IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

"Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de> Mon, 13 October 2025 10:14 UTC

Return-Path: <thomas.bellebaum@aisec.fraunhofer.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4F94D72598BB for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 03:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=aisec.fraunhofer.de header.b="Fd2MHDdW"; dkim=pass (1024-bit key) header.d=fraunhofer.onmicrosoft.com header.b="jXR4rAxp"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77UzffiX4f6v for <tls@mail2.ietf.org>; Mon, 13 Oct 2025 03:14:54 -0700 (PDT)
Received: from mail-edgeBI124.fraunhofer.de (mail-edgebi124.fraunhofer.de [192.102.163.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CFE60725989F for <tls@ietf.org>; Mon, 13 Oct 2025 03:14:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aisec.fraunhofer.de; i=@aisec.fraunhofer.de; q=dns/txt; s=emailbd1; t=1760350494; x=1791886494; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=bpplLkj9kWgVOOVbXcpyr3lvOFO1PrvjzXwSNXPuhjs=; b=Fd2MHDdWJMw7tjyAl/unWnaEMtYZ+kbQ2UszpaS8gPU3Esi29Y8eiG8L 8SAkwnbn0Wt9ikQYIGVOraDg0Z0V7FM8k3ehAeXV29CuQM9+JteRv8Gg+ guczprdNUny7fNJgeEyg35kwP1j0DDBvoW7j9Vfm7xvlEO1stRJUfPwtV Q9LHdFkppfTye3oG39TWFBXn6rFX9J4hT0U9Kh4F17lhfJrat5VH0VMJt AaU63BBaSiXbtYwolUPyCD0KiD9LM0SvjTRf92YkxRy0bHMG0FRopvfKD /7qRTagj93Unj8+4nwh41bm3NRDSaATIP/tmxyTBICPdbIISIaBgSR3ts w==;
X-CSE-ConnectionGUID: /tTRpFK9SKu82PJ1lO/sNQ==
X-CSE-MsgGUID: T3c8/V9dTSCRq3kO2dz2yw==
Authentication-Results: mail-edgeBI124.fraunhofer.de; dkim=pass (signature verified) header.i=@fraunhofer.onmicrosoft.com
X-ThreatScanner-Verdict: Negative
X-IPAS-Result: A2HMBQCc0Oxo/9maZsBaglmCQEABQS+BOoRVlDMBmjGCUAMuKQgHAQEBAQEBAQEBBAMBATQdBAEBAwEDQ4Q9AoxLJzcGDgEBAQEDAQEBAQECBQEBAQEBAQEBAQEBCwEBBgECAQEBBAgBAoEdhglGDYJbgScFdDACAQEBAQEBAQEBAQEBHQIPJgwqIAYdBh0BATcBDwIBCDsHAgICLyUCBAENE4J1giQEEgMiFBQGrymBMoEBggwBAQbbKhiCQAcJCQGBQIFYgiSEVQGBXBKDC3IBhHiCDEOBSoJEMT6CSoVUgmmCERV6FJZJUoEUA1ksAVUTFwsHBYEgEDMDIAo0LQIUDSIPGgUtHXM0EhAhHhNgPRdAg0kbBmgPBoETGUkCAgIFAkI6gWoGHAYfEgIDAQICOlcNgXcCAgSCMYESgioPhEsDC209NwYOG5AtECENghmCGYFEd4EUN0ERxnEDBAOCNYFnhl2DM4IOlVMzhVuSBZMLg3KVFCKNZpsOAgQCBAUCEAiBfoIAcYM2CUkZD44tFhyDQjO4eHgCOgIHCwEBAwmSHoFLAQE
