[TLS] ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
Daniel Van Geest <daniel.vangeest@cryptonext-security.com> Thu, 06 March 2025 11:29 UTC
Return-Path: <daniel.vangeest@cryptonext-security.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1B5F78277A1 for <tls@mail2.ietf.org>; Thu, 6 Mar 2025 03:29:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonext-security.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCerilnXnpFZ for <tls@mail2.ietf.org>; Thu, 6 Mar 2025 03:29:49 -0800 (PST)
Received: from PR0P264CU014.outbound.protection.outlook.com (mail-francecentralazon11022105.outbound.protection.outlook.com [40.107.161.105]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A451A82764E for <tls@ietf.org>; Thu, 6 Mar 2025 03:29:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kah1WEvzs4YEGD0pSJ3eAMDg0uz+vHCxis/QA5rPy7ZXmIX20Ju87IkaSziuFNJfRUvpVKJoVtmG3E02Yq2RFckXuFhqtr8lo3cwxLjScDkJ0Y4hI5D9NEaht/7TQBmLOmpQ8YvuheXBCFHswL1MHrD5ozJkDRl8o1BpyVXQfGaCPL26jWhgHSEzor/uZvTWpU2nPRsU/JB1mZtpjERGAiFOZ4Y4R1jE+7zHtXNiRL6FFRlEHlnmE5soovjROeqnG+1k4gUL8ucPTR5q78yMO58KOe+inw/AshX/HWrndVObr8/XoimWpk7+7ql1dKyj8bsfD9m5s3pZjTWlxJlIMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PwQDzkXd/Wk+1Xy/+lKkiM8xFPPb7GAwRdwJfvlxCsI=; b=qDsvX60u4dJfTu7VBxiot6E7LsAtXxwIJuTn4q8nCGt3qgwIkLEzFb0dKV8R1dFn6HmCt8Ngtm5XrePrwgWogBb7hAS6XihAaMHuvxoMa3kpl989ubt9/PJ9+4madHTuhq3VZYCXcL00OqfIA0wyEPXU82LGnkz4PgV7YxFl/+UT2nDScU7MiO2IgrdpaCvekZfispVZentbm7ytmT4+UTmmjDL1hg8QyWCXAZLz9FBEFIEXt/FMlhBawh0KaoP2XVpTmZPH7QSdGZV2P1MJW800rF2A9/yfzECbkhJXoJ2KD+AXX1OuPmhsbidlVLf/+llmnxipM10ST5E219+Umw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cryptonext-security.com; dmarc=pass action=none header.from=cryptonext-security.com; dkim=pass header.d=cryptonext-security.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonext-security.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PwQDzkXd/Wk+1Xy/+lKkiM8xFPPb7GAwRdwJfvlxCsI=; b=n5tMRSU6apWirloddGKwayJ6xZf9x9vz+rj4yXnxQP9kLLY1a2ZKhXwA8vtptSygZnTTqxPri3RAJDVShTfVIBC2CRuRvA5W3Z7WTvT0HarnbyCZJEYK9aqTl/DLyD3mIjG8P8iJBQwLXC2kdXAl2xS262Rkd6HxZLYL+7zfrdtLZabyA2fP3b/qWKuTiYSQYaIV/tRn06w6wqg1RXR/n+FB7Mhrz4LTm95XUYOOz03MAq5j2bWqbeg8LBAIum4Wu0JMagzDOCHmQOPYdwatX+PhcJkAG+YZwTD94kFHPVDktfnPxMgXypls5saHHCm/Dkl0tPYN9FgErXf9WtoFWQ==
Received: from MR2P264MB0484.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:7::11) by PATP264MB5345.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:3f8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.19; Thu, 6 Mar 2025 11:29:16 +0000
Received: from MR2P264MB0484.FRAP264.PROD.OUTLOOK.COM ([fe80::ba77:3351:6b26:d845]) by MR2P264MB0484.FRAP264.PROD.OUTLOOK.COM ([fe80::ba77:3351:6b26:d845%6]) with mapi id 15.20.8511.017; Thu, 6 Mar 2025 11:29:16 +0000
From: Daniel Van Geest <daniel.vangeest@cryptonext-security.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
Thread-Index: AQHbjor+LYhDwe1GsEyrfTyI7HvQ5w==
Date: Thu, 06 Mar 2025 11:29:16 +0000
Message-ID: <ecbe460a-578e-4c2b-a58b-adecbe63abdf@cryptonext-security.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cryptonext-security.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MR2P264MB0484:EE_|PATP264MB5345:EE_
