[TLS] Re: FATT Chance: On the Robustness of Standalone and Hybrid ML-KEM Key Exchange in TLS 1.3
Nathanael Ritz <nathanritz@gmail.com> Sun, 07 June 2026 00:38 UTC
Return-Path: <nathanritz@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2562DFC92433 for <tls@mail2.ietf.org>; Sat, 6 Jun 2026 17:38:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780792719; bh=8c9wk6nIQ6LaKVHUSJA/5TGF1OrqhFnhfHf/CRx9unA=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=tvvwkHWsX6V8pWEA/8l/34tBTlFVG7AHOubj4VgfmBLq8ZrA22srSWz0yoONbXLY4 f4sL4/pSpID81nePt02ivhDHfMlElh+xKXcF0Xk+Kp/b71WvWHecHrp5ShJAJfQp/X YNBEv6h2NHcgadbUb1tj639mYwGhu8I/esl5kPPc=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtsNLJHwHI5G for <tls@mail2.ietf.org>; Sat, 6 Jun 2026 17:38:38 -0700 (PDT)
Received: from mail-dl1-x1234.google.com (mail-dl1-x1234.google.com [IPv6:2607:f8b0:4864:20::1234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CF125FC9242C for <tls@ietf.org>; Sat, 6 Jun 2026 17:38:38 -0700 (PDT)
Received: by mail-dl1-x1234.google.com with SMTP id a92af1059eb24-13809ed8fbeso3562475c88.0 for <tls@ietf.org>; Sat, 06 Jun 2026 17:38:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1780792712; cv=none; d=google.com; s=arc-20240605; b=bvLqTDMPNMjYXmrjXtMSdUb57Nf2BnXOV62qwAtWz6y3McabQQXMVO8bMxymA3g1KV jtKW6Uq9gRmHid34XejtHy1tptAkrj7aClz8Je4qRgoqVpaw8yD3yrBq3KU5TasDqPfh DbYOVsoYg3JCO6I5SCbAHqJ3uoZ3h7/CuR6Mgy68exxee7QY+IYy0UOW1kMWtNy8VFbX xSbtCTdnGdlJVoLwNgwV5yg2X0AdK3arlWDfyIrlUNEDMSdpak7gNhCCnfNFWf9dgYdc drud1z/e4OjCXwa2xJngHeoIpBFEYTBJXzCqNIbGhD4brrWjqoHCS9RohCCiLUzF7ylR DWcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=KQnxIQjic7Ao1/5h28VbW5OQJ7vhbIczwJ6aHaYoMxg=; fh=YjfvIVF6EjfX8nCcjOpwSk9Vt5eJT8mT//Wp7JjYWZs=; b=gwL0wOGqYT9tjHHXLz9mZQ4NjAnyCJLCV7y2z9v/ZAV+wJjn+V6E29R4VkjFjlOThz jIFsE3h7LPQuknPfeczyNeIjXIhj3gIx9soF1OxjrA+5nY41bT08UWYyd4rfZfOQGtqK Lyd5QPOCcAaYsZW/sqI0yHmc6ZuO+r3I2uZGKIodlYJ/nRJ78nLkqtkhIA3X3T6kINJd OcHT9pd8QGAY+K168iuBkpSOoJ8ab4pHwfqg+kuSVZjYs/POEo+zlIWRiiu8W28i2q9/ dw+4pRY/okmvDV/3eTp8OZJgBDzg/Smztt09IXBqgvtckOUglv7zm0NL91WIUzunPbGW GuFA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780792712; x=1781397512; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KQnxIQjic7Ao1/5h28VbW5OQJ7vhbIczwJ6aHaYoMxg=; b=Zl1Qh30l3YuMOTqdz2iAlPNnqtdl8f1ss2Yp7qlvC4yczZpb2dSlKWwI57QlnJIeXj 791OhehOuVMWeH3ubO3AWC0knfcqBHeuoORiCO1Xi+KrdZiz1Lb7LcJs063pJuDXsXKM pLJ5Pqz8a6W6qdPuA83HscGshVfIOsMz2h+x76aC4L/O2/T27dNBWB8rmY2sBirtxNKA 3W+LoxUaWj+3ENK031ZCzTFkohGVquSXXHtqfqc/86iVgSaQPZemwejiY67YiXOI5EgN LM+JHhz1awZ4G0zLgMYQDc+rrqeLsefrgM/oGskiNc6QuXsbwjZp4hlgdcxM+taUSaJv /OSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780792712; x=1781397512; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=KQnxIQjic7Ao1/5h28VbW5OQJ7vhbIczwJ6aHaYoMxg=; b=hIG3evEy1ZYEMs1LIRlu7eNlgPmy1tB609M8xMTEZuAF7Qi9yI2OELqcH9jiiTuzMU 622k/gMUBRGyhKPz8/mK6jNSmzQGTVChRBNuTDGqHE0wY6qkxdKI3pQYuYsXnS7oeaFD JUI0VN9501qRwLQ5BBKh9Fu2Y/Vdc2GhuSSoXFlKURXmUO3hQ+aKN6TImH1H0yv7U7Nl XeORov+jm31fvnUqxzlidDZVEIrmYoeqetYqMKptcLHiJWFptrjbktAb0GZ7S8WoMlJv YTHM8ODoCdl35R3zod4MyOEDOi0pDVKQk0e1Q+1QQQTtvMI2PkcbB5mnJxXoJKA+ZZxk bF1Q==
