IETF Logo Mail Archive

[TLS] Re: forwarding draft-ietf-tls-mlkem-05 use case

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 18 February 2026 08:12 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 76E4AB929640 for <tls@mail2.ietf.org>; Wed, 18 Feb 2026 00:12:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.425
X-Spam-Level:
X-Spam-Status: No, score=-1.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001, URG_BIZ=0.573] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7V3dt5I4AqC for <tls@mail2.ietf.org>; Wed, 18 Feb 2026 00:12:08 -0800 (PST)
Received: from SY2PR01CU004.outbound.protection.outlook.com (mail-australiaeastazon11021087.outbound.protection.outlook.com [40.107.39.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DFAFEB92963D for <tls@ietf.org>; Wed, 18 Feb 2026 00:12:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TRMchUbdEvzq8y9CkOz9gLa/2nd8KA2W5otFSsFdHU4KYrgx4B6/BE4EX+19hH8UeTVLDbLgZHTrznWH6BAQ1VuQdZVtWaJd9kqYECbVrIiv/FETivI9+eQ0Qne6Sx0P0IG7w9A5/tcqmrFgLNdlY2OqdR4U5T/QfiG/bMX8A534iFedItBiYdsSgyAB6t4uoCP5VD1p5+T1z3M1lX92sl1vtzf5ri9iRYah2CZ5jkp7lHkcPwqKFAqqX4EToQ8/i9Y2cbDzxaEMePWUnrUyS/pRqOBkKfkPnCR2cFkNpbq8QQBGM7QOCgZLuHGrADf3tWXDyRXNysNT5bPwrv/ZuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mUrZQ207GyJSsQ1fFsiWgIT0z5W+RQZhlWpABjnmHYU=; b=enQIi74Ta4+t4N2KS/02hPn0v/Zib0eNJ7ZpyG2kxx6v517wru2w8mXPQiaarrNPDHrl6sOz7l6gIx53YrDqA7X6Fd9aBK63uwiGiyfLVAMz/2Ibk6YtX4j5YTQzIbfMwV/8l+136Xh2Bn5+PDCSLAsHNFaIFrcybohnV5KyGZ+F+2eoBzhkalIYOFxL94CeQr1npafIIR6pATsAvsm2xbfTJvWYNNfuDalIoYfnwM4nlKVoPLiWrHP+bFKRI32ppVqfyitXFOJfvteBRNDDLjNayNgwZ80KokcC8KAnk24bZqtS5j7zvrIKZ5bRm22aBdsYF9S0kRr+y4abROuJdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mUrZQ207GyJSsQ1fFsiWgIT0z5W+RQZhlWpABjnmHYU=; b=cMR6nFl6zUpgfnapIHBtcah0sc1LprWF8Nw8EUgQTDXrIgO1ikkKV03hdfIje/vqkXOl2kRxXdtazIznCSAdWKCoGAZ7YZMBBM214cvh0q56kUqYHxL7tcW8ckUQ2vV4/ouTkYWvF2gNqJyfdc2Fp/3+MbyQnpSCT5Wu5k+0gh8ReRnX24oBSfLPYIOan1AEHdO7SDqimh96WtnknmFXZhCaK7sXHkwej/4nT9+MvgGB7gcmctU5M4SwIdnI7ZdW4AeCCuqFU0ejybc3qxjbBYz4eowl16u6ZmLNjq4R034dPMXL/vXwngYGejmhqnSvyP+Sbve3HfDoeE96RlSl7g==
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com (2603:10c6:201:38::9) by SY0PR01MB8922.ausprd01.prod.outlook.com (2603:10c6:10:20f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.13; Wed, 18 Feb 2026 08:11:54 +0000
Received: from MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064]) by MEAPR01MB3654.ausprd01.prod.outlook.com ([fe80::e2ae:955b:18b7:3064%4]) with mapi id 15.20.9632.010; Wed, 18 Feb 2026 08:11:54 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Re: forwarding draft-ietf-tls-mlkem-05 use case
Thread-Index: AQHcoDIKS0sO/vxsOkyr56V42G/217WIGoSs
Date: Wed, 18 Feb 2026 08:11:54 +0000
Message-ID: <MEAPR01MB3654E7888AF3473355C1D2CDEE6AA@MEAPR01MB3654.ausprd01.prod.outlook.com>
References: <350ec383-ae75-cadf-ab47-41811d5d9cec@nohats.ca> <aZSjqJmagFIPRXWB@chardros.imrryr.org>
In-Reply-To: <aZSjqJmagFIPRXWB@chardros.imrryr.org>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MEAPR01MB3654:EE_|SY0PR01MB8922:EE_
