdict: Negative
X-IPAS-Result: A2F8BgCcC+1o/3KjZsBaglmCGChAAUEvgTqEVZF2gj0BmjGCUAMuKQgHAQEBAQEBAQEBBAMBATQdBAEBAwEDQ4Q9AoxLJzcGDgEBAQEDAQEBAQECBQEBAQEBAQEBAQEBCwEBBgECAQEBBAgBAoEdhglGAQyCW4EnBXQwAgEBAQEBAQEBAQEBAR0CDyYMKgEfAQQBHQYdAQE3AQQLAgEIOwcCAgIvJQIEDhOCdYIkBBIDDxMUFAavFYEygQGCDAEBBtsqGIJABwkJAYFAgViCJIRVAYFcEoMLcgGEeIIMQ4EVNYJEMT6CSoVUgmmCERV6FJZJUoEUA1ksAVUTFwsHBYEgQwMqNC0jSwUtHYEnIiEeE2A9F0CDSRsGaA8GgRMZSQICAgUCQjqBagYcBh8SAgMBAgI6Vw2BdwICBIIxgRKCKg+ESwMLbT03FBuQLRAhDYIZghlgPiaBdxQ3x0MDBAOCNYFnhl2DM4IOlVMzhVuSBZMLg3KVFCKNZpsOAgQCBAUCEAiBfoIAcYM2CUkZD1eOCHYBCYJCM7kueAI6AgcBCgEBAwmSHoFLAQE
IronPort-PHdr: A9a23:nCYrdxCwOYG++P1DGg1MUyQUd0cY04WdBeb1wqQuh78GSKm/5ZOqZ BWZua42ygeVFtyCtKIUw6qO6ua8AjdGuc3A+Fk5M7VyFDY9wf0MmAIhBMPXQWbaF9XNKwEcI oFpeWQhwUuGN1NIEt31fVzYry76xzcTHhLiKVg9fbytScbdgMutyu+95YDYbRlWizqhe7NyK wi9oRnMusUMjoZvJKg8xgHVrnZHdOha2H5kKFCQkhv/+8y8+IJv/zlKt/8u+cNNX7/2c7g2Q LBdET8rL3076Mr3uBbMSgeC+mESWXgMnBpSBAjF4hD6XpPvvSb/q+FwxiqUM9DoQL4tQTis4 L9lRxDxhCoZODA37XnbhcNsgq1VphKhvAF/zJXPYI6JLvp+f7jScs0cSGFcQ8teTS1BAoe7b 4sSE+oMOPtToofhq1cSqxa1GA+hD/7txDBVnH/7xa003fo/HA/bwAwuEdEAsHrWo9rpO6gfS u+1wLXSwDjZc/9axTXw5Y7VeR4hu/GMWrdwfNLfxUQyCQzFilGQppL+MDyPy+QNtm2U4/J9X uyxi24nrARxrSK0xssil4LEgZ4VylDD9SV82ok1Pse0R1Vlbt6gFJtfqTqVOJFrQsMnWGxno ic6yqYYtpGnZiQKxo4nyATCa/yBc4iI5RzjW/iLITtimX1qZquyihCv+kev1uPyTNO70EpWr iVbiNnMsGgA2hjc58WDV/dw40iv1DSS2gzO5exJL0I5mK7fJpAhwbM8iIQevEDfEyLyhkn6k a2belsr9Oan9enqY7vrq5GfOoJylwrwMbwul9SiDek8LAQCRXWX9fii2LH54EH0QbtHgucrn qXEv53WPdoXq6+lDwJb14sv9gqzAC2n3dkdgHYLMVFIdReCgojnOlzDIfb1BuqljVu2ijdk3 fXGM6XkApXKM3fMjq/sfa14605A0Aozys1f545MBrEBPv3zXkjxucTdDhAjMgy0x//rCNBh1 owERG+BAbKVPL7dvFOS6OIvOfODZJITuDb9LPgl6eDhjWUjlVAAY6alxZoXaHamEfR6O0iVf H7hjskbHWsXogYyUvbmhECDXDNdfXq+Qr8w6z4jBIKjF4jDR4StgLKb3Ce8G51bfnxGClCLE XftbYqEQO0AZzmMLc9lljwLS6OuRJU81RGrrwL10btnLvHK9SIEr57j2sJ16PfOlRE09Tx0C Mqd3H+XT21ug2wHWSc63Lpjrkxl1leDza94juRCFdxI/fxJVgY7OIbTwuBmEd/yWRjOftKTR 1anWNmpHTYxTtcqztATZkZyAc+igQzZ0yqrHbAVi7KLCIYz8qLG0Hj9P9x9xGre1Kk9k1kmR dNCNXGihq5k7AXTBpDGk1mXl6qwcqQcxiHN+H+FzWWVpE5YShJ/Ub3ZXXADYUvbtcr16lvYT 