IronPort-PHdr: A9a23:UFMIyRcr0EfFb08pLk64TwzxlGM+QtXLVj580XLHo4xHfqnrxZn+J kuXvawr0ASSG92HoKsd1LGG++C4ACpcus3H6CtDOLV3FDY7yuwu1zQ6B8CEDUCpZNXLVAcdW OlkahpO0kr/D3JoHt3jbUbZuHy44G1aMBz+MQ1oOra9QdaK3Iy42O+o5pLcfRhDiiajbrNuN hW2qhjautULjYd4Jas8xBXErmFUd+lZym9kOE+fkhTy68qz4ZVv9zhct+87+8NPX6j3cb40Q aBWATgjLms4+NDluR7fQASA4XcRTn8YmQdSDQjf6xH6UJbxsi/kued4xSKXI874Q60qVDq79 6tlRwfmhygeOzMn/2/Zl9R8g61Hrh2voRx/2JPUb5qONPViZKPdfMgVSnRHU81MSiFOGIK8b 48ID+ocIeZVqpT2qlUSoReiAwSnGeXiwSJKiHDrx603y+QvHx/Y0QI9A9IAvnfarNv3O6gOX u+416bIwSnZYv5MxTvx9IrFfxY8qv+MR7Jwds/RxFEhGw7YkFqQrYjlMC2O2esXrmib6u9vW fqygGA5qwFxpT2vyd03ioXHm4kYzUzE9SV+wIYwP9K4U1R3bsW6H5tUsyGVKZB5Tdk/Q2Fto ys10LwGuYWlcycW0pgnyQTfZOaac4iO4hLjU+iRLilihH5/Zb2wmQ+//E69weLzSse6ykxFr jZZktbSrHAN0QTe58yIR/Z540usxDmB2gLO5+1ZLk05m6jWJpolz7AwlZcfr1rOEyvqlUjyk qOaa0cp9van5erofLjrp5GROoF3hwz4L68gmdS/DPwlPgUKQWSX4/mw2KH98UHjXblHjvI7n rPHvJzHJ8kXvrC1Dg5J3ost7huzEiuq384ZkHQCMV1JZRGKgo3sNlHAIf31DPGyiEm2njhx3 fDJJLjhD43ILnjEjbjuY65w61VZyAov1dBf4I9UCq0ZLPLzREDxsNvYAwc8MwOuwubnDMxx1 oYCWW2VBaGWPr3fvUGV6u8tOeWMapUVtyzgK/gj5/7uinE5lkEHfaWzwJQYdmi0HvVgI0qHf XrhmsoNHGMUsgYkUeDmlEOOXSROa3uyUK8w/C83BJ+kAIvbQ4Cimr2B3CO1Hp1MYWBGD0iBE Wvod4WDXvcDcjmSLtV6nTMaUbihT5Eu2gq0uw/nzrpqNfDb+iwDtZ39yNd5/ePTlQso+jxpC cSd02aNT29qkWMSXTM5wb5wrVRnylifyah4n+BYFdtL6vJJSAc6MoXcz+t/C9/oWQLBftCJR U6pT9m6ADAxVc4+zMUKY0ljAdWulAzM3y2vA7IOirOLAYY78rjA0HTrJsZy1WrG1Kc7g1khW MtPOnWqhrRj+AjLG47Jj0KZmr6odaQb3C7N8n2PzW+Us0FETA5wSr7FXXcZZkbOotn1+l3NT 6WvCbs7KQtB0smCKq1QZtL1ilVGQezuN8nbY22rgWe/GQyExrKSY4r2dWURxiLdCFILkwwL5 3aJKRA+Bju9o2LZFDFuFkrvbFnq8el5s3O2VkA5wx2QYE1kzbW0+xkVhfqGR/wP2bIEvTwsp ChxHFmnxdLZF8CMpwt/c6VAb9Mx+lBH1XjWtwBlJJyvM7hihkICcwRwp07uyxF3Cp5bnMgrs nwq0ARyJbif0FNbeDOUxYrwNaHPKmnu4BCvbLbb1Uzc0NmN4aoA9O44p0/jvQGxDEYi73Jn3 8FT03SH/prKFhYdUYrtUkYr8Bh3v7HXbjEn54zKy31iMrO6vyfH290zBeslzg+sf9JDMKyeE Q/yDtEVC9azJOEogVSpYAgEM/pP9K4yP8OmcPWG17CxPOp6gT2pk3xL751+0kKN8ipxUvTG0 ooYzf+FjUO7UGK2nU2mqcfykINEYmRORnikwiHgCZQXbap3VYoOAH2lZcy62ts4gITiETYM5 USkHFQD0cypfk/ON07m1gRU2F5RqnuisSe9xiZ/1TAksqTZ2zbBlaCqPhgAOmgNQWB+kUz3J o7h04gXRkmjdBMukl2u4kPSy61Svq85LmTPTwFPZSe8ZzVgVau28L+Lf9JU85Qu5HkPXf69a kuBTbi7qBwf+y/mFnFVgjE2az/svY/2yU9UkmWYeTxZoX7ddMt52BKbrODcQvtYxXBOEDV4j jzeHR62Mt2t8N+dipLru+GlWmnnWIdabC/ryo2Nrm236Ds5UlWEg/mvl4i/QkAB2ijh2owyP c21hAipO9qj3vGgKusiZUlhXgKiuIJxT5tzloIgiZ1Xw3Uej4WY8Sli8y//ZNtB0L/4bH0DS CRNxNjQ4QP/31ZkIG7PzIX8BT2Gl9BsY9SxfmQMgGcz9clXDqeT4rFe2Cxzp1uztwXKZvZh2 zwazKhLijYa1s8Tvw9/4iyBD+IpAENaMCfwxTGF9Mu3o6gSRUr9Wr+2yEd4gZWdHamP8CR9f Vu8RJo4Bi536JdPdXf3lVDj4YHtftbdKOkesBGZiT7spOhYI5Fi85hCjyoyM3rluVkmyb84s