IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 02 April 2025 18:25 UTC

Return-Path: <prvs=8187e28282=uri@ll.mit.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A6FB5168F5C1 for <tls@mail2.ietf.org>; Wed, 2 Apr 2025 11:25:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zr6Mrg10a7oJ for <tls@mail2.ietf.org>; Wed, 2 Apr 2025 11:25:57 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) by mail2.ietf.org (Postfix) with ESMTP id 2A65A168F5B4 for <tls@ietf.org>; Wed, 2 Apr 2025 11:25:57 -0700 (PDT)
Received: from LLEX2019-03.mitll.ad.local (llex2019-03.llan.ll.mit.edu [172.25.4.99]) by MX3.LL.MIT.EDU (8.18.1.2/8.18.1.2) with ESMTPS id 532INjPa180126 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 2 Apr 2025 14:23:45 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=FBWs3bc3VmyCNI7JAgsjQSlTkMObOg0itQ8dFKVkLEhIMuwFcW6XDmeBLtH4l5q6cqz2HJF9yq9Zt75GhRtL7JohLN0ky4CObP1m00/OWgU0AREwiDoR3DzMH1wkr1GrlWkZjHdjuvTFqc5Ruzxi1JlUFrUZ3KkruQHbdQSSL0cZd9G2wfX0Q3dX6y+nOgFCgqIWB6jSHOC4vjzKw7HB2k0tDDrfm247IJLeH+nEPbkjhblXg81qWBls74c96DcweFszMalnI0ENc4FKTqeNt0qlq+Ehy5fVf1eoITGFrre1DqJtp8b4t5J4MziGicnxOL28LkCfrftamyMn9ZVCBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/CJv0fcsRKj8yO4+TXz57gV4hf91PyU2Sj6e55GzHgk=; b=m9mvvBZVWMIX7Du4kYMCg3W/uFS/jbqW3wECkPD0Esq02Ad4uOnwwFrOSpoRYIre7cDrS7qbbcStlDHm43DoGLUAOTaSg95YUpIR9EY8X7nPt9+Y8z4Qxd7mzj72cVltsAYbUq6r0DtZDouC1uYLLFWQIQqp8Y2aliQP2EXZsqM4GJ4YxIigltQUb4uwL7K6dwofsuPutgQ42qvoZq0MIN9N0/FwqiDqEb8PE7kCcW5DVsGMWWDrT18n8epEFfU8DAS/VdTN6m4NRyXGqGjcbwR7sRQzrWIpMXUzmf3It62IhYW+Od7kB7QHEehpkRG7m/XUByrS0DJcMR96AiaILw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
Thread-Topic: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbo+v2bPOtzq4EGECRIuPhOX7jtrOQkwR0
Date: Wed, 02 Apr 2025 18:25:50 +0000
Message-ID: <BN0P110MB1419440B1D2AAB37F788547090AFA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com> <Z-1AGna12NAYHPl9@netmeister.org> <6ff838df0794e75225d9e9ce9f53248c9bdf4235.camel@aisec.fraunhofer.de>
In-Reply-To: <6ff838df0794e75225d9e9ce9f53248c9bdf4235.camel@aisec.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|SA1P110MB1118:EE_
x-ms-office365-filtering-correlation-id: 39c67997-420b-4792-6373-08dd7213cbf6
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|8096899003|4053099003|38070700018;