7CwF7QpMRFPxNaHKqRQa93piUxKRPL/ONvEeG2xmnq8CQuHy7+WYorqYX8S3DjbCEgElAAT8 2iJNRIkCii8vW3SFCFhFVHuY0Pp6eRwsm+2QFIpwQ2SckJh0qC6+gQJivGEU/0dx6oKtig5p zVvBFa90crbBcKZqQR5c6tQecg94E9J1W3BtwxyIJigL6d6i1AGagp5p0zghF1LDdAKi9Mjq GF/kFJ7Kqud2VIHfDSd9Zz1M6fcbGj/4B7pbLTZkBmKys2f/rVatKwxqFzmtQDvHU0n23li2 sNelXqR+puMCxAdB8HfSEEyolJQqrXebyM0+oaQnUFsNqy9qXWKj84pA+4s0VCqctNbPamNC QraGswBCsPoJvYjhl6paRwJJqZe+fhnbIuda/Ka1fvzb65blzW8gDEfiGgA+lzZrnk0Q7vSx J9A2PGRhFbZBH/32U2stsnnlIwDfzwWF3qyxXuBZsZdM6NodJsNCWCgLtfxwdN7hpX3XGVf+ kLlDFQDi4eyLAGfa1H2wQpKjwEZu3W6nyu/wTFu1jYvq6uUxivVxOr+MREAPz0uJiFi2Hn2J o3mo9kGURqTcgIrmRC5t2P33LNSq6k6DkWBakBOYyXwMyReQ7O95J+jRuMK1p4yqiRQVraMJ HWhD5PtqBsT1SzuWlBTwjw2bRiGkZX0lB8p7QDVJnYmsXPWWthTyyrP3oKGQcV8h2UlSwhKs T+MDWSbAcaR+4qsu4XRv/mTc0OcUcgAFEujx9ay7DqC2DVWLTmFltmopoXEL1Qf9gbL2p4xV WLjsirHO9nriK65Kc54e3FhB3/1+c9wNptkyZISqo00+n8+gMuq13te1nbCduRa97vyQ0YER jw28uz8wDfh2w5icy2L9YvCVUjC4JpxYILqQ1pMhToG68lVE7+S9JhuxQlSqXSmhhL7Jqdej yUG7PwL2jk9h/MWliUslx/DHYgKH0VGLQPRngiBzOiY8JxReHn6IvCgkUtkmta5C6ue5xtRQ 2v9ZsI6FDRrva2XUXrJ2Xz3r4zod9TTZIhP8BOOmgrGj+9bJYh3mvdZzSZkOGeopXQ+0KZ7l h1h25imoZKKY3tg5qO3AxNUd3X1asof9yurjPN2kNyfwoavGZtsAHMMWp7pRuivCzUcqbLsM APmLQ==
X-Talos-CUID: 9a23:0S/EimhG0eVAWzY73x74eGqDbjJudWfT/Ef8LUODUkU2QoTFaQCQ+PJ5jJ87
X-Talos-MUID: 9a23:YtSD3gWQPMHbgsnq/DTsqikhJuF02IeBU2ouwbcUpfCaMjMlbg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.19,225,1754949600"; d="p7s'346?scan'346,208,346";a="32652951"
Received: from mail-mtabi114.fraunhofer.de ([192.102.163.114]) by mail-edgeka24.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 13 Oct 2025 16:30:31 +0200
X-CSE-ConnectionGUID: Y276kxrpQCugvGRRvzPg4w==
X-CSE-MsgGUID: ir0XTY77SDqMqRQFI4RUNg==
IronPort-SDR: 68ed0d06_Ge7WjSagfbLWkqlins3Js/dUOC7iJtBO2oNzQpz4fDE/mbt OWlr+jlno+7fAz68t1YeD+l6+FQDOgrktJi75Dw==
X-IPAS-Result: A0AuAABMVK1o/3+zYZlaHAEBAQEBAQcBARIBAQQEAQFlgRoHAQELAYFtKihAAW4ugQmEVINMA4RNX4h5nG+BK4ElA1cPAQMBAQEBAQQDAQFRBAEBhQcCjCYnNAkOAQIBAQIBAQEBAwIDAQEBAQEBAQEBAQELAQEFAQEBAgEBBgWBDhOGTwEMhlsBAQECARILBh0BATcBBAsCAQg7BwICAi8lAgQOExSCYYIkBBIDDxMTAgICrTYBgUACiyWBMoEBggwBAQYEBNshGIJABwkJAYE/AYFXgiSEVAGBXBKDC3IBhHeCDEOBFTWCRDE+iB6CaYIRFUQ+FIQOgiqUJVKBFANZLAFVExcLBwWBIEMDKjQVHCNLBS0dgSd5hBWEHytPghtygXVBGT+DUx4Gaw8GgRUZSQICAgUCQz6BcQYeBh8SAgMBAgKBEBACbkADC209NxQbkloSIUaBXYJNYD4mgXcUN8dDAwQDgjWBZ4ZdgzOXYTOXYJMLg3KVFCKodAIEAgQFAhABAQaBaDyBWXGDNk8DGQ9XjUo+dgEJgkK6MEUzPAIHAQoBAQMJk2cBAQ