hNQ+raEtriMM3R3p6anJTB/bwXvecEByi7Wq5Zmg8aUxNX8e/cpEGAJbKG0V9u4CDcttKSgH T6MHhwjrkiAMrH6EjOC4h5lii3kEbGsKkOFOFMp6+xjaEKPAVBgiQpNWh4okZ16HEen38zkQ n1/yBYc13/gixZN78AxDQL+Q16YhSS5cC45Sbu4CxNNw0Jn5gCOGJ2m8b4tGSwE3K2uphCUN 1ySZTh0JDxTemaFBkHGG4KN5eLko/ixWMOhD8r2IqiRjdIAaevLxa6S/tE89DiJFN7abTFyS vwh3UxbWmplXt7UgCgLV3kPnjnWPKZzxT+58yxz682z//nBeVu1uc2BEbJPN9Vo9R2sx6uOZ Kachyd8fC5RzYhEhWTJx74WwEMIhmlweiOsH7UNuW+FTK/ZlqJNSR9OQy1pPdZO76Uy0xMLP sjei9jv0aV/gOJzAFBAPWE=
X-Talos-CUID: 9a23:fEnfF2ghRQVOpYCd7hzRiVRCYTJuNWHh9m/+AB6DKns5EoW3EFu3v7hCqp87
X-Talos-MUID: 9a23:8NtREAZA1G0lveBTi2Tn1HZcZctU2I+UERsOts8KqZOVKnkl
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.19,225,1754949600"; d="p7s'346?scan'346,208,346";a="13127562"
Received: from mail-mtamuc217.fraunhofer.de ([192.102.154.217]) by mail-edgeBI124.fraunhofer.de with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 13 Oct 2025 12:14:51 +0200
X-CSE-ConnectionGUID: AACjjUs3ROmzb5dlAL8LdQ==
X-CSE-MsgGUID: WrpT47toQs2WV4U4d72WLg==
IronPort-SDR: 68ecd11a_afPrUeJqlXaCt6KHYINClgZAtb59kyTdetocL8fiBwt2t+X qOTIlIY22Ux46e0SLPc/2JfDWLkynxKLrQnp+Bw==
X-IPAS-Result: A0BLBQCc0Oxo/3+zYZlaHgEBCxIMZYEgC4FuUkABcDGBCYRUg0wDhSylaoJQA1cPAQMBAQEBAQQDAQFRBAEBhQcCjEonNwYOAQIBAQIBAQEBAwIDAQEBAQEBAQEBAQELAQEFAQEBAgEBBgWBDhOGTw2GWwIBAxILBh0BATcBDwIBCDsHAgICLyUCBAENExSCYYIkBBIDIhQCAgKiVQGBQAKLJYEygQGCDAEBBgQE2yIYgkAHCQkBgUCBWIIkhFUBgVwSgwtyAYR4ggxDgUqCRDE+iB6CaYIRFXoUlklSgRQDWSwBVRMXCwcFgSAQMwMgCjQtAhQNIg8aBS0dczQSECEeE2A9F0CDSRsGaA8GgRMZSQICAgUCQjqBagYcBh8SAgMBAgI6Vw2BdwICBIIxgRKCKg+ESwMLbT03Bg4bkC0QIQ2CGYIZgUR3gRQ3QRHGcQMEA4I1gWeGXYMzl2Ezl2CTC4NylRQiqHQCBAIEBQIQAQEGgX4mgVlxgzZPAxkPjiEMFhyDQrkrRTM8AgcLAQEDCZNnAQE
IronPort-PHdr: A9a23:nmYEfxPkvDw8EltUQ+Al6nZUDBdPi9zP1nM99M9+2PpHJ7649tH5P EWFuKs+xFScR4jf4uJJh63MvqTpSWEMsvPj+HxXfoZFShkFjssbhUonBsuEAlf8N/nkc2oxG 8ERHEQw5Hy/PENJH9ykIlPIq2C07TkcFw+6MgxwJ+/vHZXVgdjy3Oe3qPixKwUdqiC6ZOFeJ Qm7/z7MvMsbipcwD6sq0RLGrz5pV7Z9wmV0KFSP2irt/sri2b9G3mFutug69slGA5W/Wp99Y KxTDD0gPG1w38DtuRTZZCek5nYXUTZz8FJCA13P9An+epTz4yjFudRa/xeQDcbuXKpvXSqFw YAycAX2ijU3KAUfwFnKis5r2fE+wlqr8h5P+dLOSZGNMcV/LuT3RdEUZHVFYd16XAlOPp62N ogqUMEDHOFFnZvhjWsolBqSXhuJGNzmwGZOrW353u4wlOk6EQT05goOOd8/kWz1odTQFv4oS uGk9e7p7iTZdv5X+hDa4ZPlMTUg5qqlDIpvLZTXxBUNJwzPkkyNmYXnAw+8i74tmWma/s9Fb sGvsEp3uygviyeP9/9vl5btuNwr1hPEyRhVmtw+K9iaUxsoKc7hEYFXsTmdLZczWM45XmV07 T4z0aZV0XbaVC0DyZBiwgLWTsGsKdHXpBz5XfuXITB2iWgjdL/szxqx8E310uTnTYH0y1dFq CNZj8PB/m4AzR3d68WLC7N9806t1CzJ1lX75PtNPEY0kqTWMdgmxLsxnYAUqkPNAmn9n0Ces Q==