x-ms-office365-filtering-correlation-id: fd2bb909-b951-4c5c-ed42-08de6ec560d7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|786006|1800799024|366016|376014|38070700021;
x-microsoft-antispam-message-info: UGqaEg89eZjcIxNKL2ulRSb5Hc24+9k4WgL4MSar/PdlHpGym6miAJ1borx88J7peKVXMwBhKgX2NvSVkdiuS5D72+OVz47RGtrUC8mZK7LbhP5tP9RMPZ93bt10rOpH57sb6cXkIiAOUCpbg76UkrN+liMdN8YYQQ8vEGrB63waW2XXJxO/lkihLfvNQkHJ+maaciO7S4K/3I851QwPiYEB29yiN3Al9VWq+Y+B8wAJFN0v5k7djvn9TEBrcqZ8kwCy5dKyX2sUoZhWS6sVyNQMJCyc6tJcvGXqUcTU1mDu9d+mFYFb/9PJGXRhWcGQa6URgy7BrK7HfeCgNmHdrhnsm0KDw7ZOOFR6rUqKUpNuyK42glHQe7kAbxWuLul85Tk53VQxkYpbDIrqdZgvy9N3uAts/hB99V+H0EIyzA8Q1SJQrKYRnMn10LD5XFYSTzdPsNM9XMyqpuqePCG0+A6fYl9OfHtM7nq1elivP9E8Xe7xR146toWrAtT1UlWvM+Om3+fd6SCgqI9b1NSis3BDeyJBkH4ThxzfuS7slCl3ZmPsQm8jRIEcERDiZVCex0GIA7yhtp/kpmNkrppGHQ7uv/kjGo8u/4NA/04PpsIiEIRSeyWxfSUFLcxPv/kBnjYU2qqQUP8I77rvMVdosS6UWpHrg/LANuDdwcCSmXikCNuQLe3DTsqyCLi1npRohKZunODrL9fubkgsc4D31wErGLcVUwH7rNqft5pXaJlPYDWutu0zZSr7WIqmVJjZOxnjO/PRmjRRV9A2J/12/HeHv6Y334HNBqSLfcDGJFsVQkTpKGT7j+aC0sen/WMtIg9P/GG5th3rpvCeDP5gcy77XSkR7whm/6z8YblHoRXlVjDz4DN+arhDgsja/sxOlPvOR016rFdp4NiTScQDddHWxneRDUvzuM5hMcVzK1BfGsAeTth5Nno3CPHkcdDbJsXmyOnjJMiKWeG1SF50my0dJ9CdNHwGaALmSnsFnSVOTqQLuArCrVNZbcWSmWe7nJQqYj50paF/ci6RaHljsZrfnQYxsVjCbvc+r5EkGczX9sqqufVdKmrb+KEFyulcPOzx8pYfXciFfk07pfCWKFLeJt8AS+A1VVbqwwYLaVoZcBU5CB/TY9yGFYNRFanbuTnB/6tW9g7I7F68d18WOnkR9FcJJkkk3mP1ZB9YX4iI5N5D+KgCy74KK8lJF0epecI4oH1oHzPl9RE2VdsAdhOpmbCVirYp6BV6Nwndgg/ZjEJFhIio1/stYQRr8H0Ejvswof+J0CmzM/ExBO265zN5JyQX9OClTL67IcRKkPWlo7CKKZ3XvdmpZ6APOhgOQmcDn6hMGVkNCp3HWXUjauE30Fe7Q/m3l2MPZGui6g8MA2gHThdBiZKLiCUKghPiQWnsBWkfeyYVlS3FMNtZtNprvjgEqCRT37rldakBcByCrIFtAquEnSEbV04Ps0g1vWXtzrQWDNjlht/RSZ522m+M/NDepEFCUgf25R4KuUyUatZNeF1ngGnFK4EiOKaHN1JCiHstP64i8GApH+M+3u9m3Qrf1dO7+Z1ZtlE0qjcRIVVrq4k1xhIiqvcN4QR3kqdyKsV9AMH8XxopNCbMbES7JI1uwZYOGwEP64ziT+8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MEAPR01MB3654.ausprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(786006)(1800799024)(366016)(376014)(38070700021);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: LR2gOX9OQu66/boBE9lfXu00/PpQ8FM3/UZ2oAcBzxKISNk03DNNhtQ7sp/fU1CL/bH0pupp/mH8GAt+xX6T5pP/hCl9+s+IBs+rriSQ0nnzyQ7Qv4ZUWIel/kXZhkhQ7rjtIz/nLIeq5iBskMAteVjO1ZlD8ykU1tGD6E7dhBXSIirfi5VcdOoxrSN0NGuuUF2tW7FrvxvX9NQBrt8JIddx1b7ELqiG05CLEJSXGyRjEvFiDpM2myMOwc/aP+FUZvX08OoCW7JTyj1EyT9k2eqwnjyCdMUUhB9oTTj381Z22Dbbq+bKuSik3vmXyOZwAsLLfHKQtPfkTV7sd1i0Sc+udjejSnGe+bHGxBwwOo82HVdv1FUGg9DzAe89pDK8jNFQYt5e28m9xQoPFLb3HkD2lRHoHGvmPjSniQ4O11Tx1DFGrFnGfpHbqCQte1twafi7oKj9HZ69L7zeLhgD1AJMYjIa9x3musPmA9TMKwTLAqpwZZAH6DTnNon0JV9EdDnI2aRZ08DMll+IXwOrJHFGBP8qIFpnyXc2++ZhH5Ns/Vyf4HkqbQxSII7Cngt8KzyjDH3KkYb4lCFEUuyxeVvR9o9KpufZ+DmGbK8DlamH8zQhLKrMyyFXzZi9SG8jjTy6cFpqaQb5OXTn0KiqDlNaWkcI/BriJAjYCf8Xi3nezA1xMtv+To/hN1c2xxi3Avc3XvqfUurh0ZK4n/5JUYUjqtdlphnz3ISgLT/NHnLrHVOj1nDvWIgeCFxAABEDpdlbexggbhZMODZl6j9JSMvR//MvmNFFVLROdf/5sZA/bNeyuH9hHSI8Qjk22dpb2y5RHQfRk+yAH1cYxwdFdYmVU5mcf+ng14129yc7DfLOp69Eubg4i5zxXOiTIj84mzES7bmS4gVXpxT02LUquevvWYTbgMKb3zf8ssef8u8rg3SrrMa4Whtu/Xpw/7k8Q0PaO6FqfcVByL+bXFCpFKX5PEJB0fNSWxsXCgu53ieVhgrW5JiH7h9zYW7HanZY2ZRk3svwlhMiSlKBHeK69OL9TcurFKM9SmF1hd3l+7yQhPtVeT+qr6pveY9h4hZhIt15938hg94Yp+