IETF Logo Mail Archive

[TLS] Re: Misrepresentation of a PR about non-hybrid KEMs

Sean Turner <sean@sn3rd.com> Wed, 05 November 2025 18:51 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5018683C93ED for <tls@mail2.ietf.org>; Wed, 5 Nov 2025 10:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGBrb-Lx64R2 for <tls@mail2.ietf.org>; Wed, 5 Nov 2025 10:51:10 -0800 (PST)
Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id EA5F483C93E6 for <tls@ietf.org>; Wed, 5 Nov 2025 10:51:10 -0800 (PST)
Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-29558061c68so2149155ad.0 for <tls@ietf.org>; Wed, 05 Nov 2025 10:51:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; t=1762368664; x=1762973464; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=jjdT66a/tIAPSSCy6JjbTgRIQ5BQyeNkYLEb3wBTig8=; b=RP7Ng1vsTfrDTwjY4Ekp1TgqnR0vx9f9QVJgYU+ZkDBu8T90vmU9ZdOiizWWX8DBrE +rFKKasQnrPEgs4tUn6aVhPsQ+GN0OeTAPnpcJbrxS8CSR8qTpgUZuf31EUe77MRpnGJ Tem9+AOq5bSjTLvbx7ab7vqW/vF2++hJVfkc8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762368664; x=1762973464; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jjdT66a/tIAPSSCy6JjbTgRIQ5BQyeNkYLEb3wBTig8=; b=mGuHwFr1cR3ZS9tIUmS+qFTsxPLhQAL/F2meBs5Qj8xmGf6g220ejiCNQtFVrPQ/hw mk3ePuHf18uMfvyNdq3PqBVv2b22kLvmBmcXjZzKxfSoAhbv/9ucuh9LPTuc81eva3Bs J1Sm1CkQUPeJFCd/vkbVRy2jmrGO2ajjchqWLoojxcD6JwSLYOmBtohyQT9wCG9piX9G IEGJ6ZRz0KyOFRM7+qIwELIX5gVSyM3i180cJAMiaWOR9/7sVwrl4IrLL9PNC6n23lmI RwWGuPpm/hvQ3AdPVYqZRDJ6b7rHPapOiCiDtTBWwbApbBfOuxjnTBsm1IM+r3oM3UaY u4wQ==
X-Forwarded-Encrypted: i=1; AJvYcCU6fUqN333Zfuw/B9dl4VqukdbRbv8BAHIRH1GYNKhyqhqL2VJACrkQ80jkRfT8I+hghrE=@ietf.org
X-Gm-Message-State: AOJu0YyAHgXwW7bTf3sOORiTpYmw2Y4/NVuR0zI85hDdojiV+/jMyKGe upfhZUapAhl8yXdg9MDXEQXAVouV5+YqmLV838h9dmfrGBRel5KWZn3y3zYXAhDU+GPm6+bbj7V 2ea7N
X-Gm-Gg: ASbGncsN3pyPgizILUk+dGTfVVC1UK9VXVJCT3pxRXpB1lzXHdTZB0gE7fnL+zjLJ8m L9yFXfMLjfTGWH0e4IsVtA/9axfCDvLHJR2UHSMh+JSsi14pQiMVNEizIrjDbC9aKRCX1hf8hcd ywq7o3vDPm0wQuAcmXGhfABQXZ6BRGYrf8w+8vdKLVgPFFHUFV3eL15P0jH9xecENX2rodfbNtF 6NGHKyzTE/Lrrgqt7mUkof6c4duQT69a5eg5WLDHtXe95ojYQp8HyCu1VUEpOYSXxKUpc3TjCo9 u/lgelTssOzlnS3RTEdFakDwIRtPaBN7LKz6CpatenVwP1efjeFpTEAquzbidpioHMGKQZtmk+F EOZuZr4g5TQOF4f6V86/CxZTiV4jaudCA/OGFXmjfIPrnPJPKqxznpt1ukVuHQsrUEtctkX4f1t u5hHCDrFoWTDUd6Hw9YwW2AZVTP+L2CX/L4oSHEHtRwVGlSdPQjxef/r23B6I=
X-Google-Smtp-Source: AGHT+IHNrw/GDA0hozniDWnsfm2YSpAmTu5e8JBX4sRkrdCVRg6yh+jTPIYm1btIJ33dYfBloFcyaQ==
X-Received: by 2002:a17:902:db11:b0:246:80b1:8c87 with SMTP id d9443c01a7336-2962adb128bmr50072945ad.43.1762368664219; Wed, 05 Nov 2025 10:51:04 -0800 (PST)
Received: from smtpclient.apple ([2001:67c:370:1998:55f5:a5d6:92c:46ed]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29651c6f201sm2460275ad.55.2025.11.05.10.51.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Nov 2025 10:51:03 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <7976bda80182b49a3037bd3fe79852af99702b54.camel@aisec.fraunhofer.de>
Date: Wed, 05 Nov 2025 13:50:42 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <EE7C78BA-7054-4ECE-9B4C-0082069961D1@sn3rd.com>
References: <7976bda80182b49a3037bd3fe79852af99702b54.camel@aisec.fraunhofer.de>
To: "Bellebaum, Thomas" <thomas.bellebaum@aisec.fraunhofer.de>
X-Mailer: Apple Mail (2.3826.700.81)
Message-ID-Hash: G57P2SXOFHTYKZ62XH6EDTXB7LFPFED7
X-Message-ID-Hash: G57P2SXOFHTYKZ62XH6EDTXB7LFPFED7
X-MailFrom: sean@sn3rd.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS Chairs <tls-chairs@ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Misrepresentation of a PR about non-hybrid KEMs
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vEyynW1fhD0Femng6dtSxGBrunA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thomas,

