IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

John Mattsson <john.mattsson@ericsson.com> Sun, 09 November 2025 16:25 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A515B8684F61 for <tls@mail2.ietf.org>; Sun, 9 Nov 2025 08:25:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001, TRACKER_ID=0.1] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1epatRBf8-GM for <tls@mail2.ietf.org>; Sun, 9 Nov 2025 08:25:44 -0800 (PST)
Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazon11011023.outbound.protection.outlook.com [52.101.65.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 771638684F3C for <tls@ietf.org>; Sun, 9 Nov 2025 08:25:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jkwkHC9L+lekj0i4gga1BkA4eakk21WYAhxefeSBWNXKSRIT93Sct9b9QmlZCrfsW0LuC29JIbLVcqgz4YzT7vof6eMuUtLo+B7oUSZxHo9bMO6XhKNKa+R6GDT+It1Tvtx7Eb3oej8GzN/6Yt9CenLCTvTif/k7k2K6/Zek05Dm+o475/a+0964TsNSt0uMCVD9rLvsv+HxGw+MmTIN62zu9e9jXw7eYV2tYM6UBKmN0RL2kEC78fwu9cRzYhJttPx9/X22KUZ8AnVjESIxnIS4vMf3AgZX9WFceJ7TdU1AaHoTggvu5Lkz1NfZuqhJwTjqmC7chqnADBZUepz18A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XzsFIRuU3jT8em+yAQt9fka4owwj9VAjCPXibnOjFqQ=; b=d/Wz0HlV0bk3GcsBsZ5a4tydiQ2vgl24zaHCC0W1uGoCxo8p47PFIy7pjWRRDK5E9CeKbFSPb4u0wMnFaC/mm8JX4w51V7b9DiF5iTNMUJweG3QrIhn/Ba+vk923eMOpqRLSaDb7qclu8fNXpd86nf8WuJpwY9NPu9Q/EgIqqa1EHy7sjJz6veWGl960ltsLwIKjJtWi4/9crSl1WvpjTVAIqHAtV7UjvNJfdKlsGQ4WytDbsGDBfbWgv4PhLoDLageSOu9EJs5eZHVkGlDzX1vVMK2O+yPRjvPpTqiNG3/4k4FECuxf4B9d6uMCFssY2bH4WMdKRONXXmx1xOp6GQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XzsFIRuU3jT8em+yAQt9fka4owwj9VAjCPXibnOjFqQ=; b=m975sU1CaNtOFjBuuobTVG2iNh3V/6yO4ADlR/29pvnhuMkX53qDL0dx4IxyqaQvAnqbQ3OhBpse6RTG+ylH49Bz+aNZTe0JxrTjShpiEEDLEQvsE0onaSrBhFpeGzTqNmB5X1aD4FPoJzhHhRWOyEyRjc8yVk2BN4TZoO90CoB3kh7KVC2auafdYSnfmbI6Sl6uHEAWd0AWQIQ+yll61NlgwQG6Rc/E0ZoAZ0NjHipRdlQjzja/osiplb6Vr4VeAf14WAWGAcMiBWB00ja6/oLwsWmlp5tURjKv3we5szf22xvvI+8ub//KTm97WxFWTHLAW+Bc+x1xg+Nbaqnzzw==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DBAPR07MB6728.eurprd07.prod.outlook.com (2603:10a6:10:196::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.16; Sun, 9 Nov 2025 16:25:36 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.9298.015; Sun, 9 Nov 2025 16:25:35 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Yaakov Stein <ystein=40allot.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
Thread-Index: AQHcUZP70qaRz8RxaEuKxBvZN5MCPbTqhjFK