G305kG04nTSVZJ1o91wQf6mKwhbfGHnTI1IIxB+cUEH2R+sttYShFmWvFq9Uec6fvulpBSQdVjHC1lFCDUVNM3GO5+6HCBztxuM9OyrGpcRrsyB58T+w4d/hD+2epRfVKL0SzqGuvR9vVhQ/d8bWg8Gnb6qmLZvEqhyNosxtpx4BX8G3qnbRuVnDZDR3XYGqflLb32LMLlz6VTdqr1R5fe9wSphFSGmJPIBev6qwaWSO/d6Hy92z/69d86Ppn/+j6HMXMlZXSXPE3UvUmXARWQKwcQOiSytXdcp6j41E+J8sbv1pzjZL+bnRIohCi9bgjamnTa/iXAxR1fzELNKYVTG03/TM/Q+r6lj4jkHQYbLcqr6LGsuw2UI8ovtsQx5+fTztXysti4IasL8FlP161xqkRaUp/x3uM55BbW5EAoYX+o3pt76DAjT3Lc3j7PIa4g3nr7v8tJsYHrgMhFjoMbqu7gjtXWfWShcJ8BJnH0zBA8EA4B36dtCC0BdqzyFq8V973KTjwq/w3oPCnWjcgxHlEDFvManWbNcM23TyLnoFzdAJo3s4PgNMQExawgqNEdgrIus1BSmU1FvFZbZ8lqJ9LgFuwH2MfFn61Tdagb3ZGL2y9LePyoICMOtqbdx/56vqakIqRBvP5tp/AnB8TKL3zJtufnl10qEHmCzktUT4rsyjos1vU3BRaP
x-ms-exchange-antispam-messagedata-1: DHf1cqU90YFj3A==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MEAPR01MB3654.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd2bb909-b951-4c5c-ed42-08de6ec560d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Feb 2026 08:11:54.4938 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ra3V5aeJK9Z+2mqMBAfM/AmyRcPSZ++Y8LPxsgAbfiXTviiB1oJ6kPbuhKBWyyrT5f9fbasKSJhIxq1wzwW8GndhHjcIJVIIb0BMAAb5ywk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY0PR01MB8922
Message-ID-Hash: PGAZYOBLJRPHQ3YYY3CXAJEHXFSPNSRX
X-Message-ID-Hash: PGAZYOBLJRPHQ3YYY3CXAJEHXFSPNSRX
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: forwarding draft-ietf-tls-mlkem-05 use case
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/d3D48iksuzvnVmqxAOLTJJMScYI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Viktor Dukhovni <ietf-dane@dukhovni.org> writes:

>This does not look to me like a compelling rationale.  A high-frequency
>trading system that does not route trades over a connection that was
>established well before market open, and expects to beat the competition by
>minimising connection establishment latency, is perhaps doing it wrong. For
>already established TLS connections latency does not depend on which key
>agreement group was used in the initial handshake.

The following is some years out of date so things may have changed since then
but HFT uses (used) UDP for reporting market data because you can't have any
latency and TCP for order placement because you need reliability, but even
that's modded TCP with anything that would introduce delays or stalls removed.
The interesting stuff isn't the software but the custom hardware used to
minimise any kind of delay, at the time eyewateringly expensive FPGAs (Virtex
UltraScales) but now presumably ASICs.

>One might also point out that the payload of high-frequency trades is not
>likely to be a long-term secret.

Since HFT is sort of front-running the market but technically it's not so it's
not illegal, the secret may only be valuable for a few hundreds of
milliseconds and even if you discover it you can't react fast enough to act on
it yourself.  As you mention above, the logical thing to do would be to set up
the TLS connection before market open and not hope that your TLS handshake
completes in time to get your urgent buy order through.

Peter.

v2.39.1 | Report a Bug | By Email | System Status