IronPort-Data: A9a23:dDppMK9/dLpoT+DKfTthDrUDMnuTJUtcMsCJ2f8bNWPcYEJGY0x3z DZODG/QPayOMGL0eNlyPt6z/U0H7ZCBydBiGQI9ryxEQiMRo6IpJzg2wmQcn8+2BpeeJK6yx 5xGMrEsFOhtEDmE4E7rauGwxZVF/fngbqLmD+LZMTxGSwZhSSMw4TpugOdRbrRA2LBVOCvT/ 4qjyyHjEAX9gWMtajtPs/vrRC5H5ZwehhtI5jTSWtgW5Dcyp1FNZLoDKKe4KWfPQ4U8NoaSW +bZwbilyXjS9hErB8nNuu6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTaJLwXXxqZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I0DuKxPRL/tS4E4eFKQz+ORKGjp00 vkKIm0Bajmn18a6+efuIgVsrpxLwMjDJ4YDojdt3TrZS/g8SI3FQ6LE6MUe0DpYasJmRKuFI ZtGL2MwPVKZOUIn1lQ/UPrSmM+0hn76eiYeol+Roac96nXW5AVwy7XmdtTPc8GMRcJbk1zeq m+uE2HRWEBHbYXCkmXtHnSEufXXoX+kRIUrD+eHyKJX3FHMnFM3B0hDPbe8ibzj4qKkYPpOM UsP/S8nrqg1oRDzXML2Vhm1ujiPuRs0V99ZCeZ86QyRxOzT+QnxLmoDTjgHbdU6qNQtQjp/i geEhdLiHidotvueTne1+rKdtzj0OCUJIykFfyBsZQgd6t/ku9Rv1hvKR8RkFui+idjdFTT52 TvMrSUiifMUl8Fj/6m593jMmXS9vt7VSWYd+gHMdmOo8g0/Y5SqD7FE8nDW/fEFLJeTVFiN+ XIF3cGS96YAF5iQkiyKTugXWr2kjxqYDADhbZdUN8BJ3xyj4Xe+e4BX7jxkYkBvN8cPYzjyZ 0HP/whW4fdu0LGCN8ebuqroU5t6n5vzX8/oTO7VZddoa518Pl3PtiJ3aELamyinnEEwmOttc d2WYOS9P0Y8UK5H9TuRQ/tC8LkJwitl+3jfa6qmxDua0J2fRkWvd5E7DHW0YNsU0oa4sSTO0 tMGN8K12xRVC+L/RS/M8L8sF1MBLFllJJbQt8B3X/OxEgpkEUp8DvTU7+orfox7raFrh8PNx HWcW1BZ+nX7l3boOQWHUVE9SbLNDLJUj2M3AjwoBnmsg0McWIeI6LxFUYkaZpwlybBT9uF1R Pw7ZMmwOPRDZTDZ8TA7b5OmjohdWDm0pACJZQyJXSMeesN+egn35dPURAvj2y0QBC6Rt8Flg bmB1BvecKUTVTZZE8faR/K+/Wyf5UFHtrpJYHLJBd1PdGHH0otgcXXxh8BqBfA8E0zIwz/C2 juGBRsdm/L2nLY019v0noGBkZaiFrpvP0hdHlSD142MCwvhwjOBz7NDAcGyRhKMcEPv+a6nW /dZ8OGkDt0Dg2RxktRdF5RF8PsAwuXB9pFmyjZqJnHpV2iQK6hBJyCG1PZft6cWyb5+vxC3a 321+dJbGOuoPvniGgRIJAE0M+Wx6uEPqAbw7fgKeWzL2ytlzoWiTHdUHRmAt3FaJuFHNIgkn OQTg+8NygmFkhFxGM23viNV0GWtL3I7TKQssK8BMrLrkgYGzlJjY4TWLC398LWjSoxrHBExA zm2gKHiuext9nDaeSBuKUmXjPtvu5senTtrknkAHg2tsfjYjKYV2BZxz2wGfj5NxE8a79Mpa 3lZDGwrF6Cg5DwyudNiWVqrEAR/BBG03Ez95l8KtW/BRXmTSW3/AzwhCNmJ4Xwm3TpQThpD8 JGc7VTVYzLgUcXy/yk1AGpOifjoS/5v/QzjxuGjOem4HKcBXDm0uZ/2OFI0qCbmD/gh22zBh +1hp9hrZYPBaCU/nqwcCquh74o2diyqHmJ5bMtazPs7Jl2EIDCW8hqSGn+1YfJIdqDr81fnK slAJfBvdhWZ1QTWpx9KGZ88BqJFmcAy7vU8e4LbG3I/nJWHpWBXsrbVxDnPtFE2Svo/lPQNC 57jWA+DNkeyhnJkvXDHg+cZG2i/YOABWhb28960wdU3C7YomtxlXhAu44uRvnuuLwps+SyPj j7Df6P7y+9Dy5xmuYnnAoFvJlyTB4vodeKq9AuTjYx/XenXO52TizJP+0jVAQtGGJAwBfJ1r O2pm/zq1hrnuL0WbTjoq6OZHfMU2fToDftlCeOpHnx0hiDYZdTN5SEE8GWGKZBkttNRy82kZ gmgYvuLat8ndIZB9UJRdhRhPU4RO4bvYofkgBGNnfCGJxwe8A7AdfeM13via0NFfS4pZbz6L CLJuMiV29MJl7QUWSc4BMxnDaEhcRWnEeEjesbqvDaVMniwjxnQ8vH+nB4n8nfQBmPCDM/+5 onfSwPjcAip/pvF18xdr5c4qyh/4KyRWgXsVhl1FwZKtg2H