We will treat your comment as a WGLC comment. I should note that the chairs specifically asked whether anybody wanted to speak to making it "D" and there was one in the "room" who got to the mic (you can check out the AV recording to see exactly what was said). I am going to paraphrase here - they were not hard over on making this change. There were 120ish people in the "room" at the time.

spt

> On Nov 4, 2025, at 04:00, Bellebaum, Thomas <thomas.bellebaum@aisec.fraunhofer.de> wrote:
> 
> To the chairs and members of the TLS WG,
> 
> yesterday's TLS session included a brief update on draft-ietf-tls-mlkem, in which a PR of mine [1] (it is a quick read, please go ahead) was grossly misrepresented [0] and subsequently closed.
> 
> Here is a transcript of the notes on the slide (excluding only a link to [1]):
> 
>> - Changes Recommended = N to Recommended = D
>> - Does not align with `-ecdhe-mlkem`
>> - Would require IETF Standards Action with Expert Review or IESG Approval
>> - Would group ML-KEM with NULL ciphers, RC4, DES, EXPORT ciphers, MD5, etc
> 
> No justification why that is done, and no mention of the very explicit main goal of the PR.
> The reader would be forgiven to think this is a three-line PR.
> 
> The actual PR adds closer to 50 lines [2] and addresses some of the very valid concerns raised during the adoption call, specifically that for the average application a hybrid is to be preferred. It is very specific about only changing N to D as a means to communicate the risks involved with non-hybrids.
> 
> I ask that the PR be reopened and discussed on factual terms, preferably on list where people can participate in the discussion.
> 
> -- TBB
> 
> PS: The technical issue here is not new and many on the list took issue with it during the WG adoption call. After the call I said that (unlike other participants) I will not appeal the adoption decision based on the possibility to participate in the document's text as part of normal WG activities. In fact, Paul Wouters brought additional security considerations up last weekend as part of his evaluation following an appeal [3]. Waking up one morning and discovering that not only have any changes been rejected with little to no factual discussion of their merits, but also hearing the speaker talk about "the only open issue before we do (maybe) a WGLC" feels like a straight up slap in the face, if you please excuse the language there.
> 
> [0] https://youtu.be/zTAuEx9Otys?si=5hllRBXbjkkG1E8o&t=1909
> [1] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6
> [2] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6/files
> [3] https://mailarchive.ietf.org/arch/msg/tls/dzPT8KQe4S-_pZROLUJMvS9pM0M/

v2.35.0 | Report a Bug | By Email | System Status