IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

"Kampanakis, Panos" <kpanos@amazon.com> Tue, 25 November 2025 18:23 UTC

Return-Path: <prvs=41718d255=kpanos@amazon.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0FC25906D68C; Tue, 25 Nov 2025 10:23:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=amazon.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJQyEQpK_ESu; Tue, 25 Nov 2025 10:23:20 -0800 (PST)
Received: from pdx-out-013.esa.us-west-2.outbound.mail-perimeter.amazon.com (pdx-out-013.esa.us-west-2.outbound.mail-perimeter.amazon.com [34.218.115.239]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 51EED906D687; Tue, 25 Nov 2025 10:23:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1764095000; x=1795631000; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=C5yvPbhHCU2j+8X8GmktaWfU7zUDNgT+lBlyLRzMzhY=; b=K22AOHQ6Br2kg5rc4jVfW0cfgprvuBMvVAPB/x06j/FuWJV3FkzagqyC OWNkJkOBug36jotRc7N5BkATXSVLZAEpUh01PtpHhrNT1JiUsu1czOdIA Ef30foFy156+L9/JGWSSJVT5X48RHeghbt6epCwLgqQtqNl+KJxafdMrL NTnQFS3lWS82bb5722levYPZ8K5/RLF1b73LOXOKo63vUC4wOXLwGGUKK msAAk6T1JaYRqPD/HFb+wMNoYlTrI8BvasxUmFbOgDCGe+2PL5f+/5Plj v6EXh3oKPmo6y6cdC/gWv14HykRp5wJCRtMjem7hMJdNScxrWHiFsSbu9 w==;
X-CSE-ConnectionGUID: wJ5WizGuTkqhO726JPPIUA==
X-CSE-MsgGUID: amJdPulpT1eekqhsj1SJlQ==
X-IronPort-AV: E=Sophos;i="6.20,226,1758585600"; d="scan'208";a="7637584"
Received: from ip-10-5-12-219.us-west-2.compute.internal (HELO smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.12.219]) by internal-pdx-out-013.esa.us-west-2.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Nov 2025 18:23:17 +0000
Received: from EX19MTAUWA001.ant.amazon.com [205.251.233.236:23234] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.52.212:2525] with esmtp (Farcaster) id e22c8b08-e039-4f0b-9d3f-f3d2270efb4c; Tue, 25 Nov 2025 18:23:17 +0000 (UTC)
X-Farcaster-Flow-ID: e22c8b08-e039-4f0b-9d3f-f3d2270efb4c
Received: from EX19EXOUWA002.ant.amazon.com (10.250.64.216) by EX19MTAUWA001.ant.amazon.com (10.250.64.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29; Tue, 25 Nov 2025 18:23:16 +0000
Received: from EX19EXOUWB002.ant.amazon.com (10.250.64.247) by EX19EXOUWA002.ant.amazon.com (10.250.64.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29; Tue, 25 Nov 2025 18:23:16 +0000
Received: from BYAPR08CU003.outbound.protection.outlook.com (10.250.64.206) by EX19EXOUWB002.ant.amazon.com (10.250.64.247) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29 via Frontend Transport; Tue, 25 Nov 2025 18:23:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jzfi0p4V8OnhTVz7RNh5e1vdTWPhf+Mv2XOE44oDvugF8l842D2Qy0Y7khbL60v3ZQbOA8pAbHQspf+etj4w6wO/IkN2ZowaGdQulSFXRIPVDo5HQllVwNELTumuaVb3RpxOr04i5tnaCGdZ3AiEHeGP4TEwHXJ+QxjJH9gRwvnHAWKHQfcnbpPox7Iwq8gVTnLeBVkNWrmuztjDc7GZ6flldLjT/Fp6HkFEaJC7EsVr4JHrp8Zn7U5IY07xRk4YQLykmuHT2+EQk3m6rI25vp/9JhpXFes0/DD6eHfXNdOSr2Y5FEl84dwzRcKn7DmYSbLTqp3A/eintrHHhRBJrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C5yvPbhHCU2j+8X8GmktaWfU7zUDNgT+lBlyLRzMzhY=; b=mBvEiMpERX26P0pIsIyzS62vzPq6mKTYfmbUvt7cOokdkHHHctA3Lq2PqIqs/GtGlynfjLQp/WA1Jnw2V7W475i6emOGwbCAwm/6ZsmravYY3WP7OlOEHagk22OI62oFPXDPafwxhnHTDytIrBaDTgCVtQ+gj+hRSZq93iZTZuVRM8jmbOVV1WYylbAN9SgeEK4EU19suLlRtfCkidnnwHR910Or5fWECJZVW3/FQHPS96CSPX3P9MbOZxuNMVzN/KH0ww/rAfUX6oocgSYHXf1/9Z3I4Jl1tht6rwJyJsSDd8N4QK82HJh3sVSBX2hmONMn5vi/bdjii0Kr6FTccQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amazon.com; dmarc=pass