IronPort-HdrOrdr: A9a23:BjLOJK4FI6JBG8qSiwPXwMDXdLJyesId70hD6qkRc3Fom6mj/K qTdZsgpHzJYUkqKRQdcLy7V5VoIkmsl6Kdg7NwAV7KZmCPhILCFuBfBOXZrQEJgUXFmtK13J 0QF5RDNA==
X-Talos-CUID: 9a23:owISJGEm3+FuDkO6qmJO3WUWGP0+KUf6yWXafkO8IEI5bLGsHAo=
X-Talos-MUID: 9a23:3o4P5QTqVx0pRdkXRXTTnileaJh05J21Un8zzahat5beCgh/bmI=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="6.19,225,1754949600"; d="p7s'346?scan'346,208,346";a="29511537"
Received: from exo-hybrid-bi.ads.fraunhofer.de (HELO smtp.exch.fraunhofer.de) ([153.97.179.127]) by mail-mtaMUC217.fraunhofer.de with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Oct 2025 12:14:50 +0200
Received: from XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Mon, 13 Oct 2025 12:14:50 +0200
Received: from FR6P281CU001.outbound.protection.outlook.com (40.93.78.5) by XCH-HYBRID-04.ads.fraunhofer.de (10.225.9.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Mon, 13 Oct 2025 12:14:50 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dgacriXV9PpKDPPhc/xwILRTQcZKqm8nvxQ1JDI71lXETQEdN3Df6L3H5/XGUHRifi/jOqW8rj2Lt2sYsOeUgxFGtOJRNpEHOBswq+ORCdDSma5N2j/6JIXuqRkbGtf6d34+g3+ust8cUbLUhJXtSeg8uiXJes7ctAdA80LI2C2eGBHYtXQwQmOqJdb3WdwEHoUkmKnBrmskbEO3oe9qedl18yvFMOHyfS0wZn/WY7nPI0rtsfpH76QlXF0xmfa3cVjHm2/WHo9gJxXlpvlg6WJPcvMB2/V+tD8LCq+lk6xaJt9CMQ75gxLfwFKYwhSniOC1W8TVU4CU5Pqup4XDyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bpplLkj9kWgVOOVbXcpyr3lvOFO1PrvjzXwSNXPuhjs=; b=X0R5sqBgdTA+Gl1DYr9PI75ps8JvmE6we3YtO7FfpnUh21H0YDjnQI4DrT60aXmYXvg/evZMgQ0rDCfLcM7rripAR1giKSFWmeNdah+GIK1Y0wMfxa2y8EP5v6+wFTih5HTDeDx+bZovnxlnuwNDTilcMs2+IATUablpBn8rmuTUN4V0B8vqYNdQdwjGLk6JFH+QrVbJRx3WMb2u2XwwyZ1LoUCiEtim0kJ/JPfI/PxbZc3m4/HEShoHTy1aGQDeWBtnbsFOTooAdza2LXGE01OHtr9yjnSCoX7soTCohl4sM4XDUcIzxQBJMrodS1WZWv1KYVOqdqRLOcgALABCSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aisec.fraunhofer.de; dmarc=pass action=none header.from=aisec.fraunhofer.de; dkim=pass header.d=aisec.fraunhofer.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fraunhofer.onmicrosoft.com; s=selector2-fraunhofer-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bpplLkj9kWgVOOVbXcpyr3lvOFO1PrvjzXwSNXPuhjs=; b=jXR4rAxpmWi8/BPjfIwlWsCcMgTub1kM7CjIouZztBXNQiD3zMtWab1nCzgk+b/eshmZRnFNeYIpIeiMJ1RsiyQ/IKyrqeiKOOasE+Mi/3A9Pw46ne4JXgbtquXajTTA52HBiiyMMSKhSL8xA6AwHYP+uwLV6Vt+hTUD22cfmJs=