x-ms-office365-filtering-correlation-id: fb97607c-e4d9-4035-345e-08dd5ca22129
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|8096899003|38070700018;
x-microsoft-antispam-message-info: 8RL1F3D1Vs9HxNdjv2fX1lZLvuEKYb8S1zVH+edZtYAvBKuKWoyY57HM1sCk4GadRehfUToQQj2g3Y7rOSNpC02FbtVJVNwnAXDec2bmvg9MVqTWm1HCJ0ul9kSxtF9vbRpzkuneK3YDiRHxXimSIsc97V5olsVbGYfyKTzRsu7txb/YTVMlSTvFXT73gIjK/jkVLje5PB6fAEEuI1ytA6Ig2HrUH/5MIrCaXnWCuLkXsH9ofHK0NaO+5PMu+l8U8A20Y1s8PMnR+r9PAFgRLvTtTCzj2nuAC5exZlsQGLDDwcJtGiNnDPtK6uTHnvXKSVqLoHIkyCIQ6yfrC9P+QDjWUm0/pCqcqxXUgx0IiqdVahEvZpcPV93qpHJ3f59L7nkvGBUIXapsHDScAvMTXOZZExOiZyJwk3BHCD+UwIrU55c/Rq7GImRp3XC7AzBryWeRTuLtCKUCXhYv/J7fa4Y9Zys58wXf5rdecbBpAy4INdoqgOd2CbjtmPOtSvhIkju+rbL9eJaTD3vv7iHCYCuXhe+YBbb3SfkwIvryErjUtBCR4WnCL5SizjqzUoCCDoMMKD9GmdvfiwdeUFvXgxrH6YMdUqexPn4ftOyBm3iLxbGklZWjRgfBXWKPZOi09hsLtyJrX+FSf6KRb3wIP9HwxLZw1QSDuL847DTGXmp+mY+vMraC4GfSn1DBYFADxmdzF/oZlP7LvA0bY0PmmkYjQPzagHWrt29XYs48EZpN533dYfN94FXbaW0EWgd1Lpkv+y37oE2sSFErktFI6H9ftl5fIDv5SCDlx0XXy8j+x0zj5412yjfBXEk4c+/+NuudaFX8KBDefkwniGtzcEq2qck7cGSl+EtUw2y/tXfDbL173BJYD1eM4ocDPacGBJhgWGKZol5nnjktN1YThO+UKxoB+frjpBj6WUaqHUjjZenL3Nvs1Ssm1VcknRc5zBX40m5bc0pSjqXsGO86Ft5LSX4cSAOY/h/tyo4fCdCQXK0kPfdxE0FhPQr0Jv4ynvrouH4oQ2eZWAh8RuGf8WlOTChLt1r/A9YCwcDb5fRoyh0JsTn90sh/ieeS+Ohxzl7wvAE/AI9ksy8TF8bztSon9CVQtDsNyjwIRyaulzj+dsx75N67Xn7Ywl0uHAO+yeD/UQWJJNMHm/OmxVWBZVp9YWgHo7J+4Iqo/j3EyxjimsqRT8K04JtOOTWeSn4VqXA9TU5LM7qIqSSuX+s4Ct5sJhIHctpCJ6Hoo8I8BjvoX4Bp+m1TyibZEmgDBpIwXFfvVyylN15bSQfO2/DnOT+ByOxnuGBRJLhThsL97NBkTfF2h39rOqp/SNMMme5fkkcSeowZapnrjNodTlevWDxEfRbFHyEsab1Mbqp8Mg1UGEtetRg7KjGcomsGFSrAbuKa1UEoJu28SOhGOU7lzHQ0+0OAblBfePogcU9KKofhmwMvzAtjQI3xVIBNoo8U
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MR2P264MB0484.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6cooJogZ+I05anK4dzobeVijbZgStsruY9uSrGOnrHlbbANrATQA0D0lmQD9qiPtT1hW47Cr0oVbxQy+L4du0rSFQX57NdWjsN9XbF9y3wTx5RatsVmcLIXpr6lbfi/Ka91euqJU3tmRELRdOAPTsgj7FvD0sEcwYrHV+AWIIILhmxSIJqXi/Q1wTTS5sLiJGsei8IFr07FLpIaQ++xVbKdh2mGajepRNA8/YbV4jt86P4nQ8ClslpwslLjuxmmt5QzatrjPAut94P5TdCixRq9c/R5VoXLhMlCl7CiqAGTNOZH4xPPZYH1bTMhnhdmHAjWtNGN4l0tTJfWP+e/ZLMtaxy/mAfOv0wLGtsEFcxk5PEZ7MJSb0u1lhxxGXBLPc59wahv1dHQTIr1iZCw5BXcE1I6hTFiYMnfCtGeuBRo1DETEXZKQKPNfZiqRgkpk1DuhvSTT189uhMVCtBVcCVBc8etstaPQOp7Qmk1CCBcALLCQ6RTD7N8ZA+FMbHsGZaPGrNoyU+pXSULen7hGzniR2kezmd88oAZAnFn9J142KvfqHCHOF7i6SlpCtZHZm6vRwOk6ZL+aSF2SnnqOSF836OYCV97zBkoacHnl9qBOQGwhAw53MTv8woogBLipNXzV/IYMws0J+aYbWAZYxoGUgc8yVngZOM955FkmerJiUkcW09fphanxzbla3VeHkAGMADOWkBszCzQV5yUabCIO+JPuafXGFrjQNO7KtXsy/DNoRcJj74sXEA1rhdWM4Y7ML9GYiLWt1PIsJsiG0yQVH+1420103H9Z/20X4UvCAaQqBEYz0UbEGbCbJJHNfXiU2o8YNRoxk9U3w0NDA3dXbi9uxch5Iq1TBdsqEzCds5Gm3PTVEMZ+0DXIZk3SleWsaR3tNhqW0G78NDRY5+f5AxgsgIUWFb/Q+5UmeurQEIWSZIfll07MhrbIBVk/0S64jYYIrvKnggW7qxEMxugNy1wxIxQ9bMCVJskCoS/mDoSy4dVVTbn4ggA4wPeNjOpQMYQvWyscxITjM42WNj9J+0Jenu3haqLcvU/v3plEHFg52Ve09+JZQnyhffY37zptZbMHWp3Vj/m7Yk6pPmgUsw1jt0PceVYBfefv6Y8ltcLoMh7dpeGHUC595JPrhf8cxbl/8sWwC40giULmF1Y6gpsLmMWfmH87MbxTHjV0qKcEEXF+LQxmGlCcyT+whFzZGgGB/nh1qvFm1ZEcqvWpwU+H9zRGRv2Trm+RUeRp/M5PPK4hX29dvK9Kg84QGpzS9EHojTcST5cAjiCDgSbmxFdMALbXBI+yK5XnwJDR69pqefyz+NgiichjE6GvPYEsLNp9xT+Bo1LRhtC4OmHn6rFQ4T31OaQvVSrBm1xejF3vJg1JLhtCR8R3ySydsi/zWg8HZzpEEFdYX+D1af2HValvJO2bfXSpGQcVWDxUK/2blGMFgA0JSTpdzRQW8KJAxP9jXqpjPfx7vElzsxF4E0YkUsLrsKtI7A2Ua9lMpnSiTNlhccS/QmuJQKKmuwu7MAxvkJf710Ffw7pvq/7lK6DRiwKKODMwnMiFM5lmaTqxJk6EpINZVb+mMXjJgsT/10aJSFToF0wsQQKOxIUnRj0X5HMKfU5f1AKKU8U=
