IETF Logo Mail Archive

[TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 12 February 2026 19:26 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AD841B671F94 for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 11:26:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lAG_SApiMpGo for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 11:26:45 -0800 (PST)
Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azon11020098.outbound.protection.outlook.com [52.101.56.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 637FCB671F83 for <tls@ietf.org>; Thu, 12 Feb 2026 11:26:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CV1sw8Y2Kq6mnxzvmJB/DL7+f2rZ40uezrUj+d5pqI36rt/L/EO6q1r32+F/yp0C+Qc//IGzpeoitV0quOPXhOS3NhKkzdYOknasVFF4IHgTrh854DQWfIWirng6MEDtcUcNBddn8Q0XOinCRzY0nT3jzQqbUcAbdLf2NSSAfr3sXZ/Pmsus4z3dgFbtZBugcczflvdrmnCetMpEq+wg+RIl9DEWCnOfNAybIC5SDOeGVCxXg3yDOVtV1Lu2WZN8XlFcoR8r2WCGAIyFiZBFx9+16XaVo2GgXV7FIRe5xQ8Rm3XV3P2vX3JfnESVZRNjgKZs+sPGvhh/nhAA0h5T5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9V04c3/gNgApizgCiChfTshFclqxW3wHjqYqbAfZj3Y=; b=XqfagkeLJn4X5rDSMjFmugZYBHcx9NosEpVPx7if1Fo7A7XAv+JmS1TqbRiWFcW/JQMluIVs3Q0Jwy7q1lWyw1g3cfi+qtWpfVODXISOa2XO5QvI/jwrT14phHsMuUVaKMoCT9LM7zISZ3noYsYqZYhhEwb51nM340JMpFFMm/yyABb0uQLV57kb8DsWKQPsolGKLN6z8rOeSkxbRZ4EcrcopypFrLfHt37V2ASWE6FPHY/nL2b1YremTPDYkoDqiDGTfknrwPtd2fLUJJ333P7Bf6xT2+oNT2yWMSN9+7obeqW95Qsf2sLGigFqLOglrKlUPYEJnGjUhQm8hart3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9V04c3/gNgApizgCiChfTshFclqxW3wHjqYqbAfZj3Y=; b=EoGr6bhGqAJ2D0qMVMtMwv2jc34vFByj6OqeMUvU/CwvX+SyCuOuROEoIbGTCFbJPwKIL8EeOYUwPDD7yxE6qCFoH4RVjldrYkbThxso4uTSUG9IINoBZ+ThXoxocuTqazVOijFsqTbiqakHiHx6ohDMH7+/taxt4SVX/taUs8Y=
Received: from CH8PR21MB5484.namprd21.prod.outlook.com (2603:10b6:610:272::5) by CH8PR21MB4815.namprd21.prod.outlook.com (2603:10b6:610:277::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.7; Thu, 12 Feb 2026 19:26:37 +0000
Received: from CH8PR21MB5484.namprd21.prod.outlook.com ([fe80::c4ba:2e6d:2632:cbae]) by CH8PR21MB5484.namprd21.prod.outlook.com ([fe80::c4ba:2e6d:2632:cbae%4]) with mapi id 15.20.9632.008; Thu, 12 Feb 2026 19:26:37 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>, Joseph Salowey <joe@salowey.net>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [EXTERNAL] [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
Thread-Index: AQHcnFUk63z2RVdY6k+7HQIrIU7YobV/cefr
Date: Thu, 12 Feb 2026 19:26:37 +0000
Message-ID: <CH8PR21MB54845D72660066B45087700A8C60A@CH8PR21MB5484.namprd21.prod.outlook.com>
