IETF Logo Mail Archive

[TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

Paul Wouters <paul@nohats.ca> Thu, 17 April 2025 13:05 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A8E671D9B3DB for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 06:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jxEqGLbgRdQs for <tls@mail2.ietf.org>; Thu, 17 Apr 2025 06:05:12 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2190F1D9AED8 for <tls@ietf.org>; Thu, 17 Apr 2025 06:04:14 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4ZddQ45J42zF4T; Thu, 17 Apr 2025 15:04:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1744895052; bh=hAuJQGGbUXl4WWi5UVrr3J0WHxvVs4xFU4lIjX+Vpug=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=WM6Fe7ihnHvPyj9cI9rr0wVn24bddoOMwNTBsZxO2IiPHZI8GbdJOj6WT+sWbB81d Ejb05vkvMkI26e4gfXL2IPIgQLiT7Jt/cUcrEatR/XUZ5M7WLSapKDNJnbPsGEq0BJ 22kNaIdxGjKJvHW7GqDupzjLmukPs4PfjLgw+4bo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id kOu1W6311RL4; Thu, 17 Apr 2025 15:04:11 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 17 Apr 2025 15:04:11 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 89A9914F72A1; Thu, 17 Apr 2025 09:04:10 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 8538A14F72A0; Thu, 17 Apr 2025 09:04:10 -0400 (EDT)
Date: Thu, 17 Apr 2025 09:04:10 -0400
From: Paul Wouters <paul@nohats.ca>
To: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
In-Reply-To: <56e646395f67e27ff11a092d5989c1c85eba2563.camel@aisec.fraunhofer.de>
Message-ID: <10ef170e-8aaa-69e4-b69d-f315c1e1952a@nohats.ca>
References: <5dd1e81a-c37a-ceff-b89e-b4335fca07b6@nohats.ca> <56e646395f67e27ff11a092d5989c1c85eba2563.camel@aisec.fraunhofer.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-ID-Hash: E4QFYTTHQPX5JKP5SNLQWEY4G3ULPI6F
X-Message-ID-Hash: E4QFYTTHQPX5JKP5SNLQWEY4G3ULPI6F
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/u-7kXJFkHFVurErqxr4hdYpaHb0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Thu, 17 Apr 2025, Bellebaum, Thomas wrote:

>> My previous email explained the obvious way the consensus was validly called. This
>> can be independently verified by anyone reading the email thread. The
>> fact that you are the only one questioning the consensus should be an
>> indication that your reasoning to doubt the consensus call might in fact
>> be erroneous.
>
> He is not the only one.

> This amounts to about every fourth person objecting the draft in its current state at this time

Note that the consensus call was for Working Group Adoption. Not publishing as is.

> Going forward with the new WG item, here is my current wishlist:
>
> - Much discussion stems from an insufficient understanding of the considerations leading so many to believe that pure-PQ algorithms are the better choice compared to hybrids, be that harsh requirements ("users that need to be fully post-quantum" -> Why? Regulations?) or implementation considerations (e.g. "minimalist code base"). Please collect and document them (preferably inside the document) so that we can reason about concrete requirements and applications rather than hearsay and hypotheticals.
> - Give some guidance to implementations as to whether or not this should be implemented and/or available at runtime. Is this just for those with special considerations mentioned above? If so, consider recommended=D or Experimental to convey this. Or is this for general purpose use by all sorts of applications? If so, document how the considerations above apply to them and discuss the relation to hybrid constructions.

This sounds like you are not objecting to adoption, but objecting only
to publication as is? No consensus call for moving this document forward
as is (eg WGLC) has been requested for this document yet. It is expected
to be discussed in the WG, and I encourage everyone to propose text to
improve the document.

Paul

v2.30.2 | Report a Bug | By Email | System Status