Content-Type: multipart/alternative; boundary="_000_ecbe460a578e4c2ba58badecbe63abdfcryptonextsecuritycom_"
MIME-Version: 1.0
X-OriginatorOrg: cryptonext-security.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MR2P264MB0484.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: fb97607c-e4d9-4035-345e-08dd5ca22129
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2025 11:29:16.7093 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: da4a2df1-4b1b-489d-a7f4-224b58fd4200
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MFWQDbDfwF9x6kt6RGwuTMdQCTJzBQQGwDDvnPuoCX2KX/lDCzNfj8v2wHhnKD6NeikQbybG7KPcV6njnwj0KpdYR8FVCK3Nl52qQfmiTzutdImZ/qz+tpWqHrtzy5dQ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PATP264MB5345
Message-ID-Hash: SDSK643TT3D4POYVCF57TQ6MLXFNRJHM
X-Message-ID-Hash: SDSK643TT3D4POYVCF57TQ6MLXFNRJHM
X-MailFrom: daniel.vangeest@cryptonext-security.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] ML-KEM IANA and draft-connolly-tls-mlkem-key-agreement codepoint and inconsistencies
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/zS8e-VwusK2lfMTPbj2Dj9nC_x0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi group, I'd like to point out some inconsistencies with the IANA ML-KEM (non-hybrid) TLS Supported Groups<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8> codepoint assignments. First, the reference document for them is [draft-connolly-tls-mlkem-key-agreement-03<https://www.iana.org/go/draft-connolly-tls-mlkem-key-agreement-03>] however -03 doesn't specify the same codepoint values as the IANA chart. -05 specifies the correct values. Second, draft-connolly-tls-mlkem-key-agreement (-03 and -05) is inconsistent with capitalization of the naming, e.g. /* ML-KEM Key Agreement Methods */ mlkem512(0x0200), mlkem768(0x0201), mlkem1024(0x0202) vs Value: 0x0200 Description: MLKEM512 DTLS-OK: Y Recommended: N IANA went with the uppercase naming, while OpenSSL went with lower. Lowercase is generally more consistent with the other IANA codepoints, with some exceptions including the recent hybrids. For what it's worth, the slightly different bikeshed shade that I prefer is lowercase. Regards, Daniel
- [TLS] ML-KEM IANA and draft-connolly-tls-mlkem-ke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Salz, Rich
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Bas Westerbaan
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Daniel Van Geest
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… John Mattsson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Viktor Dukhovni
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Tim Hudson
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Kris Kwiatkowski
- [TLS] Re: ML-KEM IANA and draft-connolly-tls-mlke… Deirdre Connolly