action=none header.from=amazon.com; dkim=pass header.d=amazon.com; arc=none
Received: from DM5PR18MB2326.namprd18.prod.outlook.com (2603:10b6:4:b9::33) by SJ4PPF9C6BCAB60.namprd18.prod.outlook.com (2603:10b6:a0f:fc02::f31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9366.11; Tue, 25 Nov 2025 18:23:14 +0000
Received: from DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::a19f:9d16:5efc:ffe1]) by DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::a19f:9d16:5efc:ffe1%7]) with mapi id 15.20.9343.016; Tue, 25 Nov 2025 18:23:14 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: "draft-ietf-tls-mlkem@ietf.org" <draft-ietf-tls-mlkem@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
Thread-Index: AQHcXjiQjrnOryNWTkWWtnLIM/w/HA==
Date: Tue, 25 Nov 2025 18:23:14 +0000
Message-ID: <DM5PR18MB2326C8A753813E0521A74D86ABD1A@DM5PR18MB2326.namprd18.prod.outlook.com>
References: <176236867319.904123.10146982018394612684@dt-datatracker-5df8666cb-7l4w5> <aSXAX04evDJ7HRuP@netmeister.org>
In-Reply-To: <aSXAX04evDJ7HRuP@netmeister.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amazon.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM5PR18MB2326:EE_|SJ4PPF9C6BCAB60:EE_
x-ms-office365-filtering-correlation-id: bb21941a-13ea-4cae-372f-08de2c4fb29e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|38070700021|7053199007;
x-microsoft-antispam-message-info: BoihqN3Xd4Qnh1lzkWX3iSoLcgmCQ8pPckb075WyG7/12mgkf6W6HrwFDanEANV9Mm4EdJQvRfjR2CcXulhEJzTneFb4kWck8T/EBYe8h88te9ad+AHuUlEhOWie7pOmCDlM6EXU6qMQAnu/9sFSuPyjsPG2AksjP4pj0wW8ilAym8MpGp9WFjQPXlSSJcjYywv0FrxB0HQFl+k7FxdnJCgYKCrkVuvbnOTDMas9Jp9e41ebyFlJkD7qcsf/Q9QqIK3gnlGY6B+QNZy8gyfMDAnU8ayIDABxTemp/mDT17DDyaHebEqfh4k2F0klIy5dzSJSMCRFJ3vSqAmF+X+i7tOtHj04KpJ4RrC0uhnwUlbDfTaLal48g7N/LSYl85j/nG+97h302W+eCFcWx1qq12LJmPOLAynN8LwQt6qQ4ngkL/JonxevYohEtCzykbQsdbXBSwatkTijVyZWTCl2xgeKatgx9L4qer07V/ATBSE6asi0CYEZyZW1NmkIq3dhBbixWIEAUc7cPq6UsXWhC3NWf4EDeXEIxdwHgVn7x/TUslH3+m/1tWBgW9otZZo0d6ygQ7hYP3n8CaHPoQ+DWlMgRmp7Pah1N3Z6uUy5X8BYQ2xrrb0OE8Aj22M9H413EbJ3BOOU+UMlKkOWwbOU+1+HPUtX/OjACS/WQOarahG2E2mTc+2H7p+P3o/qXnox4EeF05/hS2zYUBl6TD+EdzH9JJVjR6e19V79nAHbUpOif8JKVOqQ8LI86FT8agoQC3bZZUp4fOo/JTrEGGAX2XWoMLIu1VzU/zLFDJjZvBrQRa+MzIcd+jSOBb7ZXgmzy98vIU7l0FQxcfzg6SBhHnzm85/yWiH3SMLaE+8Pl4L/A+OVTO7Y+dFApdT8OFwmaqwePxpGvV5pHN9vUIVUFt9jxMjzJB2Nn2oswa2jfZxjJFQl5BT22jFDvQVbOjTkcztxUWuoom5Jdn6mK5U1SbBl5yXMHf9Sv/3IQ6Onw4f80D7W2TOBydP6zl5CAnGUyRgkviAWW6KtFno0UYl2omtvCAeAHlr7rZ9AEqHmCzyJEUCZDhTeGL9f4jXSiQSttckTSHtBwqk2Pdo/EeXFnKEa3j9pGAqMXXSThAFUPVhuVUd3IO1U+1ublUg3VmYe3OL2YYxHHjP1pKAtVkgkGrjhJM9mTVYdPpgmuTfFK2UBQVnAwxYif0HhJC4PWm3tOGCj127WfIBJU/tn8mm7vrzt4PgE+GEku4EaNFbSRLUbMHxP2K6nQFfCFpt1G83KHFkHMNlXWSJoWGHSfow8r87bTJSYeeVEiL8YtZiSgXhx8exxPL1K/O17lBGdWZUx+jXZCnE9PBxOR8uog6CMtnjABhJEljIIQH9m40FkLcX52ZiNWKZFdS1NfiTvQj5aZ2Uew0AZo/8bGF1wRggP7ryXjppfd3YeUPY3mARzjWVNjCKjVrmSXDGo2gLwmBXsDJFcC0Fm/quJYByrNNyCmGInbfn1mi3LKuffoo44nh5YSlwtISyYLp8duUkpArKl