IronPort-PHdr: A9a23:9DRkEhKSR5QeUA/mKtmcuDdnWUAX0o4cQyYLv8N0w7sbaL+quo/iN RaCu6YlhwrTUIHS+/9IzPDbt6nwVGBThPTJvCUMapVRUR8Ch8gM2QsmBc+OE0rgK/D2KSc9G ZcKTwp+8nW2OlRSApy7aUfbv3uy6jAfAFD4Mw90Lf7yAYnck4G80OXhnv+bY1Bmnj24M597M BjklhjbtMQdndlHJ70qwxTE51pkKc9Rw39lI07Wowfk65WV3btOthpdoekg8MgSYeDfROEVX bdYBTIpPiUO6cvnuAPqYSCP63AfAQB02hBIVhXM4zLjfZnMohGk7O5G9XDFHsLXf4gyAj+ey Jl0cBm3sAsVJTMg3UX2t8sl38c56Bj0lURu+rOMXK2xDvNXZZ+FXu1GYE1obssWDCwGKZ2AV NJfD7ULPv50sIzFrlgupAm7DyW2Hrj26BFUolzx+atk7M4gSEbX7UsRHvwXvFvopdb3CZYge MCKyKqLzGicbcFf4jTAt6qZYhd68dC1B+1oSs7Y1lI3ERvhpA2yjofLIRiF/KNSkHmJ9M9nc NDorGo1tC9eo2GVmNgUkovFmJI691nY/AZB5toMI8GnHR0zcZulCpxWryaAK85sT9g/R309o C8h0e5uUf+TeSELzNEi2xf1SqXeL86G+Bv+UuaWLzpiwn5oK/qzhBe3pFCp0fa0FtK131BDs jdfn5HSu2oM2R3e5onPSvZ08kq7nzfa/w7J4/xCIUc6mLCdLJgkw7UqkYEUv1iFFSjz8Hg=
IronPort-Data: A9a23:eOqqdqMHfDPteYrvrR1yksFynXyQoLVcMsEvi/4bfWQNrUongWNTn WcYXG+EP/bfYmGhe4ojPYnk9h4FvsTRz4NhGXM5pCpnJ55oRWUpJjg5wmPYZX76whjrFRo/h ykmQoCeaphyFzmE/0bF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZg6mJTqYb/WlPlV e/a+ZWFZQf1gWMsaAr41orawP9RlKSq0N8nlgFmDRx7lAe2v2UYCpsZOZawIxPQKqFIHvS3T vr017qw+GXU5X8FUrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRuukoPD8fwXG8M49m/c3Kd/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTvOTLp3AqfUcAzN1fVh5oPp0C4t9cHG5Q2 sYiNiI1YUyc0rfeLLKTEoGAh+w4KdXzeo4PsXEmwyvQEPAmRp7OWePG6Le03h9p25sITKmYP pVIL2M1M3wsYDUXUrsTII4+m+KhnT/1fjlcpVicuK8f6mnIwQc33qLkLdzVfdKHX4NZky50o 0qcoTShWElBb7RzzxKE6Cqcut6QwhjXQacLLoSW16JQvXuckzl75Bo+EAHTTeOColSlUtZNf hBM8yknqKEzskesS/HxWhSiqziFswISHd1KHIUS9AWW4qvZ/wjfAXILJgOtc/QrpMhzRS0gz F6F2tnoQzVjq/ubU3uA8LeToz6ofyQYRYMfWRI5ocI+y4CLiKk9lBvSSNZkHqOvyNrzHDD72 TeRqyYiwb4UiKY2O2+TpDgrWhr1/seZHD0mrB7aRHyk5Q5fbYuoLd7go1vC4PoKaM7TQlCdt TJW04KT/cIfP6GrzSateeQqGK32xvCnNDaHv0VjMaN8/BuQ+lmiX7tq3hdAGGlTPPw5JADZO