Date: Sun, 09 Nov 2025 16:25:35 +0000
Message-ID: <GVXPR07MB9678202DCB49025183806B7289C1A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5> <CACf5n79zVkqqRynLdP+6DcDzQBunV1wfQjfXvqH53yw5Oyfyig@mail.gmail.com> <PA6PR08MB107078E4C11A260C4C549729FD3C1A@PA6PR08MB10707.eurprd08.prod.outlook.com> <BN0P110MB1419D8E2DADEE5A53CAE980E90C1A@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN0P110MB1419D8E2DADEE5A53CAE980E90C1A@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DBAPR07MB6728:EE_
x-ms-office365-filtering-correlation-id: 6d89615f-ea0d-48d2-f469-08de1fac9ccf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|4022899009|376014|1800799024|38070700021|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: NxAhGM4oHqKosDatiD1CK4X4rxoS7AQDxmdmMk+NE1oPEmuagAAF/sEpUN9NpxmwdYC0tDoR7cbZ1JUcrM0I0WUQmkkijhqYaz2CZAA6ND4sene/hDU/LgJXLUfe+WSU8fP6H/Uthh2ebyavKvzOAkggUaoGshdI1OvIM/6FTq9kLJd3vT2JJKZF5WLjUZxhNlOoZSceGY1WUoywft5ERsTq8UYexSm2trgcqVeD+RNCLgxMf6lhgH106Vtnbdb2rRxZM3kUhlPeZeeV6y60O6dD4/+CCOrKn2ry1aCToZOUCF661JOYKBYYgG2hiTLa/IHG0u/ZKrZTirhfObJ4yUXiL+pM1C7JXdhd55JwyOLSllvjtu7JMMwxcX5YkjsFBWCYHVbLhYXQxmReyctvvD7/FUy1H2+Fk1VozkO2GSjEUP7Nk+nBBdBdoln9KUnqdJUHIhAMNWdCF5KLlaiPG1bhaXYnvzhFi7C+tKR6ymKc7BwASFAMP+8Ku3boZTLuE2Yr9gkPOVZIDiYLxGNNSZqpRDxn4eO3qfiK1gBqMUsGML9q48FPk6hureVmFngaoHMREwtOFbB9k5X9rlIz0EIyeGD+Cw7yGxtUCJIDTFJVrM2+9dLQ2N25dsDltIZ+Crm6vxQl93sDoMPU6TlINuwm73+Klrm4zTsgcnyBxvOUJ24Q5aCe/MhklIo2eKPDEOE4Vl/sGjcMhqKHQYEEliPHUREfvCsQXHgaPj/oML8VkUq5K0QMuZf0boI2nuckaJwynWy2CxpupZLjxbBm5kwsBbDt+ZVLwURwRSBlKaFxKlo3DkVzASLt2AHJsr4JMD3j6Jw6q9coAuAkBLWwPTons3i6Yy694k2ai/cQGskJzUsbmMgddUKWXdD0ucY0puy2AsktvrtA28/s2/goIxjCFYHv5RVuRJJCwDcBDCzemYzLpobjFNiAjEtR68pwGr4sXqBlu3xuc67A+x7WDX/tSVkjzxwiTR4PE5NLzSvnhiSIOvPzKYN2RpU2BrOJ1f81L32vcP8IhgiYXbYq1+5ARoYM3EjWYl1sLXdgJhpFaPASYsjvQqw9ukCaEdAMYU43Or2i+qzaMte3lo94LoJcC/+nUiWblyE5bE3vPdjtDSBFw1YWwDyOqXj7FVSEeVj349LJL7s6gjugsVPGJBFbleS94V3xw0zrW4btsrMMcriLenE/l4zhwHvgVd+v4N6ZLjpyB8WHW4KSCl6SgiPAy/lp1ekTAPM+Ycnrwx9UxBYZlMN7tNbLSZmQOTEsJo2wEdOclfa6+/NwUGSPGaFGhMYOl+sPPXS2XUOMf0p7lOjF4w7YaW3Ri9u+ppj3PcnM34KfeBS7cfEzlfgGzf0sjp7y7hopaGh/lSpmxLkNs4OCWUu2oo3qU8Ek+iV0Z5qSLkdXozQQ0Yz7lawfvOxAj7ZY9A8HVsjKcdUf3IZiHkXhjhwz2O/iRvys9HM2MZdiTI09aqG1sf9m/ZCJfteYRV3cOQ//g7ZtI03sp72h2URs1xh3Xs+zVfJNRUjEyHo9mCxihS7Q1UAJE7MAKg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(4022899009)(376014)(1800799024)(38070700021)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: swQQb+cWkL9y1VnhAXR5005XcE3xslONfSyAUGbuwbmIA5D8JjfFnKmpJOm4WaJG+ebht/7PPIXEpYHEHzPESIjj5xQuvPS57xD4rxlESrxCfXAJ3x/ZI6Um7VvPMxrAXbc5pcnzAlvYiGhq7f/Zuk/XUMQVKzpNIBAEMujycKDS+0eq4GMzuyRZm+ivvjUhNw91kLQzPZxZXSjCdQIebjPI6z1X+637yNzgULbV/F1muQ5ScVe1i/rEf2CtRwc2JEnCOaPSi04rmhMQpnAHL3nddVCNnocFTG6t+lVBCFSe8cOkr984TmgNvwWHYhz8FJHdGi5spqAbf5/voqTgPuOqkVTILC6UZFJs9imvSpaxGfvHkVtfUxju/Ynf2doMUEx0L2nQX4w7r7O0JuIzDr1TkFvzFAR+u5l8GPpXZeE9OYLP6mrUQjvXUUIKDc7d+U5p+naIzQTLWHvb9Yi8Kr42V/1p7J82NIbzNkYEfL4tq6HRZ3UC8gw4iJKoZlymaf1hjDKkUGq8WyxvNyIhpMWF7ScSuyFtc/SfTQG4Cysx2WqRR/HtAx9FmolXTNS6J1jsPcpbkoeUB/dugFM/FCFxR1D4w+BRU+Ve03co5PSPfLyVw3yiqtipeluORIV7ZR1HlertwT3Yw0Js5C9vuxUVRrcpy2ZFF//LrpjcqRZDZLDm8Rz5ECF3m3G6gel7zMSh7gcNtE+wrvvLO6TW9gvtHJv0Zme5uMUfKdNxgSWIJlKRVRagnI32U/PbOGQMndzfyTSp9SncD++/CryIdepccJKekM7137RN0KXgEEYv9D6+pCra11gTrjfNci9QkWKRwZQrNphaEAIXMWLWkS5gYmSzxhma/DWfE5OSzYFg3rzdNNK3Ayhu3OO2TTP2ggZBfi8YBrpPE3dwh3r5VUaxjSDKn1u+f9sIg68UeRCjJzkanSC/n5BTImA7MNCgvDa8nCsgZuUYzYn92/WnYWJbBoojj6VpFaRAaTHyIM0M56yoPxF+iR3TOY8YHdaOZKJxipBZkOEhPROaBCyhyPSL2C22sUWW3GVIhjAVndL6xdDAKXcGOztQDE1e3id7/tQFge7yzN+QlGWPsrnINP/vePo/4C5DIvzbxfJox5bMYYpHeVDnPeGtxD5atRyIaTmDC0lmGINs7rdo0//Bvv4boNKiHmsXJfKsVCRkHCfK52m2CVBuO4GumOyZVCLeYA7vl0qkmqIvhGLFqR73EiIhBZzQmLzUmMl7lPt2ein6ALAWba8Gho4HRakwKAgn4wArFMusxcJbLrYwBQ4xZWZeaJt3EP7YZkZdjETV8qFqw+MScnopeRt15suY5cXV7jBTaa6dGDXAZ9MuhvKGdS5vWb0nH1fBdo8vptvgX+bEq5Qo+1jFo5cIHU1ZugIoQMhx7TfbNXUUoco4GWsnj+0CfxQNLJucZGXPMRsiaMjv1QfbD77c2CkR9BBzKsk9Sjqx7DhvJTBH2p8l2OtXSXTgK2NVK2y+jNH2TR1/krEoxoSkGYWnXgCaAOMxol9sGQFUzbV9CIMWHkcTNs68QotuHHH46ZFj/OGlTn6GANlCUOUN4ynbKtAAwQFk2oxuscBd0V0K/RENYZYhLRRlECEgm9YGdxNo17LZXkQX6Aw=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678202DCB49025183806B7289C1AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d89615f-ea0d-48d2-f469-08de1fac9ccf
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2025 16:25:35.8855 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /+g4fnu8y2IaPYm2tW4Lw9uTgLK9irMfoT1+AXnyyx+cuuamqdhJQRe4OESLJiXBU3p5OuOGCXO7EQCObUiye5JqrG+r89Z0NsV38b70iAc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR07MB6728
Message-ID-Hash: J4BRDKNBMPPCSS2C7DP6DJZAUFL7PQ2W
X-Message-ID-Hash: J4BRDKNBMPPCSS2C7DP6DJZAUFL7PQ2W
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ofoQ7mecH3sQmJYI9T5YMM_r6_Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