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR18MB2326.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(38070700021)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: f18yryfzbxpKbJN/Sircz4uDl8cTNbydFCgNExcE53ei9rUArcG4A9UDmFlDo5uG78x/JhtCM3anYo97fsaoey045GNCLYqXdR8zsp5v2AdE05KOsyCQ9COOCs2fOvLiQdf+S4NXbl9BmPHN6miSsLHtCcoKVHZq+sYZSmzjNUmQ0my2UtRMWf+2CMWjWwcF5OYLmoMDdRxEtdD1aUxAMmuJBnFNo3Yo7F2YfhlPUh6afhAtRmbT9X4pSIjpU0+L+nj3xm+0SrREFNLR53zPzdSulaZSZSBjLoD+J5DJkn4D8Qnx/fGqu18JZDF5Vks2ifNIiuWMKbqPZ/ZU//BSmVEx4Xs07pavgtI1dkWYtGrHKuUCgBSF0E8r3PayLTi3lTVmGw8cv1a7USOb0FspVWhQzZ80wXwTnIUKWg2CDkrVngVPotZN+ANmNtWjh1x161PEznKb3ftZTOotvaQ8I3ks7jeqvWZp3JRluM0/q2bqCOs8936BPYAXMkbWsKP5fb014xhO0n1KKh5GkrIcaK8aJxGV/jl9kxAJnXKjjvdFw1ixoFrLlNHg/le/s4uLNM0WtdJMSOWXpko68N3hcqMDbflDMd3Avj37PbWRN53sXFhTiQKd5HCgzV21JISntRj/CKQTTNXMiLpndTu9qoj8hUHC9folnW2RLU3cIXNXgZCt4IEw6ccyDH14qJANd+tRcXI3mY5etC8i/O5h/Vr+ExuyRpnRjRc5CAMLmY6AQoy5GLOTPkEYCv222YnFmnMXaij211InBDmA+hf8JvKSTryBklPIKYo57L83KjHHe0ozDT1e3J6lEVSaDQX/J3EVzR2kRs+5zK7mnwfXZJcvs/vJ0PcwNprEWgWqT2ClSrB8POb80vfMG+7nqhR4Xe6Q0ajQBCXT+j3+HcARnccoxurr558uu4AWuhYERDaEFpm/xOXUPjvI514qswSmZ2z/Un8Xsfs7PWkuP/LqHaaIovyj8AVHMIgGGVISJP2SotWfVDOWNZBg2r8vDKC4PiS5PmQelYMnpXfFR0Y34zJu5JGTb0qD7zr12WGfU/+IIPcgjzIpAHrxn5VoMxlFLAXS3MiWhg6eNrvK/Zfp9JJpm3DN9RCJRZFnThOA3B9GyV2VmTe38Zc90hD9jUiCPn7RKQm3ixc+SyvywmILyuAlcNbU/oXKNmUOoE1LyocVqVd3vPCZgXkfcH1GWsO52hHfY19XGPsOgV1MRMLzPUpSBeWFVfl9jCNcWHsr9+tFfuhGvReb7BtVrySCKFt0VBUWJLiv/0cqgISjGC7JU5BVOwnkroSg0abe4YvfQwRQGngm0Pbpjc6m95IiOSSLb+5TVczpau6tNgQxiCWjzXhIKiXR8z5ShY7pLl5XlbAqfjwywxj847SFOLly0yrK1TZ/TLUsq85fWVVGcqQ9gY5V5WkK4kSnRNoj1iHfsbR6X3XpewMp94tkK/nC1EbLNX8ILkVslHk1Ab3ETp2QHY/5No7Lz8hBDvPWm666W36kPVFkyYCTfl5dQVQ3fSxGy3pebP94+VlPKvgcVtZmsAhL/Y/U/7OiRmqR87fbD2k=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR18MB2326.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb21941a-13ea-4cae-372f-08de2c4fb29e
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Nov 2025 18:23:14.3461 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5280104a-472d-4538-9ccf-1e1d0efe8b1b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Tdqg/7fqTwfQ7KtTX7E3I/Hw1kncHUx5W98PVGnDkMYrKaog2AzQH4Ajb3Nf+0dFzcAeHhoXbmWxn5QVqOEBgQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ4PPF9C6BCAB60
X-OriginatorOrg: amazon.com
Message-ID-Hash: LR7OANGG7M57MEONMSEUX4PWUE67LYT4
X-Message-ID-Hash: LR7OANGG7M57MEONMSEUX4PWUE67LYT4
X-MailFrom: prvs=41718d255=kpanos@amazon.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/y7v1BML6V6exSWj8soNUADjwXs8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

