Return-Path: <housley@vigilsec.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 885F2D9E05B0
	for <tls@mail2.ietf.org>; Fri, 10 Apr 2026 12:21:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
	t=1775848871; bh=c/ffdJJnq63m96TQriZm6MPD2ol5f3pE2AJLxI3QA70=;
	h=Subject:From:In-Reply-To:Date:Cc:Reply-To:References:To;
	b=BnPBa+HH2xfm85IqsOXiO4kGtXe1E7/j6Il9zlL0Gd/dPe4k8/WV/JnQgjRH0QWbC
	 ll31p1xybrhEYH3b0iFLEKc+PNHKec0W77UXcN96zCmy6ni4wC3GwRKjSru6PRQKTO
	 2ACh5lFSeDoxx9Uy35eU+Nk7mHCxj8iU2ja1y4jQ=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
	RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=vigilsec.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id k_B3mJoR380H for <tls@mail2.ietf.org>;
	Fri, 10 Apr 2026 12:21:03 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id B02A1D9DFE03
	for <tls@ietf.org>; Fri, 10 Apr 2026 12:20:31 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1])
	by mail3.g24.pair.com (Postfix) with ESMTP id 8F9801A1074;
	Fri, 10 Apr 2026 15:20:31 -0400 (EDT)
Received: from smtpclient.apple (pool-96-255-71-95.washdc.fios.verizon.net
 [96.255.71.95])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail3.g24.pair.com (Postfix) with ESMTPSA id 73B7E1A1D5A;
	Fri, 10 Apr 2026 15:20:31 -0400 (EDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <c2840ef7-855c-43b4-91cc-1bf926e75cef@tu-dresden.de>
Date: Fri, 10 Apr 2026 15:20:21 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6A8E9AA4-A685-4702-9657-FFF9EBDB457F@vigilsec.com>
References: 
 <CAMjbhoWwvfkfScpbf4-5PBzk__qb+6M4ZzAOba64kk9aXBba5g@mail.gmail.com>
 <d47a34ab-7fb9-4687-84aa-a5fa6bcf6a6c@tu-dresden.de>
 <CAMjbhoWBHmJnLx7wRG9iyurAHrSCExxO83G8PN=TnQUidp84SQ@mail.gmail.com>
 <3e539579-4107-41fc-80a5-824b24c275be@tu-dresden.de>
 <CABcZeBO59jwCA=vKiJ=QZaU8rPJxKv_WwFGOTot0jR+hpiFuLQ@mail.gmail.com>
 <43fd169d-d280-40dd-9d2c-311040bed4ad@tu-dresden.de>
 <CABcZeBMF=GXHY9syqbh0ir33=MxXHpbz5jpt5p8_YNo8yNmmdA@mail.gmail.com>
 <6cf2c9d5-3846-4685-9615-0de2195b6e15@tu-dresden.de>
 <MN2PR17MB403142E1E88EA6D20CDA9F8CCD592@MN2PR17MB4031.namprd17.prod.outlook.com>
 <c2840ef7-855c-43b4-91cc-1bf926e75cef@tu-dresden.de>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
X-Mailer: Apple Mail (2.3864.400.21)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com;
 h=content-type:mime-version:subject:from:in-reply-to:date:cc:reply-to:content-transfer-encoding:message-id:references:to;
 s=pair-202402141609; bh=lb6umS/7HpXC1jcOK2SPVMU1I0GsooxVfTOOuZOhxb4=;
 b=cH7jNIHvs9Ak+n7AHE8tfUHC0UOfkTSykNySTkW96hXC2e+HewZE0dn8cPLy7rXNOForZ2tmRgWw5tANScnZWW4z029ug+mUkONxxnKexhb13yIybeXEOLIj/0h/OmOwDqaXPij0nxdEEXKCmHVwNPZh4E7hWuZo1CyYGW0dVJLsHiiKyWBW0XItLeQiYf7lfhkna/kzexBQN2Jitqm9OBvU0LWvL5o+pLwrgfXIjTI0YCA+wo/dJ5KRf+YyjS9nEsTpX0RGADUW6MBSTxKTYWNjwqgAnDMoR6FiU6GZO7nXVTDvimqFILPMXX/QvoJIKn5jBEQHb4JiXkGKnVJjeQ==
X-Scanned-By: mailmunge 3.09
Message-ID-Hash: YPWHKPTE6YNJI3CJLDTGCTMCPQ7JIYP4
X-Message-ID-Hash: YPWHKPTE6YNJI3CJLDTGCTMCPQ7JIYP4
X-MailFrom: housley@vigilsec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-tls.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: IETF TLS <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: IETF TLS <tls@ietf.org>
Subject: =?utf-8?q?=5BTLS=5D_Re=3A_Working_Group_Last_Call_for_Use_of_ML-DSA_in_TLS_1?=
	=?utf-8?q?=2E3?=
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/tls/zkocmqskPtbJLzU4fyh3yzRglKo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Usama:

> I totally understand the normative reference but what I don't =
understand is
> that how should I interpret the security considerations as SHOULD NOT =
or
> MUST NOT? I am claiming that text should explicitly say MUST NOT to =
resolve
> the mapping ambiguity.

I cannot agree with you on this one.  I just re-read Section 3.4 of FIPS =
204, and I do not see any security considerations that a specific to a =
TLS protocol implementation that need to be called out in this document.

Russ