[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
Sophie Schmieg <sschmieg@google.com> Thu, 19 February 2026 22:01 UTC
Return-Path: <sschmieg@google.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CE88FBA17126 for <tls@mail2.ietf.org>; Thu, 19 Feb 2026 14:01:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uMSAp0YMBeM for <tls@mail2.ietf.org>; Thu, 19 Feb 2026 14:01:39 -0800 (PST)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 3AF46BA1711F for <tls@ietf.org>; Thu, 19 Feb 2026 14:01:39 -0800 (PST)
Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-4806b0963a9so24445e9.0 for <tls@ietf.org>; Thu, 19 Feb 2026 14:01:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1771538498; cv=none; d=google.com; s=arc-20240605; b=JH10pECbpXqdV7Bx9RvBmzJs7O8r7ZTXuMM5P/DJD3K+rzUZ93n9c8zN5yaP7qP2Z+ OlavXQeg2acDuzoDKi5rVxb3sU6JqaKwqGeekaoIvJ2jv5ubqP/v8TDmmTV+M4yaKFU7 tVrHGTSNy7Imn2wn5DQN3+krD/CawIjNqb3Ma2ruytKa7f7YfMcAmax58ZKUk7AOVXLq VYJQeiqDmUPUlWvf/4gAXGUKPjgIvylEWELDIX3aDtmaVbQLNPLhKa4Ja5r25MGOjCcZ ErBgGHydOCb2t0EAD1hVtCpsqzRBO/OAAwLwZhLxsS2qlkCSwg3HWHojP/1VBh9tTGwq XV9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=7lnW5moitHPCjfaGyHkjKHMszDrm8wJq92weFNmzx3E=; fh=fwWN/DpGdwg8jxZD9fJ4Muyyl2mYwSm2VA0IfegXUps=; b=cFqt+epK6sJa1jCvmLe9hz2X60E2kSgFvFUxKPufv2n1QK3CuOWaux7tpLfLpd3d2n MHZ+Gv3l6JiNScpDMKogOM2DjYa/pCffjaInxOcmBNpxfm7rIedf7MbE0bR4HcFfbsjc r0zBBMtLjAOZVHij1yIH2RQp1UyNNJ37IisHe2hZNEcN4syimizKbMYuse7tJm7t7leH F3gzg1GwR61FCxQHdd/irgBBGyWxm362btaJGj3txG3VeZ2TLbrS1SQl1s8me9giYeMH TucVaR2s2OoHiCcIKmQjtLGnme4/EAFOF8IlffKRIbWM+F46PhXjE9ZnwibDtNodO8+u fQkw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771538498; x=1772143298; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7lnW5moitHPCjfaGyHkjKHMszDrm8wJq92weFNmzx3E=; b=OOtiOd+r33B/Xxb7e+VNUiDfOCEq9ir9K0hxY/HtrQFtYaZI+Gq/nVIEh/zY/2UnyM V5RBvihxKpFJBkrpFH4j8sUsS9q4f/Az/IhimKYX6G9hfcD+HJId7wcuq/pbG9MXITLv br2/EZoK6t1oQ63X5KMzmafaO0e1BnuDLyBcxHyLSWdqAVCqH87uExNGIx3ybO/DdShy Z9sq4DLLcO9e0klIJRgRdPRQfgKjhxfeV+KFeiT0dRtbY/iDu2jNCFYgWO6NG58O5KnE O0S3/g2d1kS8F8Eel5OIuItgzjlfKd5lH6uOyZVejGEQ2zAeTzmA8ABbEUQ7vhYOUuVr zb2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771538498; x=1772143298; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=7lnW5moitHPCjfaGyHkjKHMszDrm8wJq92weFNmzx3E=; b=SHkZh0gmHFY+jCfyAXM7Er1KD5rjgWvTtWj4S5DONsPAZK8S4TGO+9ZLIzqnqqhhSa Xq3Xiy/Ewr5WD9VekTRtZpH8tRUMQVBjZkBqwq4myn4YWgFrHRyDihjTJtkDnTIIeVtw lgTG5foEa/RBiwEZYAzkEhBgAScatjc9CO98X7Rv+0gLfNB7kb625qZG2RSIF6NH8B+n OgFmMo6zlchHp3Z7nIse9oKnMjfRgJ5pr/0M9F2lbjsD9lBsMaQezogyj8csh6Svn7OC dizRvI2B4X8M7/q/nx1M3lBxqgKRAuQAc2rxGGlh/JS7QiOzAu1QaVJzMkKa4cd8EfZN 3CYg==
X-Forwarded-Encrypted: i=1; AJvYcCVxT2plxr5h9N0bq5FBK6dP/kHgelbYtM4SNq9jWD6tuUmpnxf5qcxmFmbrI7CpxW1tncA=@ietf.org
X-Gm-Message-State: AOJu0YxOPPLPzqdBxsx5qel1VBys4K3nGlvVUrgAhN94DE6krtKTJtZL 2tlHUvYmPYGKWt6pFm9JUWsOSXMvZRyi9kEtwR+cytf+rvXIgizqutYJpBxm+vF+Sf8hhcS0VLe LHnV2pnCS+AUeJz2ku3BGVJGq320tuLEo/I32SHPaBY6kLBuqKlNrTQ==
X-Gm-Gg: AZuq6aIl69MSZPxgO+mDbBGY/87tj+FyoFGYK+FyxwEU86bA3rWnEwLxTmk34hAWd0i 2Y958tuRAROKbyxgFWoD11qfvYmK3gpQd0tuFvlp2m4JUk6WbMv/9ubpJYMOTA8nABKXpR5HMEW 5FhtbYq8P2YnzXZqVANIL1KLdkhAoRN/51hmEkRDfuUCj3yGqSOoQLk9EWPcIDjYlDkUslBaJ6F gxLc5sqSirhBXXPlIrCXCNC77yKwH6gYi1cRgtZS6pDsp9f4/9hu0Rskv6Sl3dGjwLVirVtzptU 0k9pyWJBxg9h6NE4nbxMkllzuAbgANyvoIjRNGluKpYvjM/dj7o2etzn3hy76EYQRcQgBDc+sw= =
X-Received: by 2002:a7b:c84c:0:b0:475:d905:9f12 with SMTP id 5b1f17b1804b1-483a3e85212mr177705e9.4.1771538497713; Thu, 19 Feb 2026 14:01:37 -0800 (PST)
MIME-Version: 1.0
References: <20260218194044.1135896.qmail@cr.yp.to> <7C9C99AA-42B0-4BC7-8F41-39F35754F1C4@vigilsec.com> <MN2PR17MB40310F0A2891942D76C43E60CD6BA@MN2PR17MB4031.namprd17.prod.outlook.com> <2caab265-00ba-4078-b6d0-3a178dabaa61@tu-dresden.de>
In-Reply-To: <2caab265-00ba-4078-b6d0-3a178dabaa61@tu-dresden.de>
From: Sophie Schmieg <sschmieg@google.com>
Date: Thu, 19 Feb 2026 14:01:26 -0800
