IETF Logo Mail Archive

[TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

John Mattsson <john.mattsson@ericsson.com> Mon, 20 October 2025 12:09 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 79EAA77CA973 for <tls@mail2.ietf.org>; Mon, 20 Oct 2025 05:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ty_N08Zak4lX for <tls@mail2.ietf.org>; Mon, 20 Oct 2025 05:09:40 -0700 (PDT)
Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazon11011071.outbound.protection.outlook.com [52.101.65.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BCBCA77CA965 for <tls@ietf.org>; Mon, 20 Oct 2025 05:09:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wI9je9MBCeMo9eETQULqZnX7DQJzX2D47Z1hpcYEmKsO9sFZdDy7kRyJklr9qgFctzktFe5vLFwZQpUYVlCCn/6B1x51M8neF+MsJNYUBnQCyAfYWUVaRZpmeJdczKKtd+bjoznzPmY89tDz983nVlCEjz+wkFt7QPlhQRE+WXP5Q5i8Ty9FfPmPEFHCqmVrALqSMakNySmEXAZaP/BBx6i+IQi+klQPStN1pjztqI1AGtQuz4qoY65A8ciPzFJmA8MkhfyaE8VHZt9pdDEl4i817W+Ri0R47SMPZ5IR7x+B2MP5qyVhBTDsg3v64wD0xZ+XWjvsiu/Upxi0/akO4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8utfcjUs2DfwAyUzicyQtUCSKjPsey482bDKl2cxrmM=; b=AbLqxyOePhcI2zxAMHaXG+TdsWTcTHrIq2+M1rOvJfhP6ZJmJtJIsd/YkcsOiwegv+Csr02wKAJApdHibQbJ7URYUCJGmIiCN88LIXTpGZ6z1nomKuvlPgXjtm/S86rRuecH4V/G2WM2lolXDyNDJycw2fEY/SvzEQuX+cWBnD5VL6hh03hntKwtW8t7cavD8KQ45YFMqn0xGzOvujPNsK4nrKV+uxtz2EzcoaGOKc0J7YbUmT9mGu84xYBM6Aa6n+2M0mebF4ancAArhvgTMXsTOLirXm+uRpKD4OR212hjKfF6cypW27YpT+jZ0aeN3myDJENLp7/lgRckYAIRWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8utfcjUs2DfwAyUzicyQtUCSKjPsey482bDKl2cxrmM=; b=LYmgaKyJggXx6hO+AkHvQswYGFHuv8lW8hb/VKY750aa0MtoH5ZYe73UXrfV/jf9sjq5k+MZYs8Wv+j6hJdTmgBlVlljdKsLESZu5RsAQQJ/cg3Uu+OcHO61Hx3ha5Vvw/pgel+aBuN76sqNGfJU+vMIdqfFkLmugpLQAepk9bIuoUyA4GN9Ruh3JnwzdtmwjFsmWHhXtsUz3d/CnySkfLSkXkaNJr5E4rk8wl/6fy/NTF9toJWQ7xYgqhnV7g+tP2OoAV8o1Z1dDDfdAvvl1PX1uX9j3hGGXGoBv84GxXwj6A3FbKs1WtxrHEItIglWUhmcCVsUZICrDS/V8phMyQ==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DU4PR07MB11509.eurprd07.prod.outlook.com (2603:10a6:10:617::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9228.16; Mon, 20 Oct 2025 12:09:33 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%3]) with mapi id 15.20.9228.015; Mon, 20 Oct 2025 12:09:33 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Kris Kwiatkowski <kris=40amongbytes.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
Thread-Index: AQHcQa6kKvBq7m56ZEeyvT+tbsrTdrTK5eKAgAAEqLo=
Date: Mon, 20 Oct 2025 12:09:32 +0000
Message-ID: <GVXPR07MB96788518E72F2863F72EA36D89F5A@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <GVXPR07MB96783CA29F52103DA1B7A58689F5A@GVXPR07MB9678.eurprd07.prod.outlook.com> <3a21e24b-6f87-4f25-8f2c-e1f7d59ab856@amongbytes.com>
In-Reply-To: <3a21e24b-6f87-4f25-8f2c-e1f7d59ab856@amongbytes.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DU4PR07MB11509:EE_
x-ms-office365-filtering-correlation-id: fb09caab-868b-47a1-9ee8-08de0fd1878f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|376014|366016|38070700021|13003099007|7053199007|8096899003;