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d18::f66) by BEZP281MB2213.DEUP281.PROD.OUTLOOK.COM (2603:10a6:b10:52::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.12; Mon, 13 Oct 2025 10:14:48 +0000
Received: from FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6]) by FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM ([fe80::8d96:d427:50b0:8ad6%3]) with mapi id 15.20.9203.009; Mon, 13 Oct 2025 10:14:47 +0000
From: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
To: "yrosomakho=40zscaler.com@dmarc.ietf.org" <yrosomakho=40zscaler.com@dmarc.ietf.org>, "john.mattsson=40ericsson.com@dmarc.ietf.org" <john.mattsson=40ericsson.com@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHcOTYvwcIeS1dae0qO0lFr7S6GULS6skMAgAA89ICABAcmgIAA65uA
Date: Mon, 13 Oct 2025 10:14:47 +0000
Message-ID: <a3e63086fe2454597303c49eb05f3fc3f1de855b.camel@aisec.fraunhofer.de>
References: <CAOgPGoA+c8kXDizwsvFG5tLz9+Kxk0HqiN1skKp5jMvvpxeu0Q@mail.gmail.com> <20251009160139.42473.qmail@cr.yp.to> <DM5PR18MB2326D93261B74BECF06061B4ABEFA@DM5PR18MB2326.namprd18.prod.outlook.com> <GVXPR07MB96787960DCEB12341CF0651789EFA@GVXPR07MB9678.eurprd07.prod.outlook.com> <CAMtubr1iJigyhRKaGdwoKsT_EuNy_aB795N2397aRdKCKabxdg@mail.gmail.com>
In-Reply-To: <CAMtubr1iJigyhRKaGdwoKsT_EuNy_aB795N2397aRdKCKabxdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: FR1PPF809320EF6:EE_|BEZP281MB2213:EE_
x-ms-office365-filtering-correlation-id: 9a958dde-d916-4b4c-2784-08de0a415695
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700021|4053099003;
x-microsoft-antispam-message-info: asci+45X79N2piBJPHGlq5IGs6GsGaYb3e/MRkZkF6aS3v0BZwB6TWoBmCqZZY/j0a3NF0QUpiZlObaXNcNoYtPjwrAlMkjllII0rPxFdDt2ouXUetjL4hx0dJSrC8ed1enX7JNvLj8TaCN/xQQ4xlKjVqVZANfOzNO00bJHri2yfotdmyzDbuCcG32Nhl/BxJ1XDYhVotL+9EvAySJs2luRR9CmLuLor3lFfGenGb5Y7oW+/jwx6R6JgBpG8dT1Fi4p0Q7D6LzqZyOwQFtQivre97yAzMNTLxZjfU1S5a0/cIk7rc0MixKWFJ6YuwIDa6JL/C5bXHekuURWEk9U3bPMYGu1nshBX7KllKybhiS3DMAMXZ/ieeGyExFyrgPJJomQYb0V2bALyK3lbbwCBpWkkxg+kkV7VKyVrkBZbDbe5JlVt1YdRmx253NiAF2al0DOmy6jn6oeKmvZyyLjgqupDP+0ILE6ZCO9udVMwN9MT+HR83oJixzKeuksHWeplRei+r81lKdPn0tQe/krl+6RTtB2VWkFBmGl7ecQs5+v89BFvVVPsO6WB2e8ujoyzkIBH3zNZq+xMOFEjuyJJpJwcAgfunewa8XKzEn/ZMdUJnHJI/4I6BQIG/hH2smjQK0ArrxqXn46PIZ8jdebkhqd0SgqRIvusJe6AkqsXIEIAxA4nT4SnZ1h1owY361Jr5jJaxKP7VNkNjb7QB/rlnt0P/jmm4aN95BlM53feQCphxzDobr8CLqYCSEIa/OUUJ0iBXxs+7jHXJD06aysOh6uvOIlZaR3Pt+ncGwYCF25iC8cTgx5ADL/Cgq5ZiEQgJAY7PhdguPjocMdRluo6yHMKVRodhYsIaGSdl7pMQbO6A5yN5AvtXOcCSBXNCzFci1hKIZvbXIbCc/0Q1g69lj855xV4otwogA7+70Q2MZeZWeJuVEM0IHsMXGn7NtruZXKa22aNYJYQc5rFX8z7da6w5KjPpzcFZDQGPla5WDJoxTe4962vA2tTlaxPSSqyom3fYBvbkMOAgeGS+i+EOqvwqlxIbx8rOvel/Rm38tEx9YmyzHjANAKiqRiWk+C7F3GBqIY4vkadRlq+SyopQ+YnN7p5ixf7gdAP59ok9JfT+05d8psWCD4KwZkclJP7r0PMJ0FGYIFrXUx9+D7XtD2OM8wkVmpNcTJIyukVTDnySfNaYeSmx5F61tQGM6hgaMhaUKf8/Ck6YVlMt6X8PDKZPoGz0WLDFVLs+B5YSGLGYuSIwjJZXDStDQHhS5uPyrm/5uGSViipwMNrYUJNa6hYIwmU4A1+5x9k87KCMRIHZKXRV1sf3uq2h5ThfRZFsb+6BjBle4g9052wGhwpNNgluqFNE4VQxAuUzdrF4rQ/CZmSpCuoCyGJQjU0LS9itOlFdIcI1FJUb8cmrqVPUV9sP/AxINTeeTaxPyyfWmJoDJWrhQfQdBdZqZ21zlSYtNiOC66nQyB8Npu4l9HG1B8lkzyxLcDbYspsPoNYcv9O73hzthodPag6ZcpTyKE
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700021)(4053099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: X4TKfFxD2Je0n7y0zoXkEcJL/YZK8Rp3WJHBCM0jjptbZRQqOfuZE7+94joQhIwMnEaLHMHpZinKin2raNiOBQ5xL/lnMWTEQUF2CYksyAd2Nk7fEGVS/aZ+aqHr8JQ9bW2knIMpfQoyMpKf+We4zjzZ/TnXmV5UHquP/KXD9dA1oH/u8VN2lwu3kgu8/GPXB1m68IqBAv1Jg6bWZQFcyIlaRyoOEu0+7DBYHzADlKwFtZVhn8pzB9koADt4LNJ0jQfB+DQ7dc9IlqeEwI/Z51tFYmIsKTh0+xGmrOsZnK6iluhEzsyrBeFnpjmNZJMitU+o4V6igjnYdF8vPJqxWphSYmlGsI9X1WBvaztBd+WeOqSTQ3BDrWhS7BUjE8cuP78PbBVgdYljG+VqwIShCkvZrXKdElcpT8ucZkj2hmnuRjc9RIAR1DUdSdNN9yl1D8mCk4psd46mvIbdAKoeMiC1Sl2t+TPl7GMpYoE551NNiJGy++hRhtjWAiado/VRsdvLbUe5DrZOjPz/hUQNyZeLYvZ/MZNyqQ4vbfjKQF5hGnslC8PrrLJ5mlwUwYc1RqF0tbizlPMFNMSoUTQvBd+RA0DmCVT85NwDMzYAGUI/RdtvFgIRxf1DVj6ji+iDhHYqV43u6jUzwhp8cGW+5St7QvyDKtwuMEBFHa3qbRFcoVRLsnI1GwmjnO+TsKpAf63sqrOkyxy9/KgzuHyL2ld+gZxGO7x5hnfHboCxTAgo4KCttOBvkMNtl3t0VmFh9IFu+8OAR0GjWZ0dk8ryiLz1VupOJbRoMVe93i/X3F8bubO9E/mlkWa8l9RgG+7UhU9t0tNdNRg9ablo/HKk1NKGaa/CyTAvixv0+fBOam1VYsaZPsK4xAA2jRPhisZMwPvez/N50UaK1glhnc3ed54RRK/16blxJ+UF6yKnRXXZiyxOYsfLbaKYBQcAd6/RyAho4vJuFZsZSWvOvdOy86HprnlArs+BC23KmBswG2mO3QrJo5wTODoRsqlNgw01y0TF3WVwTtXjazMXUoOtSojw/NQkYvKXbxigQQrDARwEvCMHO6vQeGhYRDrt43zxDLPy8RhclErB565EsZOB69HbLpHBQi/azHJ1UJuX+4rgmvZhbzvpimZu4Y+XUbQJyYDd+Z1/OKHB6Fod6qvRQXzFDh1d8h+MH3vhz3WDjBQREyM2eVy5eFXJvX16Mr3CDz/cBPkX+tbrweS3657KsmAf5V1bmjLCbG4Zm1CDXhPbVMEMly7/hM5ntLJ+n4qLxBCCSSFey/ldA183FlscHmotrvk1VcUw9YUdXVyDj21uO1sPe92+z3DHprZK5ymj2eabx1EARLgDnHzcmky4pP7xK5baRRXiBAejbS7AflkGP+hR3vpy3aWTHfzfGtmYXfyQBXhnLr38CssS5BKVoJoiG+vsGOOnO/w4XKRJ0o4C7PMMQ/F9kLiqRCuCjOPuJC2H2aJcbc5p3Os5q3IAN1f/bOK6i7GbCTwUHSfFKkdDMwYdG3hDTI+rurzDwD+Zoy0QnFRHF4LbqQ3hKd6oZivsg5r3m6ZC8PgcaGcTASdGm08glHD1y0fWFGyWsUYkNnjCX6gt0rvzBoP8iWclhDAuSMJfOshGNuzobWJboAo=