H3ohVsJ5bt4HmebUqtsUofgV+Uo1ffBEPrmZND1b/1PQMB4W16bzRFLeH+V4Xvnv3YtoJEBJ a60X96nV0gYLaFV3QuGefoU/u4u9BAf2FH8eJHf5Dak2Iq4e3S6Z+okMlyPT+Zh94KCglzf3 Oh+Pvuw6Sd0cbPBcBiM1LUMPHY2LXQfLrLnmfx9L+KsDFJvJzA8NqX337gkRb1Ao41UseX5p leGRU5SzQvEt03tcAmlRChqV+LyYMxZs3k+AC0LOGSo0VgFZaKEzv8WV7kzTIkd2N1T99xGZ NhbRJzYGdVKcCrNxBoFZ5qkrIBCSgWitTjTAwWbOgoAb7xSbC2X3OT7fznf1jgEVQu2ksocn 4eO9C3mRbg7egAzK/qONdyOyQuqsGk/idBCeRLCAuNudXXG9KloLC3MjcELHfwcFCWbxhan0 1e5PBRJg8jMvI4/z/fRj4+msYqCMrVzD2haLUbh/Je0MijW0Wq9y7BuQsKNXzTXe3PwyaCMP O9o5fH1ANsDrUcXtoF5Pe9hyKIg1d7Rtptf9ABFHWrKXXuvGLhPMnmL5ugRl65vwrV2qQ+HX 2zW8OJFNoumON3vL3ADBQx9dcWF96getQfz5MQPAnfRxXFI7ovcdH5NLj+wiCB5B5lkArMPm OsOlpYf1F2it0AMLN2DsBFxy02NCX4xC4McqZAQBd7QuDoBk11tT8TVNX7r3cupdd5JD0gNJ w2Ujorkg5B35BLLU1g3JEj38dttv7Y8kzEU8wZaPHWMoMTPudEv1h4I8TgXcBVc/i8a781NY FpUJ29HDoTQ2Qx3hfpzfXGmQCBAIxy7xnbf6XU0kE/hck35cVCVcUMcP76W8VE74lBsWGFR3 IulxVbPVRfoe8DM3RUOZ3N1lsy7TfJN213DvOuFA/W6G4ILZGu5o622OksNhRjVIeIwo0zlt +NaxvlUbJOnBHQfvp89KYmW6ukXQkq2IGdDHPJTx4ISPGTmYDrp8yO/G0OwXcJsJvLx7k6zD fJ1FP9PTxiT0CWvrCgRI6wHM5tYvacOyoIZW7XJIWUmjeOungBxusiNyhmk1X4Zfdp+tO0cd KXTTmumOU6NjyJ2n2TtkpF1ClCga4NZWDymjfGHy8RXJZctq+o2TFoT1IGztHCrMAdK2RKYk QfARq3OxdxZ1oVesNrwI5pHGjmLB4v/ZMaQ/CC3luZ+X9fFHMPNlgES833MHQBdO5kPUNVWy 5WJlvPK333+gbVnaFCBxqG9FJRI6/vrDaATeojyIWJBlCSPZN707lFRsyqkIJhOi5VG6tPhW wK8b9CqeMUIX8tGgkdYcDVaDw1XHpGfgn0Mfs9hh6/k5sAh7DH6
IronPort-HdrOrdr: A9a23:99IO+6qB7jBbfJxMMbRfIOYaV5rVeYIsimQD101hICG9E/bo9P xH/pwgvyMc7Qx9ZJhOo7y90cW7Lk80l6QV3WB5B97LNzUO01HJEGgN1+Xf6gylMzb//eYY+L t6e6N6BPH1BVh+yfvg6AO7H80BzbC8gcSVrNab52xsRgkvTbph4Qd/AhuaFUMzbBBeAJoyHI ed4M0vnUvERV0nKuyhBnIMG87Zp9PKk5r6YRkJQyUq4AyL5AnYioLHLw==
X-Talos-CUID: 9a23:XT3DsWGX3Bf3FM6gqmJWrhFKGdA/akT20XjODHWCF3RRR+GKHAo=
X-Talos-MUID: 9a23:c7snKQ+2gnrNh/KcVWbtlTGQf8Zyu5SSOR9SqrkfntC+DAJRZw2gqjviFw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.18,214,1751234400"; d="p7s'346?scan'346,208,346";a="26802033"
Received: from exo-hybrid-bi.ads.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaBI114.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Oct 2025 16:30:30 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 13 Oct 2025 16:30:30 +0200
