IETF Logo Mail Archive

[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Nico Williams <nico@cryptonector.com> Thu, 17 April 2025 18:30 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D87991DC2C59 for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 11:30:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id foNIa7zSZ5g4 for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 11:30:58 -0700 (PDT)
Received: from siberian.tulip.relay.mailchannels.net (siberian.tulip.relay.mailchannels.net [23.83.218.246]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2AD8F1DC2C54 for <tls@ietf.org>; Thu, 17 Apr 2025 11:30:58 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 28DFA1C3B08; Thu, 17 Apr 2025 18:30:57 +0000 (UTC)
Received: from pdx1-sub0-mail-a297.dreamhost.com (100-101-173-18.trex-nlb.outbound.svc.cluster.local [100.101.173.18]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 937081C2996; Thu, 17 Apr 2025 18:30:56 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1744914656; a=rsa-sha256; cv=none; b=ftZAfTKhNUFfZGR6e8HyP0T7H/L/U1NiIoilbE5cEuBnsuAD1UfX7RpqSmcDeImTuOlx21 a0/R+qMxWKiX2kFYqtq7PPjxFcNSesiuSJXwl5Af7H6NFjeOIk9wpntIesP6SzV3sbuXHu F7CODPaRSrxpk+rbfLh2szP3cYgBc/2tTTUqJ90lVyX6GpICOvjSxWa2ujapgwZgIuTkNG 6c1vNQ8qflV+wf3Wlgy4PabQ/0zvF54RT6ZougZeIkE8LibU4Vv/SbV/F2eFEE8TTvNeUF cKB5j/dj4jEuE0/MRQWO3Fl9cwf3PuVyzigDGubmSzTPKY0rn74iYWDOYyj+Pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1744914656; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vdjFwimkdzC+SZ8+24zDelFLNZvNhMhzayIwUXnsyP8=; b=o0pYBFaFe5xsWHAVg1eMsPA3AD5bjFaPA+dpq6fMGgyL2qsNl4LCMZOhY1ZTfVTLFoPAC2 uNsI2MgeTdwwwWwX6jetqm9oakOgRdCA+jpZgMUqstsh+iZUY7xlUX0cImcFFtKfrmgVaG kZvW3fCQEe1r2WRUs6HpMl/niRw3Vj3ET1oEvY5x3e28xAKx2kjJa4LaQ2P1Y/83lgfFEw cXHzFgXVnlDXRjuD/wsijqdghKCvxS6cvvjVT8KS1iuYYhesnxGm3NJM/n3jzZcm9ZzcVJ BnE7CS981aybIdcjuUvYZtcbPdPMIAozlNGzibVUSGMeYlsczDrMVJycv0dT8g==
ARC-Authentication-Results: i=1; rspamd-66f96cc86b-cp7nh; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Shoe-Tart: 30ea4f9a208ed17d_1744914656869_2271672169
X-MC-Loop-Signature: 1744914656869:4277502156
X-MC-Ingress-Time: 1744914656869
Received: from pdx1-sub0-mail-a297.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.101.173.18 (trex/7.0.3); Thu, 17 Apr 2025 18:30:56 +0000
Received: from ubby (syn-075-081-095-064.res.spectrum.com [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a297.dreamhost.com (Postfix) with ESMTPSA id 4Zdmg368DnzFR; Thu, 17 Apr 2025 11:30:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1744914656; bh=vdjFwimkdzC+SZ8+24zDelFLNZvNhMhzayIwUXnsyP8=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=UK/3tg7K4YH1CkR8kgKUyztllQl5TeejUvOZpmYSCFrNvPatjuJ+woqobHCABxKoI isPzlTgLtSBu503pfXxw82FOwXPj0WnazG8XebiGQ+El8GSd4vNxHQF6pSr5eZxUxe eGVirdH5C5HQ2RdXqhrdd6fw8fFTKbwJUeFtNx3TrjO9FzpvEMWk/h8Q1E2VdjUobu VTI903ZPrQ+GZHfNubDmDp4rQf5lItz1UALBVyyxE03SQu8sGCcxfm7X1/mIxizGFH UKUdaI6aNxPq4adRoa/vUeRv6KRr6osK2Zedxoy1rt2xm4O4IlJ1cbO6bhjn1GhUp6 J9MvPyjOGJ2Jw==
Date: Thu, 17 Apr 2025 13:30:53 -0500
From: Nico Williams <nico@cryptonector.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Message-ID: <aAFI3Xzk/augbVTU@ubby>
References: <ca271cd7-1489-45a5-85b0-35dca4cbdddd@cs.tcd.ie> <CC953DB0-3051-4231-AA65-475638FEAE45@ll.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CC953DB0-3051-4231-AA65-475638FEAE45@ll.mit.edu>
Message-ID-Hash: 5N6633SZI6TFPZYX4ID5VGIGPSZQKR34
X-Message-ID-Hash: 5N6633SZI6TFPZYX4ID5VGIGPSZQKR34
X-MailFrom: nico@cryptonector.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Thomas Bellebaum <thomas.bellebaum@aisec.fraunhofer.de>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/l53wR94Pmn99kdmD1vA-mt0RqJg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Thu, Apr 17, 2025 at 05:56:56PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> Since It looks like 3/4 of the audience holds position similar to mine
> - frankly, I don’t see why 3/4 must convince 1/4 that their position
> is valid (usually, it’s the other way around).

We don't "vote" because majorities _can be wrong_.  At any rate it's
hard to quantify the risks of pure PQ, and since there will be entities
that insist on it for their own internal uses, and since the codepoint
assignments exist, it's a bit over the top to say no when we can just
insist that these not be MTI and hope that [unlike Dual_EC] pure PQ gets
no usage outside of the orgs that require it.  Though I'm not keen on
pure PQ yet, I do believe that the WG Chair's call was correct, but not
just because 3/4s support adoption, and I appreciate that the consensus
is strongly that pure PQ not be MTI.

Nico
--

v2.30.2 | Report a Bug | By Email | System Status