[TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
John Mattsson <john.mattsson@ericsson.com> Fri, 07 March 2025 08:50 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D0E038B917E for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 00:50:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0w_3KkXhb6z2 for <tls@mail2.ietf.org>; Fri, 7 Mar 2025 00:50:01 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2083.outbound.protection.outlook.com [40.107.20.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7E79A8B9089 for <tls@ietf.org>; Fri, 7 Mar 2025 00:49:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ow+O9LbcIexlKSu6mirQR/rB+8OUHwKg5Ajd/sP9iCL1hT7U3rKeNh2EXhAnU2UkBjkm4harwDtt4qKpLqxxyrVZr8FphzELt5OkG8/Fab/GaRdxszfuZsu0jWNNgccYUh6HZvem0oJRQTXNMget/fft64r7Yxd5m5ds/F1DkMMFuIelAHQw3W9JZyBVBKR5B6pu5DLz/r1CJeFWbimU8/DV9JO0NFbc0YlyJRs/oQ6WuRLfA59QM+rHh+KA95lwwexeLnEQLNmfGkOCMgss+6nHqRXsc5OujAnsvRIw3tWkM0owqfcc6aJG0+KkYwqg2bQF6PI9N7FhTWnkT7QcMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j9cZFu5JqT3vYJc0YxI26iT25XPWD+j17JWLws6PPX4=; b=VyhCoJkGMW68vbjrtEDhoygpAs7WWtflE+H12X3AOcacSY4km1FHNY2yLtbTxZe1sXziUEqSDv4vyr/4veDoXox0wirousUuDJTEDnGDAb6QYGcJZL2P9bslyRo4SQxyAACGtrplXEhR+yMCVs5C2fjb/M7FJeD3eKv+OtF+cYsFIYRApnWb9AMFM/Xe5jAn043YR71ufJ4B0WdapLgBNA3xAhOYLtA7ujusuudMzZ3TZgCBLvjwIEnNxVPa/NO/ONC6Kw6aCg2UKKVuYt7iYrRo6PyR0rG1dcIcQBjCA9X6/3dvZMCXlKwNNaG31NIB2VB4TvnobDFdQYxtROoklw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j9cZFu5JqT3vYJc0YxI26iT25XPWD+j17JWLws6PPX4=; b=vErltuB/vVzuEgo1GKZ7jXDET2XDiPhWDdolDvfuXwMbOL/hMw0/aLmPEdrTokNPgnde5iYrpNRmtKMJzUbBRYbDL0IiJmT0eRIWn1VnirOSI1LEiPMDBpmFh663pC2Jdg/z8RiaICAF87QLLySX9tAtUDcTPQXGeUwVqezB9i18nu1MLaypQuzldUrIurgK0hD3PElQNGOs4UpEmmFvkfxEQ1H+ApWQKj3spvHGfHFszToYAphAmusc3NbZE8ZmAk+6D5SM29hwGZ86Zt+iMuaJMAP5ajTHYkAM3aSiYAvsL7TJqVyY2gZhjil8Y3VPsz6WBjQicRxfgCp4ZpLCIw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DBAPR07MB6886.eurprd07.prod.outlook.com (2603:10a6:10:19a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.20; Fri, 7 Mar 2025 08:49:37 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%7]) with mapi id 15.20.8511.017; Fri, 7 Mar 2025 08:49:37 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
Thread-Index: AQHbjor+LYhDwe1GsEyrfTyI7HvQ57NmE7EAgAAEFSyAAHAqgIAAhpqAgABOhnw=
Date: Fri, 07 Mar 2025 08:49:37 +0000