x-microsoft-antispam-message-info: 3kESBmuo94k+kxo/7KiaBUGNwJTexZ7RRkXbb0S4/bn2OiROoMHPukMBA5815jPFX1YCyTHT2uzhShHLhvDJMn9HNN6DxP47IzQqnfIsdHvRsSRkRtWxY2aXh2gm7868PC7rmHp1rXFqY4XQqOdGFhqO2wptJ0Rnn0ML7ejlqF4NT43EvMSrXtG1ViaI7PK/vhIwYSBFYjnMgVsGQbsfBeuk9FIwLkFRUCb3FiafY+Mz9VEAUABgCt0FXqLBcptN0aJ7GEPfV2BScZSpfjr1iQgJH5IDMkZxWMY6q3bFOB4mS4AVRSPVUtmoRjqkJRZual6J2WmsMpV5G0+RJ4tbtG9wyUQxz3hvWS3aghVFz4NxMimUm05cmK6WSSMvWpKl9ERKAq7yq2OYwcobmnievCxjH7iypJNI4RMW/uyX8zInI/JwsdPehahCUqpOiOFK+RL7fDhKqD+P7we9MUpMC4RTNX0uMWiim67ucW1n0yGBm7RFZbjOG1Dd+NHa8GuCGhP2LQ6s+Q7P6fJDxJD0cnuHyNLu4k10KBkGvgh+J2iY/rxnDKfqtQ8TzqnyXh+X5cUJdrMuswL3XdZG5kUgaArDLrAk7LywCJguESNkoQb+lR1jxJjOmCofh9RgDbGPsZQZfqfwcUqM1BCIrQt8/n2GgBb5ICTkvV13uES245XHtdkC+XtSdjxBR6QkuQ0v/0L+Hy/vz02531YBC19SB8jIHhu1h6ARfl9DDtdh+qTad64KvTc8oxIQ5Rty+eE6/5B0/zMpCpT/iQ+lrDL2YzWAh4rhUZmyI9vG6bLGVyJij+QTpB/aeOoeb9lBcRR6lsm1en5EFNRwu772IAVUuxg+UWUX93A3sY72RBFE1DbCq7NynyOOmOtiIYJNOd+S060daOg26+v2zopwPcnfbc7+0QaxXqFac4Wqspb34t83dXOxslGpLKYObEPAeFJZ0afPrxdo616hUj5JO+HSmsC5h0e1F1JZCVHN6zAefkpqu5OSl96T155nJW9LRIRnfH3ZPkuHJaKf7dgo2PXTh1CRxr2sZHEWg184dqYDXOba/UC3JwmOJXpS3DhgN7UiLOx00TIjRKlDiXQwGgHBmsitY2Sdrv65grkoQH0IWzSan1BpypGVOyHW5/n3cm5KMgjm7ctYmfv6pGG7HCPbe9VqGWMHSyRHQ0TqVviDEWkW/oHSTxOBMKYMZ4gQtmlmM/df+P9FVs9iWVN1x6BnF7izOhJoSAIj5SvBsQFu4tS1SrB70YX6i0LEaGhLqMByEYmuYikYRd9kV09WrnOo6fYKFz/7pibm7uj/6wqXcs74AF6kGWHGgkzn2MsAfMDo7HA4nIlmQvIdGlS42HcZyK8TYwc5yn1Vu/3AHE9RJ3MQNqwEJv7IixScy3VoenUl
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(8096899003)(4053099003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: nB/yBdbEsK2qL3qinS+poojtVLG/57hBzRSiU5t3dLYd9y7xmjrPGOuMih7oUogKE9EcoHtU3Wrs24sfLmwI8sdoOqVdW9YiOAVJaeQeKPMcHZbuDmaSE2Lq1jyfOrUUcxgIj2WpMBpfqY7p0QbRWYuVTGiZt1v5KTNhhIhMedl9nh62UQoPcRQJ4pYfXqSJPj4UCAb4oPFhhI/iHxPHqX4nKEBneQqMY3Yj3Fhy3syNBF2Be59JU6DNCNShj4nTK3y1Ga3hepx04w9W2/XlIcRYxWCpxtxzZWzwQyShGlfHBTmZDho8gDClkuOHHTXhriROp8nTmA84h554gnu/AW+/iT+yC+orFOIwAdMoeSSJ/CtxH/3EBjCIeZf8k7LV2QX2JSs0E0TEv7iDbqp72YOY0zoYfdRzEpFuI0HNXtyzczDYhz1x9MOz3cN2fwutwJWBBC31oIh/1VcXquwRPEw0H8lzh3kBUi2C4yC5FhcACNmtf2NSTZC0mJFo8Z2iTots6jkVpbOU+tYOMPDw5T0y9XHLYYGz5p/ep3aS2kRCZFslB824bfG/8G8E93g/GAL9vPb6z1zReS0uoc/OlJBgH5o3DNorUnRHbW0aB5zHd0bUXBrLYqq/zTHO7sU5Axb8JTaVPmnTitWxX7SaPVfRk/JOBtlwDlUR7uChnagEr8c/pBqE/c5cnbEpLzMcnQoR313d0KuiTTWXGi9HUWTzBlHfKLuCbXRpmbnEQgaIsTPskXLyx5GE9dGwElJQduALL81HahriI9G+X/8JxRxCxkS6NNUKXc8225iWa9Ru4yO+kREuKV7tXbKxmkpvdWkoQhXFls54HZOzOkc4eP8QhYaw53+S6GszC470vHZaCof498DcjJgVF649vBRp0N97pfyaj3ovyMl0nbF0WvYM625i2JcEsHwdgTs44h8M9Tf62Mur6U0faW3uYLeMX4MUII22iH0BaUjkQeSSs7ZvInSF/vOL1BNE57dYfy3Iz9OgBHKsCf2/UsxQ1WfL5AqoEJILQJMQShcvNp8x5YC6HAPKocaigSoX9yuUmV3aVxc/73JLa0OK5A+4/CzxqxNNy9L8cSNIyjsV3bmYDuFCQxUgoUxaV6otIKJXxRndtB/8BcryiATW8FeLC5iN/JNuVYJKztokvRrYTAwoEqEFIy7fh9NPnewkyqn82nz2GvkRz7qKcQlZBkyikf/p5VSbNpQ5fDHWxfIkfkn7xCEhwXDR8DaAkf7RQk3FOS6rmXpq0F+jSxddpmhwIzuUW88l/kr14XwDdTSuRM7vDNlPekDfjU6p9NgNE57K+gO7QkhOE77S3IfSXll7594Qd6FU3qByPW3plohGuT8JL7JaD0xgTlfVQU4briUSDPvDsOm3+GZjs/IAuc9wiq4Gr9u7OGxgMvxj4fLPLO5qRCN1RJ3UW50ObFNH4FSDq1mh7bjZ62nUjBflBNA6jn9QodQi8nt/LCni/FrWuNb4pMiA000ttQjOY0ok+26B8AkjxivpVPP4nE+mQIjyn3X1