X-Forwarded-Encrypted: i=1; AFNElJ83pmNvx25GRwhuwHEkUg8Z+jGWykDJBfi+2P+S2dQi0fUj4wIe0bHmH/aWJZ+rxOKe2T4=@ietf.org
X-Gm-Message-State: AOJu0YxQJTqsXjIYWdx9kbPa/SI9K5KkfG69hiZNKzbsw4z4iMdjSTJX 5POXhJW/D400U6Blktb0iuAbJ5MO6BgEfnY8jiYJX9rttJKN2awp9Y6L9z1jRiYsfagLONxXO1r 1GBE7MIxOb9OFLTUysNFTtBcNsZjhbIKwaNrF
X-Gm-Gg: Acq92OHGNj9rDUJnO4G86lb1c+yjerfj0XkV1aOBtUBESyQvcNyybb6VrtfzS1/xHbd 8YtJuF3yF+WyYkVflj+3g5EXI6qBl69zfQv9HfgaPSPmFvEuikNYax/Fh0u5rUtdO3CT9GFtEEw vpYxvL2iMTucygtagx4IwNK2MkwhQ4t8pHhg1jvie0PaOciRuraDxBdfltgO04ONgvmAZS40WaN bIA5Z7/NBDSpACfbAI6ZZrxfszMBsjyKjuh5tnEchCr9nDv557B+B0zOwTRV9bqiQFQKpq6NkTo hzzwd3O43RE/nH8twjKaJuaoPCopw6EtbZ2Eh1NMa6Ejew8rd8hU
X-Received: by 2002:a05:701b:271c:b0:137:fdaf:1c93 with SMTP id a92af1059eb24-1380669c7bcmr2894615c88.10.1780792712200; Sat, 06 Jun 2026 17:38:32 -0700 (PDT)
MIME-Version: 1.0
References: <AS4PR07MB8825B096CCE8A2E16A213658891E2@AS4PR07MB8825.eurprd07.prod.outlook.com> <657a486e-71db-4582-9424-78d705ab2c80@tu-dresden.de> <C256D479-684A-49FF-9A5E-7353A80ADCCF@symbolic.software> <CABcZeBPQbw=WnTVm5P7KnsVPNLG=uR0Y7f8FOYYm+K6nOMCBQQ@mail.gmail.com> <CAHxYnaOep1e_ovP8_yykiaPoiGOmxc9HbnLmkVveNa3HWhEk6w@mail.gmail.com> <MN2PR17MB4031EF556DD6E77A23FAA814CD1F2@MN2PR17MB4031.namprd17.prod.outlook.com>
In-Reply-To: <MN2PR17MB4031EF556DD6E77A23FAA814CD1F2@MN2PR17MB4031.namprd17.prod.outlook.com>
From: Nathanael Ritz <nathanritz@gmail.com>
Date: Sat, 06 Jun 2026 18:38:20 -0600
X-Gm-Features: AVVi8CdKLS6w3AbejV2HdMIeaXdCrEQLjmRGaZ2aeu4x8BiNoXbvJ9b3xGM2hgI
Message-ID: <CAHxYnaOwz=6Qb3NOMQo0hdxrTO7qYaqMWST1cruOatWW=q6wTA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="0000000000000789a906539f1d05"
Message-ID-Hash: CAH3PHHPG44IBFUBRPVXY7N7FTBUMZYW
X-Message-ID-Hash: CAH3PHHPG44IBFUBRPVXY7N7FTBUMZYW
X-MailFrom: nathanritz@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Nadim Kobeissi <nadim@symbolic.software>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: FATT Chance: On the Robustness of Standalone and Hybrid ML-KEM Key Exchange in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rjPx69r3oVgPKge6oNaCPMWraM8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Sat, Jun 6, 2026 at 6:10 PM Salz, Rich <rsalz@akamai.com> wrote: > > - “Machine-checked symbolic analysis [REF] supports preferring hybrid > deployment over standalone key establishment, confirming that hybrid key > establishment remains secure under compromise of either individual > component.” > > > This would only be accurate if we added something like > If the security of the key exchange is the only consideration in > development and deployment, … > I can see one error in my suggestion is the use of “confirms” over perhaps “demonstrates”. > And even then, we’d have to say “A machine-checked symbolic analysis done > by an individual” > > By the time you make it accurate, it’s pointless to say anything. > I think it would be accurate enough to say machine-checked symbolic analysis exists, and such analysis has demonstrated a specific outcome. I understand the devil is the many detailed caveats left unaddressed by any such hedged statement. Cheers, Nathanael
