IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)

Benjamin Kaduk <bkaduk@akamai.com> Wed, 26 November 2025 21:02 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BAFE191597E7; Wed, 26 Nov 2025 13:02:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oulUq7bhppiG; Wed, 26 Nov 2025 13:02:18 -0800 (PST)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [67.231.157.127]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DD47891590A8; Wed, 26 Nov 2025 13:01:48 -0800 (PST)
Received: from pps.filterd (m0409410.ppops.net [127.0.0.1]) by m0409410.ppops.net-00190b01. (8.18.1.11/8.18.1.11) with ESMTP id 5AQL0jOo3701427; Wed, 26 Nov 2025 21:01:48 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=jan2016.eng; bh=oS1nN/VbPY42hH2OcVC9Um RX+omzSFvk7gJaYCwjP8U=; b=cXwaPjcK+5deNXnodB9S9GRO+/kgB4VNtxYx+M NiT2qk5SNW6MIfTgWZY3BsiP3hzUvb/xxP+DJ5MevFCBbqLYSjhVCdHkenxMc/DT yHlCiOuwpibkJsFHkW2C4ucGMfL7g88qBpwf9hmEL0jn3aS08hJ47Zh8xY7T/3ww /z61dPinWpPMu+o2jHwlH9727bBZHvNXjI277pDSXE2lwqCo6XKKK7x+4GuNcain BARamp3K653DfB8vAJs7ES6a4+IVeBMyDAFZjIMRoPY70szBE+nXt7Kg84F9PodO V7Z/SCzy0VnRN9/jWQ06CXyUN/Rx7e1t5P5CZa+3Z3Besg9Q==
Received: from prod-mail-ppoint6 (prod-mail-ppoint6.akamai.com [184.51.33.61]) by m0409410.ppops.net-00190b01. (PPS) with ESMTPS id 4anh7egk3n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Nov 2025 21:01:48 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint6.akamai.com [127.0.0.1]) by prod-mail-ppoint6.akamai.com (8.18.1.2/8.18.1.2) with ESMTP id 5AQH4M3R032174; Wed, 26 Nov 2025 16:01:47 -0500
Received: from email.msg.corp.akamai.com ([172.27.91.40]) by prod-mail-ppoint6.akamai.com (PPS) with ESMTPS id 4ak9d1k2x0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Nov 2025 16:01:47 -0500
Received: from usma1ex-dag4mb4.msg.corp.akamai.com (172.27.91.23) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29; Wed, 26 Nov 2025 13:01:47 -0800
Received: from usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) by usma1ex-dag4mb4.msg.corp.akamai.com (172.27.91.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.27; Wed, 26 Nov 2025 16:01:46 -0500
Received: from akamai.com (172.27.118.139) by usma1ex-dag5mb1.msg.corp.akamai.com (172.27.91.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.29 via Frontend Transport; Wed, 26 Nov 2025 13:01:46 -0800
Date: Wed, 26 Nov 2025 13:01:44 -0800
From: Benjamin Kaduk <bkaduk@akamai.com>
To: draft-ietf-tls-mlkem@ietf.org, tls-chairs@ietf.org, tls@ietf.org
Message-ID: <aSdquOwZR8xKeVLt@akamai.com>
References: <aSdWDFHAW2GxiiCa@akamai.com> <20251126203906.367661.qmail@cr.yp.to>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20251126203906.367661.qmail@cr.yp.to>
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-26_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 spamscore=0 phishscore=0 malwarescore=0 mlxlogscore=412 mlxscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2510240000 definitions=main-2511260169
X-Proofpoint-GUID: WakdZpuGtiTLQzpk5O8siHtUHiK6txm5
X-Proofpoint-ORIG-GUID: WakdZpuGtiTLQzpk5O8siHtUHiK6txm5
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTI2MDE3MCBTYWx0ZWRfX4W18Qu8Ua0QG ZmqApl1ByE8X6jzp7dqz6/CtGHSyyRIiJUYiEq9UQl3511bPjRY4DccSs8ilKMq30wHu9Nlo/jV lS30l3rpZitR6yDxtVcUc4yi7tfk+xjcnZGwABoe5nHVOranUAXX1KHfuWYMtQ4Wcr0OQOfdBDd 2lKMryDRfqvoNkI63T+s8wmtegCz7R0uJMykEo84CGukxCbdSApqDkCQnQ2SddBQCNBM6iMC6co N5vLCpcCvYWhFjl/iQgJyOX2L5uzcBPLJTFIHSJVWKPIzPCmWjmAuu7OoV4dn/MldkmL8MbeIki 42vQSDBhF2wy8/Hl0nGvDYU4ZVnef9B+/IUMOTEWuxLcJCQCcMUWiqLRfHoBCI9XYQpLOhO9LY9 Xp0VDBDWFIrGka3wWU7P+4Vka/kNaQ==
X-Authority-Analysis: v=2.4 cv=De8aa/tW c=1 sm=1 tr=0 ts=69276abc cx=c_pps a=WPLAOKU3JHlOa4eSsQmUFQ==:117 a=WPLAOKU3JHlOa4eSsQmUFQ==:17 a=kj9zAlcOel0A:10 a=6UeiqGixMTsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=fgq3NYJYaxTbtNPS0hIA:9 a=CjuIK1q_8ugA:10
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-25_02,2025-11-26_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 suspectscore=0 impostorscore=0 bulkscore=0 phishscore=0 clxscore=1015 spamscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510240001 definitions=main-2511260170
Message-ID-Hash: M7FOJMX4EGPKDAMIOJ6JE5NEHNC6DVRM
X-Message-ID-Hash: M7FOJMX4EGPKDAMIOJ6JE5NEHNC6DVRM
X-MailFrom: bkaduk@akamai.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yC4i18MxwWV_CV_ZSO8QvMcCmeQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

(again not quoting the text that was accompanied by a no-derived-works disclaimer)

For my present purposes of getting a general sense of the trend, I don't really
care if we assume 5000 bytes/second full-duplex or half-duplex, though my
understanding is that this type of unit has a single radio module that
functions as half-duplex.

Thanks for reframing the numbers to the smaller-scoped system.

Keygen times on the order of tenths of seconds may need closer analysis (and a
non-straw-man use-case) to really assess, if we're in a domain that only has
single- or two-digit numbers of seconds to achieve the entire higher-level
protocol action (over multiple round trips, etc).

And I assume that the bit where ML-KEM-768 is approximately 3% faster than
X25519 plus ML-KDM-768 is for a microbenchmark scenario where we are just doing
key exchanges and nothing else, so may end up in the noise for some traffic
patterns (but for an application protocol that's just a one-shot
request/response using small messages, might not be in the noise).

I 100% agree that there's a difference between having tangible use-cases for
which a protocol proposal provides clear benefit and hand-waving about
constrained devices.  I do think that constrained devices have several more
axes of "cost" to consider than are in play for the vast majority of devices
participating in the Web ecosystem, such as code footprint, but those different
axes of "cost" do not obviate the proposer of a protocol mechanism from
demonstrating that there is benefit along one or more such axes from the
proposal.  This ties back to my own review comment on the draft, in that the
draft does nothing to discuss the tradeoffs of hybrid vs non-hybrid or give
some justification for what secnario(s) might prompt someone to prefer the
non-hybrid ML-KEM.

John should be fairly well-posititioned to bring in some concrete
constrained-device use cases that would inform a more precise analysis, if he
wants to pursue constrained devices as an example use case that would justify
this protocol mechanism.  (I am not.)

Thanks,

Ben

v2.37.1 | Report a Bug | By Email | System Status