IETF Logo Mail Archive

[TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections

Eric Rescorla <ekr@rtfm.com> Thu, 26 March 2026 20:48 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 67FA3D2090D1 for <tls@mail2.ietf.org>; Thu, 26 Mar 2026 13:48:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1774558130; bh=VmbuhxbfqmbnMJKtmtMU8LlF2gQPVRdVoUDRFd0A1pQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=Omw4MVONIif5vRxeC2Rc64Bz3CCFoDAHzDppWoKW5W/S8dDiZYpOv8vrmrKTtytIt cfL6vv41tgsqj1M+ptybGu3AS6Vxj3VfemCaA9KmiOlDoWQLGbxjlrIZB6Qn3zKLNe G5gg/VSCZwDDpBgjwT3l730Z+rv5+1v4gFMrBJqE=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g0zJ-4zO5pUH for <tls@mail2.ietf.org>; Thu, 26 Mar 2026 13:48:48 -0700 (PDT)
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 08654D208E5C for <tls@ietf.org>; Thu, 26 Mar 2026 13:47:51 -0700 (PDT)
Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-79628fb5c05so13349027b3.2 for <tls@ietf.org>; Thu, 26 Mar 2026 13:47:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774558070; cv=none; d=google.com; s=arc-20240605; b=gkK3C9M8FtmCK/aPz5qCMFrfVXKi8HsyMs+101jgKt9VmilhWNmor95FV0Xn6omxhI PyfXqA66Qjc3KiMWwhIBwVZyxt4+WIDAwR1YuM7AWJp/9dpuzFQEuDju4YsNtnui7Xqb 9JA4nnKJV6/oumeMVF/sLJN7CdIj5cK9RfjnYgPP7XKegVX6IjovwEg0V9TRCjvGQJtn FIvZRTa7Zw0R3Z7GtHlDI7V3SJmy+Z9cakrJ3FO4UYpTwES51smxS8lOp6tSyqxmWaUt V5YYcKobMJNDJ3K+7MlT5cxz3sffpBNmGNOB9fCilof7FmIZxbtuIxEQoySQz+M/P3h1 VH3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=+I+guHaXW2jFIvqzUN6XRVugC2TheFgWS6i9PMGsA4Q=; fh=6phKw8fdsZR6uIVbek6TWJciVl3SQ3MEB50QZOSuTss=; b=ZcCnKetnDjnPTyGZXHo+q+FyDUlT7nEXkSqVENSB5nkWPdIXPP8Jyxy6LmM71R8oQg qIerXqwcfJWA6YNnob+aGVUJUqMuuCcqmWMQxtPR4snmOGoqYTubSAIITjkfqWWkyIt6 wCKW+fZoNBsFRvNWw7an43KK8kWLG651WgPy5WHGMlpC/uMH6MTZ8fi9DKZSKoJMUFJO 5zp/TGe3Oq06dZtwSkil9CNsxupnkIb7JV+JcpThbRVIxIok2JYGydqtrZQBdkMQgpao gZWizJ1XEdNSFMUh5c0sXf42TldnJGOFbg6INdva3YwMOTajcTZfYaJ6/BllRuQNR0Ab bgAA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1774558070; x=1775162870; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+I+guHaXW2jFIvqzUN6XRVugC2TheFgWS6i9PMGsA4Q=; b=tPkiaTbI/NI+xwhsWm5HdClzmRFjAVmajonA+VT+wkLyEUC8PCjh8ZuYaqQdp4k16i IF/cAtxC4Ibd/YHxTQCusijZQYOZMUwK4r0lByqc0Vj7rKUIscTJhe1i4YGXmiMqv99+ 4SSC0zupliWvlOyg1V7RtPBHNTK9hrZLcUmT/XVj8YjNh13XI7JMzsedWM0RiEXLlGWv /hgZT6ynCuwdHwsiQ5IJqGc7cgp5OTbcolOcQPVSsWH+iF6cgE1JQFFx5/g8051/4kz/ 1pto59ZpfcZCZM8cGZqU30ngI5GcbYumbeN+PV+UraWPrm3AcW2Fwf4UTGns2ZtGz/wo PIuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774558070; x=1775162870; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+I+guHaXW2jFIvqzUN6XRVugC2TheFgWS6i9PMGsA4Q=; b=s9UtlCnHm+rSaMd5hRJizT7eGbSBuGCh/j7WTeI/rQM93v5FygDaKxUe8pc8IHZQfh fTorV1HL69hPbdT5SO/3chs+6fdEO9DID2I0NYjlxZS0+f1Gd88n8u9bEB92hHMeMKw1 S0IFoVzCLirCUWjN70NuXiUqn21x3B1OxQ28la1D311JRZ5U5uvCjyCQMM6zr1Qj2hIC 4r4tcIF+Iy1fPoW6Lj0Wo260fUOrMQRkabO6bBZa9XxmhpHNN2QEclPtgWtEoZR1HbOh j+oqYzyblG+7IZCpwFCgxRsOBFpgDXkurB9jaURhWfi0udR0SarczyvQEVCSvwuXmk5w co5g==
X-Forwarded-Encrypted: i=1; AJvYcCVl2mZKbzjIODD0SlsOkbUxEU6mNmlgPf9FEt5LHlnWNFrAGgBWzkPrHubTREAkCFYR0VM=@ietf.org
X-Gm-Message-State: AOJu0YxeK8oewNZQgeUhrQaAdUloezkfRApJW1ziuBu8IiIgKX80b3BT iWHbVUvOzYJEgqig9khPZzSQHjfZhThIX4J8tVryWhwIimwf3TaJo8dESn+tsxpQJ81Uo+CtaJM ORzMbSIXdUZeIIuWT03pf7FnrMT2Vn4oQam3AelCTq4QU4grJqM2J338=
X-Gm-Gg: ATEYQzzOaupuNkKzwmXyHIOcr8zOBgyo+Y4aRs0UXLJpZGCS/YLgWKXeH7uATYOUTEt dNzR2yROD4PXFKoq26fMsr1T3yq2osAf9+7aRCDsCufBSJWA9gZP+5H8Ye0fnWtVdfYzVqW1NiK UYiULcuX6gJdW6d+xdR4tPIIw6kjeX8mg3uJtjKOk+HCmhGdN3c72nMQr7E8UV0Iaya8LJvLmOb UIy5cOCC6+kCUV/4Xk6HyKT2XOZUsCAUzbZy94LAITv5A4abASYMjTnE2k/VKIVYpt4zCjMHOPw ozf+tM42YFy4zmM7PjtM94qOosAvhrEHbcsNJ4aAmiFgK1I+/pcWkUbGaiutRVePZRz/Q8bdLXE /wlRIFCwrb6z5bLrgroDoxQ==
X-Received: by 2002:a05:690c:388:b0:79a:3a33:94a with SMTP id 00721157ae682-79acf3353f6mr96224887b3.4.1774558070498; Thu, 26 Mar 2026 13:47:50 -0700 (PDT)
MIME-Version: 1.0
References: <92B7449C-F212-4A14-8852-58F8432FF131@sn3rd.com> <acIN2kRWLRSH_X_7@chardros.imrryr.org> <87bjgdy1fd.fsf@josefsson.org> <CABcZeBO8y39r3GcdTg166RMk46xm56cU1ovcUuv8_US9y+s+Pw@mail.gmail.com> <acWVVIlaUEBCHMyL@ubby>
In-Reply-To: <acWVVIlaUEBCHMyL@ubby>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 26 Mar 2026 13:47:14 -0700
X-Gm-Features: AQROBzA68dSyxPMUb_7xmDDA742Rek5jXBJ86Gawo7TDLafs4hhtVmq87xYCtFk
Message-ID: <CABcZeBOj-6LsB3VHzFsBwnakehN0UtTXwi+nFb7wVn5s_oyGJQ@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary="0000000000006cfa03064df37feb"
Message-ID-Hash: SWREAV5ZW25CMNX3TMXHTARHF426WMWO
X-Message-ID-Hash: SWREAV5ZW25CMNX3TMXHTARHF426WMWO
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Consensus Call: Prohibit Key Share Reuse Between Connections
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/s2ZJOCV0cwp5hh5MFebb15KYoS8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Thu, Mar 26, 2026 at 1:23 PM Nico Williams <nico@cryptonector.com> wrote:

> On Tue, Mar 24, 2026 at 09:42:23AM -0700, Eric Rescorla wrote:
> > On Tue, Mar 24, 2026 at 3:20 AM Simon Josefsson <simon=
> > 40josefsson.org@dmarc.ietf.org> wrote:
> > > This all seems motivated by insuring against the ML-KEM patent license
> > > that limits for what ML-KEM can be used for, to allow the IETF to say
> > > "oh but TLS does not allow ephemeral key shared so we don't care about
> > > that use-case".
> >
> > No. That's not correct, at least not for me.
> >
> > Separately, I've noticed you have a tendency to attribute motives to
> > others that aren't really accurate and often seem designed to reflect
> > badly on them.  I would ask you to stop.
>
> Simon's guess at motivation above was a bit awkward, but I don't think
> it was "designed to reflect badly" on anyone -- certainly I don't see it
> as reflecting badly on anyone.  You yourself appear to ascribe motive to
> Simon's ascribing motive, which is awkward when you're complaing about
> the very same behavior.
>
> We should not ascribe motives because it's impolite, bothersome, and
> counter-productive (and distracting and often the suspicions are flat
> out wrong).  But we also should not use instances of that in ways that
> can suck the oxygen out of the room and shut down debate.  Rather IMO
> one should limit oneself to expressing a complaint about that and move
> on.
>

Which is what I did.

-Ekr

v2.46.0 | Report a Bug | By Email | System Status