x-microsoft-antispam-message-info: 1tkJTmVNzjh0gorK6DYXypnzM+z/HmkPmmezIY4FPCvFYcf0MuyhQnenOou0qjipjGUHoZs9HyI1Rw0C+rAT03IVmlUvKgx/ucRH6MXD3BFRJZB39kZUjNLRurjYkdx4D5UCs5DK3ZTlNXJL4ks3bRtLB9DMLS3QUyvrrUD4YbRA5dW00naHO0RP7B3yXzhoMn/lhJwzVBMW43nUZIgW/Xy30eD23czgbrTNrEBXzQLl4V1Vs0ZaVXo3TJ2oXs8M9tmP+R9ueUgtiioc6qoxdiXrctKekix1UQfhrPbJ1qs1Xk2OXv1nQFg0/1WmUiTeNUkGyx9mskC9WU78Dr0MWv9oikIQJxeT83d6rTeV4uxfGT29UQaQpa8ox1bATUKcLnqO4IcIOmP2GXkHe0qlfqaBhhedchZp5ua5aX0V5Dlw2PD0uuoLapXiGfiGvSSZ53rUMGatydie4i378P6ETxmjOe2ta67HCu5Tu0uRh4ebIXhNni9IlWtKCCFpNqxzfpt7qKz55Fs9E6xqTGygtv43bzIlBE4keEU6KjoXybGUH3zaSY10TK7Ojra4sGcZULCcLe/Tm9qDm+p/cb+M+Gkgl0dmGgMW7Cd0+8VMgrnnBDgb3zxdEHA+qxlrD2uoYJRt5XgFm01xM//Add79sE2h4Zty3cz44rzIMRPfRkTbf5DNsDaQRMae/YDFFewWJhzmmtb24Uan5N1be0Y0wRqv4Z7OsNBp5LmmMhvUESCm+52P8BLsA+/vtocomhHzfZNb5uNgNyT4RpIo7v//WCZuOLs7OOGLt8G5jY56YzTOTxxJjYypqkzDzd7wPZoxvkcYIVFY1pxopzqybGKPW/ISOekFt43IkobBh4BZECQRo8QRBEkOMV5iKiDH0g0+ZHMw/p33wen5H55kiiUoUOz+GOPlGosHioskt2wuzKtBfvfxtGjhXZ5da/Hi4owpFuIQ1KQLrxvRMYIyuHI2xkNMevkZp/cdVQx228pFDlbesla1hjvqloeEJKZvXJ1vwcRWY/WLaKMBPkeC5PFteM650Dr/6PfHlzy6cAORs7z7qiXSBEwRlODzmO/YcznApMN3QGKCADNc3NtLVLLK1RPFLAwCkkrWSVPnQoejd+k1lgnHzTK7GhE8SQNMK356qDFLh2i0+JiotkPwVHWJFE8CRBydZoClmEhewTmyyYH7qXsmcVBDWBepZlhka70T8kUSBHbFUZNxi4adHLdeq4H5PDOziPLh2R1UukQtx33KPoCHnuxZtOejaX5XRtSP7al26E5bNRPNvut2PTv5tukoYWVMS1AxDIepDlR4v/52fYx0pytwRINNWQzvok3PGluKuT15hpWm2JDdE30bao9AfeZZdRTcElQpUkwvHwpA0KoRjN/qYlqi3jW/uByDdyK0mLo6NDSOZfoeFmwkSK7FAbk8BNdi3VTFPa/mytVIO84H8J50ELi/BdAc4Ii7odiHoy5bxwM6maJ3H3eMiQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(376014)(366016)(38070700021)(13003099007)(7053199007)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SKN+O9KAtMhYKbmtdLbWasR6vg/NC9H4A1FgNrUO4Fji6bEkkoSrrxFFmm0DDv2WmSXum25tQgfC/sG5iJ4h2qhGgXwIrFZB4lQoG0JRl0tMKZp/HFmENETXmpzr45y/fjuberBtWnJEt7da9efzlA0ye+2nSzYvQjAodcsVrCXr/bjrbDRA4sW/zaHGK5eZP954yNQ03ZAZBgkn/hAYwB416+t2QjzWMMpf4fzn++pVk6pmdXu5GCNiPZZeBIhvjCM3T1fNs5/+liAeb7qtgsEFz0zAqx2dXhWlot7LHbNrAXzQ+jtscW28OttRBXpg0K/M7hSbh7wEA44Klp+QTVoqmH3XDxEnD/ICAf4ltxN5Z5LkntL7qGKnlpDbbnM8jLN1vgdA3dXXvr9gX8G8gk2lKxA+QahXxUlPecs3zrr3+G+LWOvWmrcMFfGD30l8Ue49Bm2M9v5QUZ4irmZwwjqu/yc+reyXNnvU4UYqIFKCQxJO64lu/wYbKXW2vxCDHVtbjAdlLPz80IxJ8BOOVVoNVDjP5h9qnn6D10gPDX4/OyPMt4vJWEdw1aJa8Zt2rMNHMJ3af4DwXQWM7415Qgmsijf6LAWWO3N5QYhPLe8gppcXvVm8RQpkuEAoJbCL0KKSCgAWRdvPWOyfxZ0OLeyFqxho7hN7nVeALseEvGEzPHddtxUuj1fsWRDgy1uLsFv0GkIrdYNsqgL51aHwSiZ+aAsrMW4Afkq37hfoth53S3R9KHi2jJSTEU4jbj05eiTMtdy5I/I6ldQqTfLVE2EdqK6jofgX2lyz0N9HzYmD9pNd/bSmNXp5ec/r8ii8/O7cE6UGHIMqlVtEZ2SCOtLGcrwxO/g9DA5yfYOeG039q6kjhw6j0Do9oPsFifqoQPtryfBwib07jYoBIsKoMz8BUSidq3GrVurxSCctMXwWUEGZ5qtTRoQq6Ge03BR61ehtGz4yidFtRfFCmTXCJ12SF3Xem6IuseRnNQGSEY4P8p7d6fS12071WTz/XvcH8/sYBw5ylIuIrmkCYVmbkLU0K1BEmjAiFgWLHsvn947BFHr3H8wTJ2zehq918XCcvfGfSIw59bxgapPUIElfJL32/qnLSrbdNEXoZH26ivALXi6zYEeuL0ncz8fmsj1MZ3Tb44XQgLdr9IfuFM5tPIYCbRp9zJ5xj6/uHXcgPNe45jhlSxqOZu5EQfzCBTNLYICP1pX58aC5CplhPSnSm54RhOmLSLBjV/sPJ6gDVRAEQamMmrnxsPp5bGdeA1jbgGHhZ7bh9RJN17EnouoALhwDxCDvjQULN354PTcMMp8aZTe2NRs/KgJOvNan2Ulv/ishtt6hMV6I79nemY0OohFdog2nk5O6cLus7arBqVh0d1k4yTjp01YyUE0mAyYb6nuWUlQBQfcVBMRhBuXGG9uZTdZ2OwT87b8kc9bJFC3VhaLMQ1Delb+wfrbs+VB3juiiBeRLwbjoMTiMUXgUp6YdJ39fYBnwG6CmofZFTugXIvDJTMahXaTFFfiNJHe4gLs4016q5rCZJitBPYt/e9/X8x4FwH8aZEpujXBCpIAbG9ilHtWNwg22s2GCIxfzcYbMVwMHd1MAWveWk2zvS2CpNdjmOXPPLAYvTtRpy7k=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96788518E72F2863F72EA36D89F5AGVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fb09caab-868b-47a1-9ee8-08de0fd1878f
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2025 12:09:32.9596 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +ltrZKVnU6XS0WzjsfrWmdT4JENaym4xuvK4uWg/MI7I77z05yNVB3DfBqhjw9NonrZNoqh0UQAxdrW1S/mRgtcpVEEAtDnxKLqqZMGOpiQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU4PR07MB11509
Message-ID-Hash: 3HJUVARAQ5PHJ3DUXSVOVXJU4DC5S5VB
X-Message-ID-Hash: 3HJUVARAQ5PHJ3DUXSVOVXJU4DC5S5VB
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xJCxfbabZFBkwyzvxn-GkzxpR1A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