- [TLS] FATT Chance: On the Robustness of Standalon… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Bas Westerbaan
- [TLS] Re: FATT Chance: On the Robustness of Stand… Ilari Liusvaara
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… John Mattsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Songbo Bu
- [TLS] Re: FATT Chance: On the Robustness of Stand… Ilari Liusvaara
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Kris Kwiatkowski
- [TLS] Re: FATT Chance: On the Robustness of Stand… Songbo Bu
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Deirdre Connolly
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Eric Rescorla
- [TLS] Re: FATT Chance: On the Robustness of Stand… Eric Rescorla
- [TLS] Re: FATT Chance: On the Robustness of Stand… Songbo Bu
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… John Mattsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Jacob Appelbaum
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… John Mattsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Eric Rescorla
- [TLS] Re: FATT Chance: On the Robustness of Stand… Eric Rescorla
- [TLS] Re: FATT Chance: On the Robustness of Stand… Filippo Valsorda
- [TLS] Re: FATT Chance: On the Robustness of Stand… Eric Rescorla
- [TLS] Re: FATT Chance: On the Robustness of Stand… Deb Cooley
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Soatok Dreamseeker
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Soatok Dreamseeker
- [TLS] Re: FATT Chance: On the Robustness of Stand… Peter Gutmann
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… John Mattsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Filippo Valsorda
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… John Mattsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Ted Lemon
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Andrew Lee
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Simon Josefsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Viktor Dukhovni
- [TLS] Re: FATT Chance: On the Robustness of Stand… Paul Wouters
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nathanael Ritz
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Yaakov Stein
- [TLS] Re: FATT Chance: On the Robustness of Stand… Nadim Kobeissi
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… David Stainton
- [TLS] Re: FATT Chance: On the Robustness of Stand… DA PIEVE Fabiana
- [TLS] Re: FATT Chance: On the Robustness of Stand… Simon Josefsson
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Ilari Liusvaara
- [TLS] Re: FATT Chance: On the Robustness of Stand… DA PIEVE Fabiana
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Muhammad Usama Sardar
- [TLS] Re: FATT Chance: On the Robustness of Stand… Salz, Rich
- [TLS] Re: FATT Chance: On the Robustness of Stand… Songbo Bu