Received: from FR6P281CU001.outbound.protection.outlook.com (40.93.78.1) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Mon, 13 Oct 2025 16:30:30 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=P41Wwb3Izj0w5r3qLNM8xlbyUlUG4xi3nBh4BblTgknjLpknM38c3f47UPd5fyrD1Kry6BwRWGGreXLCLAA1xHl0Blf/eiN4Fm/Ino+HDpQhlYWmU8KleuQSGSI3VnDvDYb1LsfpSNuojrb2n8b+caSAtffng7dzF7JbjBVJH207xk4CBQNrzXrDrFUFqPednRxNW2XRqm+ismU2gBu+x3yI3/LYTwp0SRfQ5wCpa5sNWDVUAwfqmMd1SO2Ey5THK2d3aq6FJXcqbiKvs9IyozBHSZJZ7nYTLjjx1dyM1s4VIUD1RU7Mc4FjBYy9VtWIei2RB1vRMKf2DEL2stblUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uagKqKfUxR62lSE17KgIZPn3cTOVwPn7PDzzeqELIUo=; b=kstOEKqHBJZMAtAC2yPZ7qLbR6OeYCi3cnSAWoRUdTKyMZb3GG5KeexVDZ7/dsI9K8O/dQi/HZphGi4GH9gUGNBo3+uXOLHdBbvzezXpabJF2AWjgiH6/ybTw5Rqtxxepxxjcaa+RxBNwUl9UUjI/aogcsbw8B/pOVc22iUt9COZVqmEJnEZi0rGvddN6CRQa5cjusxprzgdOawqpoqrCnrF9MoQWFcf3tgTl2tF+DRP6VwvrLBczbr2yHj4rXMQGsP8SaRGVOW/ekfI9SHSFM82AojJmaFec2wHKmh3M6li7+FS2aaNKtQN19Q/YwtzeWucx6R3XCK1MnlqLo41kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uagKqKfUxR62lSE17KgIZPn3cTOVwPn7PDzzeqELIUo=; b=Z0yQU0TDLRaAsT0KV4MOAXe/3h/CvTS18h7bkpDwmPakHazmbDrr3qJFtLKoLn6WBi1/yY/YiFqdGTakjUYZAHWlk+i57jZaSkU7J9xo38IQ27pSlawspnpLB0JOcFvCxB/7KyzsMoMZ/OlzwFGi1R6wPpjdvxGUataKPN4Qntw=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by FR2P281MB2427.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:3e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.12; Mon, 13 Oct 2025 14:30:29 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6%3]) with mapi id 15.20.9203.009; Mon, 13 Oct 2025 14:30:29 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "rsalz=40akamai.com@dmarc.ietf.org" <rsalz=40akamai.com@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHcOTYvwcIeS1dae0qO0lFr7S6GULS6skMAgAA89ICABAcmgIAA65uAgAA0swCAAAYxgIAAAeoAgAAKpQA=
Date: Mon, 13 Oct 2025 14:30:29 +0000
Message-ID: <afeba42b74d3022a4d7ebb8bcb90357175132fe6.camel@aisec.fraunhofer.de>
