IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 07 April 2025 01:23 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4DF9F1831E0E for <tls@mail2.ietf.org>; Sun, 6 Apr 2025 18:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFN_0cO8wxtN for <tls@mail2.ietf.org>; Sun, 6 Apr 2025 18:23:55 -0700 (PDT)
Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11020076.outbound.protection.outlook.com [52.101.85.76]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9581A1831E03 for <tls@ietf.org>; Sun, 6 Apr 2025 18:23:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g6J0i8XrROVA6xYzGva8gFvwcU+fn3uxQWvVznqMOn1tkxlE1s8g7VbiZ5JXqlOoedxMe5R9wj51HdQeyVu2xpYotODzW4U8g4Ojfl/6Itk87GIP6+fmkmzV1sBoUUr/p4WFW9Hfyy68RTzRgdHzk5u6RlK1RaEts+W6sOLeoOTpr/WGL2wwi/p7WsX1E0XQshfvkes0iPSMLr9PSQRkouIetLqnJTS0BFsoNa+0wJDzVa+3thz/uRvdX1lnoPb/7QAqjZfdzGai0FuxIJcu90151BWUkSlIJdoRj0zOdpnElARLKsYvHWmx1/JNn3K69CHKOWeydYYATK5SKKgykg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v0CvDOP0OQeycD/gS8SMTupwS8DQVEAQfjL+JjJ7kaA=; b=QJGSAs0o7GM4vvde3Fx8/ZuzCInSpKRStq2G3+e9Q4mL60d7CKvUOTi0kL/AfXTAOKJZKzS6haYMmLzSWoGGNaRvXuknBM3VgFP6ru4ZSr0nJKOtyGY7IUPOszGzsCu7HtL457Hd+1yHfIw/BqTXWHfdGhC5Rb34wGKbMJtF+5P1hYr0QKNIvWQLG8v6WRD/Hbpb7ZxAkVpWcQpWqEr3Os5Dn9zuvLafRx5UBIUdC6a7jkU4UyTjK17qfIJXZxYAFsGI7awzGDk71ReGJ0GDl0hxP6Bq9636x0L6jKKoACcD19i58dviVXzXWFFTjpxu5lxiXVQ0FibzW15asWOEGQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v0CvDOP0OQeycD/gS8SMTupwS8DQVEAQfjL+JjJ7kaA=; b=JVtQ0Wlj+1feMsPO+iFZOkqg5JzMtBdLy0VmlFUWTIEvdyan1oeTHuUbmep6m54qKLWUQCuYtV+JBE6ZOcJ0j06U53Xqg4jc57H6RjehwP/vRETbn5FNrKeg1LheYL1gBiqDOfRkKeYhpH0IuRKE9J6zut9NMJXj9Ok1QNDvDGw=
Received: from DS0PR21MB4632.namprd21.prod.outlook.com (2603:10b6:8:248::18) by DM6PR21MB1516.namprd21.prod.outlook.com (2603:10b6:5:22e::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.16; Mon, 7 Apr 2025 01:23:53 +0000
Received: from DS0PR21MB4632.namprd21.prod.outlook.com ([fe80::79f0:2b8a:8bcd:5316]) by DS0PR21MB4632.namprd21.prod.outlook.com ([fe80::79f0:2b8a:8bcd:5316%3]) with mapi id 15.20.8632.011; Mon, 7 Apr 2025 01:23:53 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Filippo Valsorda <filippo@ml.filippo.io>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [EXTERNAL] [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
Thread-Index: AQHbo7ZS6/fIF6yzTEC7rhFEj+JZ1bOXbQDg
Date: Mon, 07 Apr 2025 01:23:52 +0000
Message-ID: <DS0PR21MB4632DE488112550C2EB0EE468CAA2@DS0PR21MB4632.namprd21.prod.outlook.com>
References: <582917A1-F936-4A15-AE9D-342076605BE7@sn3rd.com> <61580a61-34eb-4cea-ac2e-ac41affc6f80@app.fastmail.com>
In-Reply-To: <61580a61-34eb-4cea-ac2e-ac41affc6f80@app.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=d34c3254-1bb1-404c-bb3b-b7eea4b427c0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2025-04-07T01:13:04Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Tag=10, 3, 0, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR21MB4632:EE_|DM6PR21MB1516:EE_
