IETF Logo Mail Archive

[TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3

"D. J. Bernstein" <djb@cr.yp.to> Tue, 15 April 2025 22:33 UTC

Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B19501C98966 for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 15:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZF6FDe8hhHFc for <tls@mail2.ietf.org>; Tue, 15 Apr 2025 15:33:29 -0700 (PDT)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by mail2.ietf.org (Postfix) with SMTP id 547351C98961 for <tls@ietf.org>; Tue, 15 Apr 2025 15:33:29 -0700 (PDT)
Received: (qmail 20802 invoked by uid 1010); 15 Apr 2025 22:33:28 -0000
Received: from unknown (unknown) by unknown with QMTP; 15 Apr 2025 22:33:28 -0000
Received: (qmail 237947 invoked by uid 1000); 15 Apr 2025 22:33:23 -0000
Date: Tue, 15 Apr 2025 22:33:23 -0000
Message-ID: <20250415223323.237945.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: tls@ietf.org
Mail-Followup-To: tls@ietf.org
In-Reply-To: <Z/7TgGIkmvV2fdAk@ubby>
Message-ID-Hash: S3LFSYNTFBSGF77TXQM22EBMG7FHKIR2
X-Message-ID-Hash: S3LFSYNTFBSGF77TXQM22EBMG7FHKIR2
X-MailFrom: djb-dsn2-1406711340.7506@cr.yp.to
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] Re: WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xJqwB30b5wf3GVlAiIP3O4tuBIE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Nico Williams writes:
> there were no objections with technical reasons that were fatal to the
> work in question

I disagree. For example, the draft's regression from ECC+PQ to just PQ
is certainly a technology issue; and this is fatal, as a contravention
of the "improve security" goal in the WG charter.

The draft might be able to escape this if it were serving other goals in
the charter, but it's not as if the draft lays out a case for that. The
draft says non-hybrids are important for users who demand non-hybrids;
this is a circular argument. To the extent that this is an allusion to
NSA purchasing, it violates BCP 188 ("IETF Will Work to Mitigate
Pervasive Monitoring").

Procedurally, issuing generic conclusions that objections aren't fatal
is not a substitute for trying to resolve the content of the objections.

> The policy question, if called, could in principle lead to the IETF
> asking the ISE not to publish this work.

Here I agree, and I think this would be a good way forward.

---D. J. Bernstein

v2.29.0 | Report a Bug | By Email | System Status