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com> <20251009160139.42473.qmail@cr.yp.to> <DM5PR18MB2326D93261B74BECF06061B4ABEFA@DM5PR18MB2326.namprd18.prod.outlook.com> <GVXPR07MB96787960DCEB12341CF0651789EFA@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAMtubr1iJigyhRKaGdwoKsT_EuNy_aB795N2397aRdKCKabxdg@mail.gmail.com> <a3e63086fe2454597303c49eb05f3fc3f1de855b.camel@aisec.fraunhofer.de> <MN2PR17MB4031F0049A1FB8578E19EACDCDEAA@MN2PR17MB4031.namprd17.prod.outlook.com> <d7dd49bf7ce443d48ab4bf5e4388db7a0f9f2e16.camel@aisec.fraunhofer.de> <MN2PR17MB4031A84C3DCCD414B6B65DDBCDEAA@MN2PR17MB4031.namprd17.prod.outlook.com>
In-Reply-To: <MN2PR17MB4031A84C3DCCD414B6B65DDBCDEAA@MN2PR17MB4031.namprd17.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|FR2P281MB2427:EE_
x-ms-office365-filtering-correlation-id: 9c82e37e-67a2-4354-bee3-08de0a650f09
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4053099003|38070700021;
x-microsoft-antispam-message-info: i7v1MAK88ilKHZdIAdT4XwHAa2R0zWlnQp3xYmb/tTSoo3hkXUz82Udkgq7VTdmmAIP7EcBHOhbzdBndQyGnGtWPBck35uepWcmFUkpkm6rxdF/arA5Vs5aViSSYgTMnvlIGNEHSKjCZohp8ZsESNt1Ze/+AXvvLe5jK4RBAwsZHx07l/kNZDSh0lrWbWEDbIFfmItijNPPG43BgWOsolzWbgWSsU7nV0iJRhmbPe1/m5l+zD1LoKy8nPtwD00nTPVMP59tBV9nkx8p8jifiTRtrK7NJps67ubURi/8LX53D+IXkod9Z6Inxv8npjDzCwfIl16f0wI9PbPT0kavbddrz6aweXzSQTNnvA5Cyq7sb9awlUDFsdoJyPmvC9oO2DiAGqLeHdiTDVia9LYRMUMR4IeyC6+D8MY3ALZw3rRIr63bC7EMbnYGd/o1xiweekTKCgdsSuttMhI5FwXBZhUPzhnTkRh5P8zFFtS3U4fl9uDBtuJHeErnZonOvGlhsLe5tQgDd+TP+uBGL74FeN+OgYTSRQGMe8A4KR2fa463arAI4MEnbdz0oIWiPrxyb46vyeQ3thRC8tTFK/3wu6AYZOg7hLk0FCQpGkp3wAk3pB2NXaRsNWpbNAgFwqjaRPZzyxC7gJgSPDrlgHkmRx6xh5NKDPQmjF46fLVA9GZqygYiZA0UNhHhUL8G52jx8f14Bub3ATQpNEWwlHUMgJCDrEWXOPp09T/0q2n7crdliWjFxiC8cqTzTex3kzg3l1G3hgxANoYZOJ2Ph2aXD7F6e23DX9BeAAdRK/A1CSBOoDWgJJ3EMNmorZ5+C56LI88SEcsDqcTI1v5yv0z0jw7in12c4e3hFXp7tNTEqSw1450d/atCor5Yy41K/jn9GvEY7rjgResAVcaPkOEQKPD9PklLNtzi0/r/QjtXZ5K8yzHortLOTFS2tpsiq5HzbGXYTcFTWMa6D5dKk5A0pgE06ZmI7gAQUMJ+3PNLccW4symq7AE/6k7z9QzjFfNwp1+hhOfNEo2me+Tmriids5yz3teiJq64d8qeCDD3pnKl3LQgp3uwxKiZq9avEpA4xV2Ny/leJSgv8DIpIN3JQqHmidTuTRuHEkva1unKf4LaHVKF+hV4bgq/SXp67baa32aS0eIt3CoD6ThiC49n24N5sjbd8LcZ0MvZgLcIMaekoUA6tqrpFtNMEzQniiDsqfEP2qBdbdf0zdOHwCNfqQFMkhsoRkH7F+huXa8l5smHtpSumocH4TfwLrWs0X+0EQdFSTpFzWlD29uxAjeggeo/d2b/UBkAb6VpYJ/CO5VbEqT2MMd1G4AAPZ6ri4CKyxZm/J+sjzyuAX398NNozkiHONyOnfo77thQdzr1hw7wJRHxTKRdG3+Ejv88zn+bZrRsqzdG7ohIszxX2jM4NcUf15LLm0pdPtTDT0OtKUNxANLxv4mpzVkfHQJwxJ4zJSLYq/Z9rxlNhi9x/VEyro7qau6VKVmu4I3rwUM7HEqP2qIaDTQWu0UzY/iZ/Heqt
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4053099003)(38070700021);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XbLedveYQdmkPa+IU8qqracx2bZIFSTWsahJI52IcUT8JZpgr2nHdRf0z2DJ9agQd3FtfIyiTQA6vpCIaj5GfkNS6+KYpoK7MgGh9Wtqttbdp/NRtY04oCiprNSfuOI5Wun0QyPrLqCK3kU0I9TUWN15rTYpCiQLf+Xx1oXT0X2glg/0JIn6LpQw+Rp4TNbX+U9tf0QIN2i6cBABXcIq+eSwOAYE6cqix1X4IX46YtmmoHu65Pw1F0QlFP4yanpnzsvCHX7HvmxcRzI8mHVie/c2H4mVajhdIu+Gl95wO+g49huWRK/QOtGO4vpEDQrzB5KT30BS09ftdhbXm5xhmGOUG0aHoYo0p58oSmTUJSJ1uH8DZYvHcxKR83jB+o//xQ1oihmuuu3ELMjWSbHAGQnEMIovg+MmY2WAOdZPdsSkhk8kf1L87eb6rZhqaGlT8+7jZzTEQga4wXsNgi3OonmOdZeDsF2kEoFfbE+bRHsllnErTvYrlvbb5exojIchGfVqTUqcFqEQIePn0mU1utvOknfUMMRTNVm4QtK/OYrGvCwwW4WWMUWhVbisaQjamu8MKT+qKWP4Fj/kU2p0A7aMwg9SxmHCtUSr/jBooHej2lTcGoJujzdb4uVpIz/VxXbeeHGrVAs//zA1geyBQ4YEgRJ7Sj3cTHxCD4psoMultGBFqQ+ka1D0SrqWkG9gWeUgTYuYYCUTvOZvn+2SmI92RFE7VkPiQvyizygXIuhh3ff2fVYAR7omAafdTATJl7zbBiXp0e2ro+CUCQATbDDo+ZLWrIykv+Fq6KwElGST0LIRRM1LbpxsApW/03hArG8J+pRb/OgULcRXQ0LOT50LMx7XFYFXfMQq/UXYKuTSinHG0O4vM44hiaTFQRAwmKFmIRAK7VsqGAGamlXbAF2bSU1wP/W09xL0sbDDdmR7Ve2UGknEiulTvxv60/OOLh9EHMItRgMdzS3uAzLCsqhMwRoLTgpzb8D5FHNfABoZEhPszSgdgTuiFZqc7L8A7aDVP7rdlL+j87VKT/LM39Vs9fsu4J24XYuSWXsGkegP8/DZnzMB3yGZYEfNGD3+o6INxfWGMCz5lAJrmMslvF4RARDeleqKaFv1iTagTeup9bSUgvjroJXjfAbFdn1xbbwKwUBomMUNuk6xwp+j/PAsOcosfWgK6nnGRjyKKD3Ow2xJoCTX1K0FJhpqPPxPLRAJOqvZjQ7sAcbwhRuq06HYTZrfCXW1mtQtWkbSna8ai9fdHvDl5GN1vJwjItttJsYQcx1PhqmP1uGBncI0MwbgVrIQQGEqWMwfjR6Icogr4F3DL7SKpSeNKdkdH79Bw1W+0L+cfqGc6DkGPJQ2pBKUKmOjWMBCDDWaDE93+VB+9tJS/dBUInIIDLPRL9xEq+xasLSM2b2PH6l01jyGLzR4QDkPyXpDi/FmECGYM5CV5t4j3ZSiSTuP1r16VfuzB9ysSyYpEoTzzTJEB/0ZVZ4GuXNGhRGCSAmCVu7gkW9wh27ndwJKw0qPyRTw6UJ02z+WJx9Nxa1lBLMUMLRvOoP/S3ztxcnvdDeoxO7lJppp+JNn5xd4fb4t/+qvqLr9o9fxMN96A1+L8etdvMHBBjjCWFUnbH1isbMy7I0TsUI=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-al2bK+5UOOVh7OVwH6MN"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c82e37e-67a2-4354-bee3-08de0a650f09