References: <CAOgPGoDLVqAVesWjrrD9ZR8HMkqQVLMp69vOkXPkk87MzcsOSw@mail.gmail.com> <DS0PR15MB5674C02549255D0DF5FE6E4BB360A@DS0PR15MB5674.namprd15.prod.outlook.com>
In-Reply-To: <DS0PR15MB5674C02549255D0DF5FE6E4BB360A@DS0PR15MB5674.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2026-02-12T19:26:37.072Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=1;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH8PR21MB5484:EE_|CH8PR21MB4815:EE_
x-ms-office365-filtering-correlation-id: a86870c3-2609-4c71-55d2-08de6a6ca43d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|10070799003|1800799024|7053199007|38070700021|8096899003|13003099007;
x-microsoft-antispam-message-info: L3h7T/3j13g28zxGR2iMQghlQ7WBdKR51jKQgn2k/SU0+OTGRNRBM8NJEDv6bPVdD2IQuPzrac/EFgdKZ6NMJWndmepzmebeDKXBwwRjPPmzfQR14vmtS/9ABwwGHCbiTuzN63PHRSo8MMLX5fTbi42/gMddgPweb6EzvEWTNaqkAiM4PZevzDKzcHYJHKgKLw4L+4DQMh/mK2i7YgnO0KI5s7GQzuAEZPkAoEaApgvEdvDLHJ0wMwnF53LDNxTUHat8UZFNKpK2jCoohVXpfW12pecfJsR0Wz3NJT5K1BUkxro0fW3hWvDFCxhjx150uQokLTAyM9V/5mN5Px5EDxvyeETPOuctJRaPsB+jy8/ArPHQq4/VXQNf8uWi/drNof+f/Ij0q0OIcWRFRd91NCEeFpYXjibXZX7gVXsLUcg7sIov53w5nZLrTzR/hI7v0WZUHJkiENKItxtfLI92oDHA2BTVTsSIKqbNaRS+9Q3jbyT71q7kBXDgfnEQafhM9MOHzfIx/xOrYyq9vvsloxFcRbu9jvCxDdTC1fDuMpSFtx14PbeIPH7Kej5hVSHTQX9TE791H7lKSj+xCXvf91OPpv746tPrIctBDIZuctuH6E9xwAkh7FvhtPQ6uVAckVX/g1xmUXhhNknyQejDyZZl3vKbEv+R1COYYj64gzZehE13M06WztFHvf/JMH5hq4XqZb6oj7xiKUaTikmsAf0maRlorp5lyGDiXwtBTQ1kMUepheJ7WA4NEXs9Yy+QNPG4HpUrOROHKynbM5BfNtIuYZqL3Ucp7CfHRUaVIOCgFMn2SMIMNiUUb0rjtuUdY29NHRTFnQAn/sFkZfaEe85jWvuMFXE64m+rtsnHUclPWSmyaGd9+NkwCBouT59vmieQu0Ql8mtGiLUPZLWcHLKkKIewduNJcZszFp+q05ArhSn3xblzsdVQ359O+0AeyRFETyzz2STYCXb+A/z5Fc1efnn2WZUL/G8VsN58dh2M0VkN+RWwzqcdHVR51/wDxsB0HZb+nVQmgscxPXMmpK3yI9eq4JyNF0k6BgANtZURTEFN/9HRSzQT3ii2/y0DQdkMPgmPgYQOzWFQHS+agyUjkHsr4piHgIkVu/vyecdF8VR/EofIKTXio4tX1FLdFxyg89RMWkUOc/y3JOuF/9dYrMocsufgVUvzXO5GCwas4L9zXU7HwD9SB7Y0y+gFK/SMgqC1KcVxdlvWBtAn/I+KpsVeqCyvh/GxS1EF4PxpUkwKAp1TiWyyCLHS1UXH39Yo60XfaDpg2Ke7lYrcrCGa232S6wqDnKFvd1e6TPJ7mLJM62MDmPuBQh0Pjc9Gd1rAkYO/9OjCESr0AvJukKshBUrdRkn9oWO6YqlatbBMIwyupNSQiShJWdL/0XycgZkxK/AO8NYACsMneeg4Z9TUXEqPogLK5bqhy81Y4KHTZZM18Kidql0/dsj/vc6EoWVM/9Y0/IRdAQ+Ak3+Pf7AGI6xiGjEQwX/Kw32UIAzY3OMJd1KFjOSflHeekYxDgKi6+1yqgopndLcQDYPAWaO5LFEEUZpxc7EPiGnoF32N00m4aOrCjUDYQpmrI3N9UOLb1XBQCOzl9d0u5LhGy2ijVCtyQBJ9r2QADjCUITQ=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH8PR21MB5484.