IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Eric Rescorla <ekr@rtfm.com> Fri, 28 November 2025 14:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id DEBBC921A744 for <tls@mail2.ietf.org>; Fri, 28 Nov 2025 06:13:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CJI3MSaaMXjO for <tls@mail2.ietf.org>; Fri, 28 Nov 2025 06:13:29 -0800 (PST)
Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 207E2921A739 for <tls@ietf.org>; Fri, 28 Nov 2025 06:13:29 -0800 (PST)
Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-78ab03c30ceso16722007b3.2 for <tls@ietf.org>; Fri, 28 Nov 2025 06:13:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1764339208; x=1764944008; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BbihrttZ5bLmqhPr1/xaJjhWLG3vcTGA04vTyh2N59A=; b=FkpBDZZYsvS6VFv5Ppx/jUrPP2faKGkvwhR0aj31llr1mRb3/1Yppc+01uxNsRt3L9 UqCbw6UWMENAnDSQifdd22ySod1KKUi4T+3L0E2eo3ouP0OqZWfVDgDZLYnQ1660jLT7 wGK+qwdFf2H/gobOBgt/1XHlM2843fqufl5nW89Su8E+eq2m8FDo90zlEzBPnwM0xeHY yOfeLA0w5BjaIC0fOVU81aYQ3LI0/Wy4Bat1JSfZbF/2zhoGBzJoeZYLB5+330KD5tB2 sRXNFsQO2Fyy5g5NpeDugJTKtLxieIUplGaOlUJjQ5o4omrvKFixhURiYdrpbgSqmHE3 tPYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764339208; x=1764944008; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BbihrttZ5bLmqhPr1/xaJjhWLG3vcTGA04vTyh2N59A=; b=S8BfjUqRzm8SN5+U0cn/i7Px63T17Giw/BWgf3nmPYdDScLhyHFlnFImJ+8z0Uxgd0 N7FZ22XbUSrAD4abRcnpXTf/Tpb68STyYLqtV19xQOPjxLNMDmMiIuS+1j4I8pLsjyrz CGvrA7uwTX5CWIbE2JFM/qWFAHMmCfyx8VUDWnwUvt+FeUY6C23Z9iBsSAYRxCMgeJCv Lzrl9GxiHQFGm78QCEVeUmFTNOzTwxIv8Hyxl17ypUYgI2ept9Toztg5QGydI4K4jT1f 11GL8nCnIomqQ2GcDMscNfT6dgM9QUfOcstae9gcYa1UKT9SpLDWiEUMOqffOWrPakFb WZjg==
X-Forwarded-Encrypted: i=1; AJvYcCU+68PUsdppjt0Ycam7UrmjSO5vJ7auAKSjctuR36k9WN0m5IloNq64hOHHKdyuIi++1vA=@ietf.org
X-Gm-Message-State: AOJu0YyCd3QeKBUcVNkFuf/Us4nYiWelZ/r3MB7ql+3iuDY7/+zmr6fr 8x/VazbxKS5ze+UITevgufwv032987+B6NvrKGwaZUh7G7B+wnH3+zfMVxafuEaZ1NNAIjKk+NE JDED4yvlLjZCinkqXzBScKL3psIKhJBNpIUheykDD81cmNkhsYZXY
X-Gm-Gg: ASbGncvwgFxe7vP2BLDSwa3y0+W5iyLKotzbvwf3PtdWUe2gBzSuzgqMx9GaxjWmXMZ 8+P/wIdlK1ImubXBZ3tDn2JYLOpTEVnMsT9ycXFAUcMF9PLKUXlFF8bcVBmaZ1F6pK91dQEXPqn 8YXWIrwEtgdIRdqD5TYn86FbVDQGoNx9pwXDEwqgWA6oqFU7XTXATTt78fPgKWC8genfMWCCFzY 0uNr19AtbSfyr/8StoF0+fWDteE+hJSLradISuYOdk2mdjoe22vNuyT/+E3NDpzKjZ//8VAGN2T umkB1BkchFYayuo5MA0jUVe6eztFZmtqPZrVWBQV1QfOfcsjb8ItS8tVUVyK4r9ALzSLxEWEI7W TJjcpCA+jRw==
X-Google-Smtp-Source: AGHT+IFoqsIcGZSF9SwA+YUU0UgLsxa2FdHrUm9P/nLtDaPgV+E8dQ2Xsw80oYCN6T2NiBa1ugaJf079siP01SWx4Ng=
X-Received: by 2002:a05:690c:368a:b0:785:caab:e660 with SMTP id 00721157ae682-78a8b4979dcmr231069167b3.26.1764339208360; Fri, 28 Nov 2025 06:13:28 -0800 (PST)
MIME-Version: 1.0
References: <GVXPR07MB9678A5FAB3C2BEA6E5E9540E89DCA@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB9678A5FAB3C2BEA6E5E9540E89DCA@GVXPR07MB9678.eurprd07.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 28 Nov 2025 06:12:52 -0800
X-Gm-Features: AWmQ_blzzurk5vyBoJSbXhwNF7Z6BGdSBhsYRxTadYAHzgcsmV4Qm0YswJ9izHY
Message-ID: <CABcZeBOB+aoee0gTThBzUzbjbE_iTuFR0QNe8vz-hiX_XT2n8Q@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000c722720644a83bbe"
Message-ID-Hash: D3TWTBZBGF63SK37ZT7ADGN26H7CDG3Y
X-Message-ID-Hash: D3TWTBZBGF63SK37ZT7ADGN26H7CDG3Y
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oZ17glig5TFY7E6gIBqtuVJUQc8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I think this is a reasonable substantive position and a not unreasonable
interpretation of the text.