x-ms-office365-filtering-correlation-id: 3a36a411-0699-4f09-a7a8-08dd7572dbbe
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018|8096899003|7053199007;
x-microsoft-antispam-message-info: NO3Iz63xYQRSWhc+7A8ZDui+DjQ4w288mFL6JT5DnuqYl3l5Utdy20+I5GlAWy59nsW47OWXObhtND9r7Uriu8O+Y40HqSERY5EoQlzquyaSEiFGfOlGPuvbpIBaEo6ccWgVBkArI2HhBpxo6gMCTMKNb2s1mV0tBHI6lqpJ2gfyXx8Wt1nt5FftKbWZNulDWUuZe3V5kc2VgL01jNxZ2ZFfFP0QV7D/TJ9+SfhoIBLEnIpNJypWcsRDgvavCk/JYE4bnRfrc1cUoYDWPmpOyUGHntqQDowWXTwfch1K4X9bfSYRvXaNz4P1DNm0fhjDaFAvLiveqNG2WCZLVxd4ee95780zLcc6zXlW+abnURJUHD5ydkVl37plyKNWTxLSRpLR53pnGX6ZHigGN6vQKD/U8XpWgCLC2HoEF2QP4ndUq4TpKvh1M7zTW6S9cCnzG3f0X28/djZ1lSzZGJRfsdzhMks7eatYk0ahVSVsun8bxxR0ilHg6udBp5dVGCkzRy6UdxWrA2pRy0mu52F2f3WjMsVDpzG+PA9q1WcW7oBRonCr7gKnc7w0ZxPd1vEWeQXziIUgTmZXZQyoGVjEfTyCHrRwiiWTBuXPe9YfLGXgktMEJgs9sYzVR6esPZe6OuWywPNe7bqYgVKQH3hRfmQCmqX7MgvOPUV77CE/OlCX+RhOYOd/9EwMZPhZqptOVDQcDoiVBwi9q23Uz9SoSedgLANLSt+GmgU2rtzPJkvxMSj2G5xaHeQMooZmB4mn+pdVRbjOhLQd73xHb7XHZgySp1wVS1g0es40J39XKEej8EjiaCbPbx4vp1z/74WxsFBVjfumsBvYEXl1uubU1LV+M9q0FMWPNzh/nUD+CXwS9pkuiwvxWp5S97Qx6XT+lxiD5J++Gj+IxWhA26p3utJRpX2ubGa7JpviuIEJ23/jfhLdfvJuLy7HzuyjRwKY4wzUOMnsdGgQbzZZheEHKm4DJdSVMRnd5OqrQEt5nf5QG0F6x9OPCjv8WftStXYQ8rS7f3vbm6R5jE+E+hXCw9NO9DBqgmbgEUVmXsy3JD4FTmqMoWhVGR6fAzho+cPi2uTfZAQV5eiI+KclLdLuAEbrTXt5xcobxznS7tJYaW52fkHITba7teswteGzg1zylmTEKI9Ax2P+s8tRIvCTXuEBX98jsuJBOEAFC/zrkGuoFsiNae9pPgZUfXmND6InteZKDy/gvIvYhG0JiKEqZ6fqYozwbVNrTAHStiYYQvRLNhjs7K3oxpdVZJFbiREEK0glEpNDD1NKNqiFoGrvoBYpaWVJwfv6ePtmS5+JOkRX+XSCDq7UhUCyOvezS/vy4rgcLtpPYZ7Gq5qhL6SC/UZJ0JZ7D3XU9K4UplVWRuK7XrJqLTiRAEN6tdxTd5MDA1ttfFrAk749NpMFbEtjVSchmTY0JbOM7uRL3o9wdE6PQqfWZNcWA3QbQF3s962mCf80/sHrRbvFrFsGMWyL+Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR21MB4632.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018)(8096899003)(7053199007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tpysFe1gNKsERPZjkrtno6PxZqgxS+Bq6ralrJKRz0fa5IMT1SLlTrYTgDvKzgfy0Du1Glbd/kgYYFqR4HcgiRXjHfUuS/iLUqSLRrqdzaz9H5njz6KoNY42Xhc0n2/9S0cv8CkGSlJH7u+/06e2dn4ycapLifLUE78YdPDIjHd9HjWQ5CIsmDC5+wyBAcf6fY0ZgO26uJnLmw6q5TNnyd+u70TNo9YzenWU9gOWHUnChlUyC97zgnNux56GNhCj/zG0G6anXSSAdOpVlRubOblWySWz2LsWWSbAx8RiAnO09w+sf/Rhzv+Lf/uvq0AOspUPowaJpPFjBTfEhX7NeAZRTY/fr/cZB77dlEL4BrJSBaDl4Hov7T2yf26nTSfhh6Y02+GLcjX3VhoAYiTKufiRBTIN4URpweqapZQcPJKWYeK+bSrVGv4x3+05Bh95bn8nXteUbiQYxm7R5X5NuK6dReMLz+tuiaS1Xpe7b0Npo+gMDmkBhXrCx1kHgL1R2+X6+eiPnFGKgOlYF8QPA/WbpRswtDUDG3nvMfOPXRZ2Oq+mEvwQWbpjLazUlHcV78sgBvZKGCPUkai1osAXNq1lWTwH8U7te/x7tpwrsmQ/g0kxaEt64QX9iet3RmXT9F8+2VIc8g3PH150w6M+CkOhyaFgCwyfvgykC8Lo5GyWLnhqA5GPFbdUr8QT7fWZ9M2acZ5Sevoj4Oo/rXKCcjG5H6