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(10070799003)(1800799024)(7053199007)(38070700021)(8096899003)(13003099007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: CeIZb+we9s8nGN04I3sJa38UvO0Rb0aJx02b/YVW7RJ1nL31C6aOuolNqpUgSAzXQROFy3DDt+WeO/LJzG2vFyWUjSJK8nB4ETnZmIQbE0OjRosWtKjFHubxUTq+3sMtMSH8IYWwuvLa1VNao2h98DJca/Q1UsEnulURepxOD4LpUeirU1f/jnnTXXCtkmhjAE4lmswQMoWf+ydtxB/dWa0yE06/PxnmrIH/4ZMTYG8NTlNUqxoew/SJFVXufaKC7iscyj6+uEcEMsObB6eAx6OEyu56T2nwTTP385hA7M+pkV+bNC74J9eBt+/UsFj/UmMb5r7tdOBxOM5JBGnH7fzCpwPai+zPidl8c0D29DmBvJM3W5QWJMx5e8nG1lKPmNzbqFE/PbEizReWspvm+gi6g97z44H3O6+KqbyRX5jn7vx/FoCOPckoVpzuJpWQjDtAcAuO+8B3ZccDg3lY+/gpendItKal05EqkL8LUQ2FLulBYf0PDbvn29wyvRAUSLRoOmP1un7jq3Az2zEAc1sebyBWGQyYAm3Xb6ULj00lt8MuBj69Gi4XH8QpXNCUxfOYEt4uucScNks4HiKqdb5pq3HyTZ8Syq10CRS128gGrLzQhe7Ke4qYxYzAQQPkc0G8apNYwwdYU4AAQoVbKNB5LOHfNWdA9GCcyuZgC46rC3OJs0deiZVybGg7lBgwXG4gulbWHSCoHSOvhwdwGe5sCgEAltRzaC5YWIPJcdETWxQiIX8+88sCrsprEEkItKT1jCTffr5riNZuTuVBgnWKzQIEmpTKndYqZnAdTZ/G+u4spHtPtKmF/yI0kkqYpNP8yw4IQ6taR0FIkpnldS0ir5EFtkYENaR+AAHqAtDqQJYfNtpEGVADs6OO0MpN8bAfwgop1Sy0Dz7EM1tStdovcZKuFGP10y4kqHWR2xo/bLnOlI+MgcYgHhev+4hdFd3V95yMZShCBN4D21RDE+3mCrrtiAVvQ9eNS7PatGHPvugL0I8EtN8bv41CPR8Gbf9PhQsIaBhiWVaJPqZddtUdCOJeBX5SZRLPI0QHYVdzjbAkEueMff+MglnBnRx0Vk5SSZZt2d5vWHGSxvqdW4BzpAyPGL56ekoZNw7ucemsfsQ0LEZ5hOf0mXifyZUV/TqON4WM7sK0UxA0mxm9nR0AVL0UgS5Jhj8dvaF+ghrYMDjElYGC1Sd18FVxU0XqUMfOfE4rk2CvG/xz+wPKbsxDw2LQIQVm43ct4ms7J5uGjadG9lOpR2z+RbuhWZAvJ2Pt80hdEsAeuidodtzf3fyPR8cEEXBpv+uzotfi095vSoAoBiY2nRY9CcVnQJi4E3huHcUXSUdG3KuwXJYhKzDMubuw1sgkYuYOdWK+QtOaTc8E0obo1IT9sh/VZgEULWH0/V4qwd8znHoL1VGWLZtVrueyTkZnx3vW27BBLvL9Uw03/khYZJbLzTxrzBMIBhC3fyrov39MDgZu5o1bCBGjW8r5auJv60LTK4UOL+JVPrBs/eKSoxGFzEpr1y76h4CXlb93AaQ58db6N6XOBsyCqLNsx0dgUE1QWFFIQcDXp1ERuIfJmyPJ2gqHR0dJKIkXdEViF8rFa1Wo/oM95vIw5swcFhqnzFw39kH57tgabiasB1FgGDou4/+uCG6ig31gI2ail6wJBovg0ic8xaIvptLdTpPe5Sw0sHHSWaafWctMuPpK/OwMlN9q9fDVVX/Uek9fAOV9SKqCD6sKsbHQSSDyTi+ne13RVoCwEHXutdDkxD+tmFbqwWbxWlTlcjX6KUnB
x-ms-exchange-antispam-messagedata-1: mDZjInMXg/duHg==
Content-Type: multipart/alternative; boundary="_000_CH8PR21MB54845D72660066B45087700A8C60ACH8PR21MB5484namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH8PR21MB5484.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a86870c3-2609-4c71-55d2-08de6a6ca43d
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2026 19:26:37.7237 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3Y4bc08JkfBRWy6sMwUF/5i6V/eSzAebg358HjZDblty8UxLwy/D+YXx77m9XunmBY3ITEtnDJBWU1ODhaL/9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH8PR21MB4815
Message-ID-Hash: RVLHPLBNJBFB5CIEMSGQBEWDOFQ72HRC
X-Message-ID-Hash: RVLHPLBNJBFB5CIEMSGQBEWDOFQ72HRC
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FrPr7Et1ca-aqOvbg-sdeXqbx6k>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