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-0EH3AavMM+ogytIxoIVJ"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR1PPF809320EF6.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9a958dde-d916-4b4c-2784-08de0a415695
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Oct 2025 10:14:47.4519 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f930300c-c97d-4019-be03-add650a171c4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gqTz56VcaOt61aesuZQS0mZ24E7Bpn8+ZHbdDo7vBhb/p14ZkgXyFHycp9qFA+neo4nG63ehtn44WjFEo2BfGBNW+rBinKAOv9lUmP5BBsWkjYa0OQiangOXvwr73kAR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BEZP281MB2213
X-OriginatorOrg: aisec.fraunhofer.de
Message-ID-Hash: KDUSVVO2XWSJQKV36UOLD5GKVVYL5YXN
X-Message-ID-Hash: KDUSVVO2XWSJQKV36UOLD5GKVVYL5YXN
X-MailFrom: thomas.bellebaum@aisec.fraunhofer.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "kpanos=40amazon.com@dmarc.ietf.org" <kpanos=40amazon.com@dmarc.ietf.org>, "djb@cr.yp.to" <djb@cr.yp.to>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lPE0CrRlgRKK7hX8gGSpK_v3Ydg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I support publication, provided that X25519MLKEM768 is distinguished from the others by e.g. recommended=Y, or by not specifying other curves at all.
The traditional reason for the other elliptic curves (government endorsement) is less of a concern in combination with MLKEM.

I also support the idea being brought up of offering combinations of/with higher presumed security levels such as X448 and/or MLKEM1024, with no comment as to which combinations make sense.
That said, I would be fine with adding those in a separate document to not slow this one down.

Regarding the potential patent issue, I count on public/industry pressure sorting this out if necessary and support adding other PQ KEMs in the future. Again, I do not intend to slow this document down.

-- TBB

===== IETF Stuff =====
This document may not be modified, and derivative works of it may not be
created, except to format it for publication as an RFC or to translate it into
languages other than English.

v2.35.0 | Report a Bug | By Email | System Status