+1 for publication for the same reasons. I suggest for Dierdre to explicitly call out in the Sec Considerations section the security advantage of PQ/T hybrid vs PQ only and reference the hybrid draft and other appropriate docs discussing it. That way, uninformed implementers or adopters can be educated about the options. FWIW, ML-KEM was developed by mostly European academia and industry cryptographers, not by "bad states".


-----Original Message-----
From: Jan Schaumann <jschauma=40netmeister.org@dmarc.ietf.org> 
Sent: Tuesday, November 25, 2025 9:43 AM
To: draft-ietf-tls-mlkem@ietf.org; tls-chairs@ietf.org; tls@ietf.org
Subject: [EXTERNAL] [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Sean Turner via Datatracker <noreply@ietf.org> wrote:
>
> Subject: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
>
> This message starts a 3-week WG Last Call for this document.
>
> Abstract:
>    This memo defines ML-KEM-512, ML-KEM-768, and ML-KEM-1024 as
>    NamedGroups and and registers IANA values in the TLS Supported Groups
>    registry for use in TLS 1.3 to achieve post-quantum (PQ) key
>    establishment.

The abstract makes the intent clear; setting RECOMMENDED=N in the registry is additionally explicit.

With that, I support publication.

-Jan

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-leave@ietf.org

v2.37.1 | Report a Bug | By Email | System Status