I think it's also possible to interpret the text another way, but as I
said, I don't think it matters that much.

-Ekr



On Fri, Nov 28, 2025 at 4:05 AM John Mattsson <john.mattsson@ericsson.com>
wrote:

> Hi,
>
> My interpretation of the sentence “In the absence of an application
> profile standard specifying otherwise” in RFC 5246, RFC 8446, and 8446bis
> is that MTI requirements do not apply when an application profile standard
> is present. I also interpret this wording as allowing 3GPP to define such
> an application profile standard, which is clearly how 3GPP understands it
> as well.
>
> https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2279
>
> I think it makes a lot of sense that 3GPP can forbid support of weak
> algorithms such as TLS_RSA_WITH_AES_128_CBC_SHA as soon as possible for
> them. I don't think it makes sense to force an application that only
> communicates with itself to support algorithms it will never use.
>
> Cheers,
> John
>
> *From: *Eric Rescorla <ekr@rtfm.com>
> *Date: *Thursday, 27 November 2025 at 23:37
> *To: *Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
> *Cc: *tls@ietf.org <tls@ietf.org>
> *Subject: *[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends
> 2025-11-26)
>
>
>
> On Thu, Nov 27, 2025 at 2:14 PM Muhammad Usama Sardar <
> muhammad_usama.sardar@tu-dresden.de> wrote:
>
>
> Two concrete questions:
>
>    1. (trying to phrase my *authority* question more precisely) Is IETF
>    the *only* body to define "application profile standard"? or do other
>    SDOs count as "application profile standard" as well?
>
> TBH, I think this is an undecided question. I think it's reasonably clear
> that IETF Standards Track documents are in scope here, but IMO there
> is at least a reasonable argument that standards from other SDO
> would also apply. I don't recall this ever coming up, so I think people
> are kind of left to interpret the text for themselves. If there was a need
> for an authoritative statement from the IETF, I think we'd need to do
> some kind of IETF consensus process, to, for instance, issue a liaison
> statement (though see below).
>
>
>
>    1. Does it necessarily have to be standard track document?
>
> I think the term "standard" here strongly suggests that the document
> has to be Standards Track.
>
> It's not clear to me what the practical impact of any of this really is.
> The IETF doesn't have protocol police and won't do anything to you
> if you violate some IETF standard. Sometimes those standards are
> part of purchasing decisions and the like, but presumably if you
> are buying an implementation of protocol X and X uses TLS but
> overrides the TLS MTI, then you expect the behavior specified in
> X, whether the resulting implementation violates the TLS spec or not.
>
> -Ekr
>
>

v2.37.1 | Report a Bug | By Email | System Status