  *
...but are there any active or anticipated regulatory frameworks that impose such a requirement?

CNSA: https://datatracker.ietf.org/doc/draft-becker-cnsa2-tls-profile/

Cheers,

Andrei

________________________________
From: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>
Sent: Thursday, February 12, 2026 11:23 AM
To: Joseph Salowey <joe@salowey.net>; <tls@ietf.org> <tls@ietf.org>
Subject: [EXTERNAL] [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

The Motivation section says "Use cases include regulatory frameworks that require standalone post-quantum key establishment".  I know this has been discussed ad nauseam, but are there any active or anticipated regulatory frameworks that impose such a requirement?  I am not aware of any.  If there are regulatory requirements of this kind, I would like to see them included as references for this sentence.  Otherwise, this point should be removed.

Also, as a clarification, I would like to see the following change to the abstract:

Before: "to achieve post-quantum (PQ) key establishment"
After: "to provide post-quantum-only (PQ-only) key agreement"

(This will not be the first proposed standard for PQ key agreement, but it may be the first for PQ-only.)

Finally, the title mentions "Key Agreement", but the text only uses the term "Key Establishment".  (RFC 9794 is similarly mixed up.)  Perhaps we can settle on one term or the other.

--Ben Schwartz
________________________________
From: Joseph Salowey <joe@salowey.net>
Sent: Thursday, February 12, 2026 2:05 PM
To: <tls@ietf.org> <tls@ietf.org>
Subject: [TLS] WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

This message starts the second Working Group Last Call for the pure ML-KEM document (draft-ietf-tls-mlkem-07). The file can be retrieved from: https: //datatracker. ietf. org/doc/draft-ietf-tls-mlkem/ The diff with the previous WGLC draft (-05)

This message starts the second Working Group Last Call for the pure ML-KEM document (draft-ietf-tls-mlkem-07).


The file can be retrieved from:

https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/__;!!Bt8RZUm9aw!-_8yM4LiMEqSGuZhY9-gAKTLSdNcbFyFvPQR521wj9mcZiDU4GsBuZynatVvc7avWv4fvQdm$>

The diff with the previous WGLC draft (-05) is here:


https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-07&difftype=--html<https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-06&difftype=--html__;!!Bt8RZUm9aw!-_8yM4LiMEqSGuZhY9-gAKTLSdNcbFyFvPQR521wj9mcZiDU4GsBuZynatVvc7avWiBixrEa$>


The main focus of this WGLC is to review new text providing more context around the use of pure ML-KEM.  For those who indicated they wanted this text, please let us know if the new text satisfies you and if you support publication. This working group last call will end on February 27, 2026.


Thank You.

v2.39.1 | Report a Bug | By Email | System Status