SP 800-227 is already required by FIPS 203 for the use of ML-KEM in applications. Referencing SP 800-227 directly, rather than just indirectly through FIPS 203, is not a technical change.

SP 800-227 disallows the use of an ephemeral key in more than one key-establishment execution. It permits the reuse of static keys, as well as the reuse of ephemeral keys across multiple key shares, provided that only one of those shares is used for key establishment.

John

From: Kris Kwiatkowski <kris=40amongbytes.com@dmarc.ietf.org>
Date: Monday, 20 October 2025 at 13:29
To: tls@ietf.org <tls@ietf.org>
Subject: [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Just to be crystal clear - that would be a way to disallow a key reuse in TLS v1.3 when using MLKEM (as per RS6 in Section 1.3). Correct?
On 20/10/2025 12:05, John Mattsson wrote:
Hi,

I am cornered with the current PR #53 suggesting that SP 800-227 “provides general guidance”. This is not a correct description.

As stated in FIPS 203, SP 800-227 provides requirements for the use of ML-KEM in applications. TLS 1.3 is such an application.

Unless the working group wants to discuss each requirement in detail, I would suggest just adding:

”As stated in FIPS 203 {{FIPS203}}, SP 800-227 {{NIST-SP-800-227}} provides requirements for the use of ML-KEM in applications.”

In general, I think it is very important that IETF follows NIST requirements when using a NIST algorithms like ML-KEM.
Cheers,
John

https://github.com/tlswg/tls-ecdhe-mlkem/pull/53
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf



_______________________________________________

TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>

To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>

v2.35.0 | Report a Bug | By Email | System Status