Message-ID: <GVXPR07MB9678DC0BB871F71EE2568FCA89D52@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <ecbe460a-578e-4c2b-a58b-adecbe63abdf@cryptonext-security.com> <Z8mdhmuunvsHEhkZ@chardros.imrryr.org> <AS5PR07MB96758D66E90B56568326199089CA2@AS5PR07MB9675.eurprd07.prod.outlook.com> <CAMjbhoVhWt6bS0GeMqJDu6goQ=zNXQ_yHLXYukN6Q4O6ij7AtQ@mail.gmail.com> <Z8pv88GK2t_95t2a@chardros.imrryr.org>
In-Reply-To: <Z8pv88GK2t_95t2a@chardros.imrryr.org>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DBAPR07MB6886:EE_
x-ms-office365-filtering-correlation-id: d5839ea9-2da0-4f87-b22f-08dd5d54fe15
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|4022899009|8096899003|7053199007|38070700018;
x-microsoft-antispam-message-info: JZJDZLoNsW5MyOC1wXWEIQebIA/+RCn+4hYyDNzgmh5U7/t7gyHKeGI+x5sQswBuBgw2oDQGt8qOovsJMgwDdxx4B9bR/9ZEekhIsrUYbVw0nB7RGwczEDdnvL0mnWFc9gwvFfwW4opXrr7D12Fn4djHOpADQuRTzd4b/gL+KK1ZPNxhW0SWkFROXWRHkWjdNlsZcBcNxFkgHBvDnC/5yjq10zCwRv5yN3NXN3P2vDZCyQEbOCbMoSJDzVzu3Cl8p+z9D+tLgBaGNZUcLioEuJaR/uw/Pz2LL2SdDlStFpWXj7CsLWodEwTMEVZzxw8IcA/IUwlMPwqNavOsG//p3V+OXUZkkiDv9N1AB4aJNsN5oKb4FhduNSUHmCPjwBzwAobLlWx/3FodcrL7GMey+HkGgj97ETobFE5wYZQX1UNFVE12HhV4o6XqazDJCuh23XN0Nu+wPZYHfpXAFvu1sVFAPGhb1ZchkxGittsDSkBMciGGLZ8OWc9C8ZJX9yATdUIlwH1kHTSDIuUfqm+EMmG53ZomxEfzYp8p/BC4MugE9PrjI6PVSOdX+UE0X63MIrsBF/0QNr1SR/jHUHsDT5CmNcwmkChgMMZbupb6n3grrlm6hS7tlyekluj0gEZk60dMpVE+AkUdNCcf0HWg1ivc7Uw/+RNZH1HkW08c9ulolAbIN4fZD55R4mmM1bjxG5KN7yeRlYty5ZW87S+cQTpCHwol4jLu7B0pPN64+GBfR1OJvVy5CDCwEEdGXxH6vYI6/9loNloO5EV/zujP9mesTYPBJFXByEusvZH96gI64XoyI4z34mrs4ir6ww6loe4K1CWFoZcjARvOgD9vxsJcIYx2U5a1OERg//cjepyZQIJVb3vwKLopUPcMZ9woZBt8eHUBIfyI8g9QPf+spJUSFwg7M6glXSzpoGapJq0sUKTKRQcAA+f7CzYgisVXLCo65syH/MxHEuNzvQuc4VwFre1ftRwRm9zZnokoDVsCrqJu2lIqK6Z4N6ytFKmgm/rSS9Z7BWl8lFXxf7k8Jm2NNL7vsTXYvFGfIsO3FQihTqTd6AIXxQ6VmwsThA7pTcYOTdK/E1ECqZFUkNM9NaLzJG5HOMUeX1fw0fQ+VMqOGBSck36RFf1hPOq9oNp3b3+MF46i7J+9i2kSK3vV12ijQGZlU4ZqiKNPlzeBDN6bnv6ubRwepZ0tCqiUMS8b5Jv2O1JER3pu9hKTiEkLPwbxLQF0BLJ5w4DKU4Q1s4uP8gv8FV9jX9IU6FJLLUrTSlgamlfqmm1KCPx0ZLtwh9qQPYIUhMyD+fiCZJo45s0MaCJ8iIxYc8Zw4jh+1iZDApG8WcLUWyh/PX+OiCwCjndJczY+2/u30e/Ud6/c0ZtHTkuM2ICok3KDPUQp+rI58EpNu9375JXWy9iult0ASZbHBMkMGv2vRgl/iJpk2eUQU9u+50flFDAXIArsZzSJ
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(4022899009)(8096899003)(7053199007)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WRXBEQf87ozq/8MxBL6I73D6oRj/y1F4RwK81VFd8aXrpEm7pPpVfSJzWNbp412GOFjdSKhISkY9fW0vTrKbZTjuYZSfiZoUTCPoTrBqNM+3JpdDVGKoRQ8Qi3JWZA+FGoM/OPvcwsQFB5Iu0IFUXP9VKNrFeJ8mBYyQ3aTew3+WEaswxjxYTdNnP+yRM+KPdO14xsiuP9CoPjvSiR25awLcpt8QYBOoFhOF44RbzlCLjOaMQBHOw0e9oW5RP4flLAVWutdUu+I3Q8BgroETjo+cd0pEuj2DN+MfjVdZjPPYukcm5W17COubSXew02HzSZzsWiBEQxW7HU47t8AMTy2V6sychIRzrNIgruNtQ48me8M7Qlp6