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2025 14:30:29.3025 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l+w0VacES3OqIGUKHwa95O26AMBXng4YLS1JfDcJmTkbGdpumSYdUtIsJumaYSEKbeCHT7+vekGzd/ndVq1EWrHTtireI/O5wvpVI7cJMTY2c8QejHxUGyxnUnO3b1Pb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB2427
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: 5CZAR4E6SH2YLC3PNTXFRH26WKIFBXNE
X-Message-ID-Hash: 5CZAR4E6SH2YLC3PNTXFRH26WKIFBXNE
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/j6-OaVY-5m8-wrA8Hq5_xv66tkE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> A new version of the document will have to be made. It will have to be on the Montreal agenda. And then a new WGLC. Then a few weeks of discussion, probably repeating the same arguments we are seeing now. That adds up quickly. As opposed to saying “WGLC done, here’s the shepherd writeup, submit to IESG” this week.

Thanks for the clarification :)

So we are basically weighing the potential damage from delayed publication (and thus more non-PQ traffic) against the potential damage from faulty and more complex ECC implementations (and insecure servers and potentially less deployment should the NIST curves get more standard in hybrids, which currently seems likely due to ML-KEM1024 combos).

Many voices in this LC seem to either advocate for recommendation changes or be sold on a particular set of combinations already. If the current document was able to pass WGLC, then changes to the recommended column should not change this. So why go through Montreal? Couldn't we have another WGLC tomorrow? That would just move the deadline by the duration of a LC.

-- TBB

===== IETF Stuff =====

This document may not be modified, and derivative works of it may not be  
created, except to format it for publication as an RFC or to translate it into  
languages other than English.

v2.35.0 | Report a Bug | By Email | System Status