>US Government explicitly wants (a) pure ML-KEM, and (b) nothing less than ML-KEM-1024


Correct me if I am wrong, but I think the requirement for standalone ML-KEM-1024 applies for NSS (National Security Systems). My understanding is that it does not apply to all U.S. Government.


John


Sent from Commodore VIC-20
________________________________
From: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
Sent: Sunday, November 9, 2025 6:14 PM
To: Yaakov Stein <ystein=40allot.com@dmarc.ietf.org>; tls@ietf.org <tls@ietf.org>
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Based on what’s been posted and presented at various forums, US Government explicitly wants (a) pure ML-KEM, and (b) nothing less than ML-KEM-1024. They don’t forbid hybrids, but they do not want them – aka, if you’re selling a product to a US Government organization – hybrid is a liability, not a competitive advantage.

On the other hand, those who are the most vocal proponents of hybrids, en masse are happy enough with ML-KEM-768 (with something like X25519 or such).

So, it makes perfect sense for Chrome to provide hybridized ML-KEM-768 (addressing the needs of one audience), and pure ML-KEM-1024 (for a different, almost non-overlapping, audience).

My $0.05.
--
V/R,
Uri

From: Yaakov Stein <ystein=40allot.com@dmarc.ietf.org>
Date: Sunday, November 9, 2025 at 03:00
To: David Adrian <davadria@umich.edu>, tls@ietf.org <tls@ietf.org>
Subject: [EXT] [TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
So, Chrome supports only pure MLKEM1024, while it supports the hybrid version with MLKEM768? Is that because you believe pure MLKEM768 to be too vulnerable and needs beefing up with X25519? Or is it a computational load issue with the hybrid
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside the Laboratory.

ZjQcmQRYFpfptBannerEnd
So, Chrome supports only pure MLKEM1024, while it supports the hybrid version with MLKEM768?

Is that because you believe pure MLKEM768 to be too vulnerable and needs beefing up with X25519?
Or is it a computational load issue with the hybrid being about twice as expensive as MLKEM768 alone,
so with the pure mode you can afford the larger size which increases the load by about 50%?

Y(J)S

From: David Adrian <davadria@umich.edu>
Sent: Thursday, November 6, 2025 1:46 AM
To: tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)


External Email: Be cautious do not click links or open attachments unless you recognize the sender and know the content is safe
I support the publication of this document, and note that 0x0202 is implemented (behind a flag) in Chrome.

On Wed, Nov 5, 2025 at 1:52 PM Sean Turner via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:

Subject: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

This message starts a 3-week WG Last Call for this document.

Abstract:
   This memo defines ML-KEM-512, ML-KEM-768, and ML-KEM-1024 as
   NamedGroups and and registers IANA values in the TLS Supported Groups
   registry for use in TLS 1.3 to achieve post-quantum (PQ) key
   establishment.

File can be retrieved from:
https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/

Please review and indicate your support or objection to proceed with the
publication of this document by replying to this email keeping tls@ietf.org<mailto:tls@ietf.org>
in copy. Objections should be motivated and suggestions to resolve them are
highly appreciated.

Authors, and WG participants in general, are reminded again of the
Intellectual Property Rights (IPR) disclosure obligations described in BCP 79
[1]. Appropriate IPR disclosures required for full conformance with the
provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of
any. Sanctions available for application to violators of IETF IPR Policy can
be found at [3].

Thank you.

[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/



_______________________________________________
TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>
To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>
This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.

v2.35.0 | Report a Bug | By Email | System Status