Gna8B66bEa3AXSp2bK65Ln6bYK/E/11qur6PGQO3l/0oP4yu+V1dFsen/9xNXF3yq/KaUpHEWuCKEmJt82DedYrVhXbn5wWDyV8l8F2PzA1e8j4q+jWclsEnNqlM76gCkgi7RnvcFzLMiJNP1ZugFXRJJlsFAR22cOyvZV6PX04oxMiSQbcXE16G/wvo9/bRgO1kqU5OUq5gMBStGIRszkkrLPj2SX9U6aiF/QPW1+PV5uY7ITdzGTXL/G/95AGzQ4ylLckhNdAafuytf7ffjwmW90SkF0mQg8mBk1x4keqTd8ZfWIVPez6YcqhedtVMCBqtSn25rf+7/QguTyhH5RFAkhF2J21DYGs2AYOhaebsmugOFqJKErG1pTza+g6UtpXWei29hBgAejCgk3u4rB3K084Df1jeMOieoFZydzmN8kifpzNJU6LF0Tn9Eu5ZMuvXxlQOHW0vRsxKDEWuh7DAvJhxGV5qj4wK1VJRtAvSJiH+RJLcUhlL2h/vqyZcZe5BPBqhP4pI82wYwcmeog3uv+SXP3xGHFlni9AytN+RZ1YgllgZQlLrnz82QKzTF0pUNiW2HFQpDxQzAvm0CGDwFxt1jY8uLNDJqzTJ7opNlgIp89VgoU9qmZGZSaYxGq0DGGmaZtJqYIpcqPe6n3K5O0irhQzBHwXP08tGnqXD5RoJRzGD/5BUUVCAsv/T4DnJIsb+PE8ANst2P6wbyREcx97EU3ep4TXACsBqZsYMgqbi/Q8XyR/j/0lkTZeohblFE/VBlniOiH0HXhnuV9HMptyYnKVOdzUuey7EsQtYX1vj5YHgkVmPU5jdSC8ETsYPlooXbr/s1tKQfukK16i2BYlULdAc1xbIkBcu8oUAnM0og4CLyT25sImVY3efmvnpIuEp1H5dhU/tT+P71iQ44Vt3yacsosMC8dkb5uDq3dz2S7TeyiPcw2+pwf0ZyFoBA377k82u8wHDam9AQGpGTVP/WeamivM3Un0j2IO1WOk5qi+K29oAuF80UpufK/0xZNEiZ3YBf099pQk4hxZv5Gwvg2yZuAKFhp9f0U80LOMw9VEyhK9ZsKaY/97tLW7qJEZdO4vMGfQfNy3c+G3U8RaA/jbNm/Tctz/SzqnIDAU7ag01zQsVQiua+nXS+dERXLhIrawhEB2C+fTp3Y5lCrMC+AAfRRxyMIumahFyLgPl6TRPa3kLeJs3e2JzeFvBElYhnIDCwnXhNmPRYo9vHAVGWKbfSTHAg7BOOM+W6q0gkH3uEEs=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678DC0BB871F71EE2568FCA89D52GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d5839ea9-2da0-4f87-b22f-08dd5d54fe15
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2025 08:49:37.7791 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OWN1Jj+Ko+v8I3XgtGWM8aqiyA6jGsv3BjVIHXRaKb5X196ZLb0Jm223g04Hqhhp5hOWfvxAxV9wjMOg3IfeFX3yi8nzb2oe7cxgJ6N5B+g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6886
Message-ID-Hash: IBLLLZPXTG3RGOXSYZ3AXLXCILVDPWIY
X-Message-ID-Hash: IBLLLZPXTG3RGOXSYZ3AXLXCILVDPWIY
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/j7ccIdAGH0Li1F2mppl8P208Mk4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
>Yes, not only enabled, but preferred, with servers sending an HRR when a >client reports support for X25519MLKEM768, but does not send a >corresponding keyshare. That is truly excellent news! Thank you! >Similarly, the most preferred sigalgs are ML-DSA-65, ML-DSA-87, and >ML-DSA-44. Of course these don't take effect unless the server is >actually configured with a key+cert of that type. How does negotiation of ML-DSA work in TLS? I thought there was no code points registered in the TLS SignatureScheme registry yet? Cheers, John From: Viktor Dukhovni <ietf-dane@dukhovni.org> Date: Friday, 7 March 2025 at 05:05 To: tls@ietf.org <tls@ietf.org> Subject: [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies On Thu, Mar 06, 2025 at 09:01:13PM +0100, Bas Westerbaan wrote: > This is indeed fantastic—congratulations! > > Will X25519MLKEM768 be enabled by default? Yes, not only enabled, but preferred, with servers sending an HRR when a client reports support for X25519MLKEM768, but does not send a corresponding keyshare. Similarly, the most preferred sigalgs are ML-DSA-65, ML-DSA-87, and ML-DSA-44. Of course these don't take effect unless the server is actually configured with a key+cert of that type. $ posttls-finger -Lsummary -c dukhovni.org posttls-finger: Verified TLS connection established to mx1.imrryr.org[144.6.86.210]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768 server-signature ML-DSA-65 (raw public key) -- Viktor. $ openssl s_server -accept [::1]:12345 -cert ./apps/server.pem -naccept 1 -groups x25519mlkem768/x25519 -trace [ ... Client runs: openssl s_client -connect [::1]:12345 -groups x25519:X25519MLKEM768 -brief ... ] Received TLS Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 287 ClientHello, Length=283 ... extensions, length = 150 ... extension_type=supported_groups(10), length=6 ecdh_x25519 (29) X25519MLKEM768 (4588) ... extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): ... Sent TLS Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 88 ServerHello, Length=84 server_version=0x303 (TLS 1.2) Random: gmt_unix_time=0xCF21AD74 random_bytes (len=28): ... session_id (len=32): ... cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 compression_method: No Compression (0x00) extensions, length = 12 extension_type=supported_versions(43), length=2 TLS 1.3 (772) extension_type=key_share(51), length=2 NamedGroup: X25519MLKEM768 (4588) Sent TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 1471 ClientHello, Length=1467 client_version=0x303 (TLS 1.2) ... extensions, length = 1334 ... extension_type=supported_groups(10), length=6 ecdh_x25519 (29) X25519MLKEM768 (4588) ... extension_type=key_share(51), length=1222 NamedGroup: X25519MLKEM768 (4588) key_exchange: (len=1216): ... ... _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-leave@ietf.org
- [TLS] ML-KEM IANA and draft-connolly-tls-mlkem-ke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Salz, Rich
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Bas Westerbaan
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Deirdre Connolly