PEa2xFQSS0iPoluujvUz2v10ssPIhdkQkiHyv5WxTUzS1IJn3/qBRbBMo/9szmE64NKT7w0gT31Vd+BKhZ9vFFfxHTWEPR6GQuXH5hQfUTJlo6gn9b5KjDnrnKD3w3tD2hkMPf75vf/bR8R5xWR8SwBIg7hRXPpndz2VmzB38+6uLsZTK8w5+azyqBwJntMTkeoA0ffzGfkCijsQKBRRUSpP/BvAglohD9GDbt+Omb53KFCv33Pjimn1CytCsfGss/G8PqiACbbyHgM8MCq5jKXyN0HYaHnTHaDqphwRwc7/CHF269TWcpIT2sAnE3Qy2YSIb5fpPbkroBRGzUaUwzupp+IetuTcyvpIG1JNpFeP8N4O5sLmAgGFhQzCpwDi93ifDSF3tk2Ol/M2UU2DXolQVTO31Xh+txb/Fd9KEaGAnGZcVxnSI2fTz4QF7ukz3NPcU+tPA+G446wj0u0ddNcq2wHWbHhybJwjP3ZkRYvBTXuKfEz/hyh+2jagRBACLh+RqnedfTgOgdTtimpIjf0ssWrx76rXrdJPSjVCzZDTzk8p07J9nfAT16wZF4b+Ucc6uNs2979YWq/T3USvuFAJaP9NX3MEnWmasbQ3kFgGx6T0I1uT+7F7xZFhCjzU/NN0uQPJbCQSDy5SGLOd5A6Ft8zgoAJp3It/F6tTOhilHVzfKZcU871RhEup5eYD+2XlTNG8R6hqRTbQ3pbogBivXJjvoXIiL0//A2N8WZvfU6UdNesBds2dFbAEs7e7xy7e5niTL6NvhcuQ3vS/doUCJ1EXgfOCA42fbNcb6CS2rmQeJXy3xsVdqKN4EbGEQdLOpJh+eTzN10rTCwAWEFWai2regWVJ9L21nb
Content-Type: multipart/alternative; boundary="_000_DS0PR21MB4632DE488112550C2EB0EE468CAA2DS0PR21MB4632namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR21MB4632.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3a36a411-0699-4f09-a7a8-08dd7572dbbe
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2025 01:23:52.9648 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4rJChkFOJqLSC2XdUS7mFjT91sDMEAyZHSxn8f3SSNAepEzJvgK5A5YwhRlh45LcJwY9SZV2e7uXsR5GQ6diOg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR21MB1516
Message-ID-Hash: 77H3OC3Z37DSS5RF2RLPWBV6KFXIDFSA
X-Message-ID-Hash: 77H3OC3Z37DSS5RF2RLPWBV6KFXIDFSA
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/r64-d7iYMDaK2hf2yhgI-VY_DCo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Key reuse makes a significant performance difference for a busy TLS server generating thousands of ephemeral keys per second.
However, in the case of KEM-based key agreement, the client generates the key. While busy TLS client scenarios exist, I do not expect that major TLS libraries will implement client-side key reuse, regardless of whether an RFC explicitly forbids this.

I support adoption.

Cheers,

Andrei

From: Filippo Valsorda <filippo@ml.filippo.io>
Sent: Wednesday, April 2, 2025 3:00 AM
To: tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

I support adoption.

I also would like to prohibit key reuse, but opposing adoption feels like a bad way to reach that outcome: if the document is published by the ISE or just lives on as a widely deployed draft, the WG will have no say in what requirements it has.

It also seems clear to me the WG consensus will be for the codepoints to remain "Recommended: N" at least for now. Opposing adoption to force the document to be published in a way that can't be "Recommended: Y" feels like (unnecessarily) meta-gaming the IETF process.

v2.30.2 | Report a Bug | By Email | System Status