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_A0BDCD18-4D42-774D-A475-016DE6656138_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 39c67997-420b-4792-6373-08dd7213cbf6
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Apr 2025 18:25:50.7739 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1P110MB1118
X-Proofpoint-GUID: jYo_IjWktT1oQpG8dRV7BFIqkklp-SKE
X-Proofpoint-ORIG-GUID: jYo_IjWktT1oQpG8dRV7BFIqkklp-SKE
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-04-02_08,2025-04-02_03,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 mlxscore=0 malwarescore=0 spamscore=0 mlxlogscore=935 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502280000 definitions=main-2504020115
Message-ID-Hash: FG2D3RWAUFTVKNSDX3HYFU4JGYOF4D5R
X-Message-ID-Hash: FG2D3RWAUFTVKNSDX3HYFU4JGYOF4D5R
X-MailFrom: prvs=8187e28282=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kejnZqlyHrCGl-MSJPi7p3ZRyTo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

> I believe that adopting the draft will allow those who 
> wish to use pure PQC (for whatever reasons they may 
> have) to do so while at the same time not in any way 
> impacting anybody else who doesn't want to do that.

Those who wish to use pure PQC do not need permission. This is about IETF _endorsement_. 

Endorsement is based on many factors. 

..." by googling "deploy ML-KEM now" and being recommended this rather than a safer hybrid[1]. I am not convinced that such a person, if given more knowledge, "doesn't want to do that". 

This assumes that “more knowledge” must lead to “don’t do ‘pure’”. Which is “purely” wrong – there are several aspects of a solution that contribute to or detract from “safety”, and the theoretical truism of “combination of different (independent) algorithms is generally stronger” is merely one – not even the biggest – part of it. 

Deirdde> As a coauthor on hybrid publications and I-Ds, I do not agree that hybrids are categorically safer. The -tls-hybrid-design for hybrids is pretty great... if you use secure component algorithms. 

Deirdre is absolutely correct. 

And even when the components are strong now – remember that the key (no pun intended) point of this exercise is to deal with CRQC, which will make all of the Classic components immediately useless.

v2.30.2 | Report a Bug | By Email | System Status