X-Gm-Features: AaiRm52Aq_WjKuH9gQIxN553By0NxCKjvT4m99jdwSCDXls3inmi7nOEmQjv1DA
Message-ID: <CAEEbLAbkV4YxN7cgggckpEp24MLtRZpzs6M4KemBatpzCCcs0A@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="000000000000dd6cb0064b347265"
Message-ID-Hash: 5RRG5IGESTUK6WTXXF2JNJ3N6EIMRZEB
X-Message-ID-Hash: 5RRG5IGESTUK6WTXXF2JNJ3N6EIMRZEB
X-MailFrom: sschmieg@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "D. J. Bernstein" <djb@cr.yp.to>, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/V3JSrDyCwZtvjCOk2wjtK2iiFcc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
The point of my blog post relevant to the discussion here is the section on hybrids and the IETF. You did indeed not argue that there might be a NOBUS backdoor in ML-KEM, but nor did anyone else on this mailing list imply that this was your point. Rather: TLS 1.3 has solid downgrade protections. Having a cipher that you don't trust supported in the spec has absolutely zero consequences if you do not wish to support it. On Thu, Feb 19, 2026 at 1:37 PM Muhammad Usama Sardar < muhammad_usama.sardar@tu-dresden.de> wrote: > On 19.02.26 20:03, Salz, Rich wrote: > > I honestly want to know your technical reasons, but patience is finite > > If someone's patience is short, please take the time to address my concern > which I hope is technical enough :) > > Is breaking formal analysis (as pointed in [0]) not a "technical reason" > for the WG? Please show me a proof that ML-KEM is more secure than hybrid. > > For RFC8773bis, when a constant "zero" was replaced by a secret (external > PSK), FATT was very worried about it and demanded me to do a formal proof. > > Now when a secret (EC)DHE is replaced by a completely new secret > "shared_secret" coming from fancy new crypto, FATT will not be worried > about it? How could it possibly be the case? I can't believe it. What am I > missing? For transparency, please share the FATT report with the WG. > > Also, kindly share the name of the FATT point person for this draft and > please give me permission to talk to him/her directly to avoid any > misunderstandings by relaying via list/chairs. > > -Usama > [0] https://mailarchive.ietf.org/arch/msg/tls/M-dTIUXdG_x7OtweBcOCp0bFcZQ/ > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org > -- Sophie Schmieg | Information Security Engineer | ISE Crypto | sschmieg@google.com
- [TLS] WG Last Call: draft-ietf-tls-mlkem-05 (Ends… Joseph Salowey
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Eric Rescorla
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Stephen Farrell
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Ben Schwartz
- [TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf… Andrei Popov
- [TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf… Ben Schwartz
- [TLS] Re: [EXTERNAL] Re: WG Last Call: draft-ietf… Andrei Popov
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… John Mattsson
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Russ Housley
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Ben Schwartz
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Quynh Dang
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Simon Josefsson
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Joshua
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Viktor Dukhovni
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… John Mattsson
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Russ Housley
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Salz, Rich
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Paul Wouters
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… D. J. Bernstein
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… sanketh
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Sophie Schmieg
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… sanketh
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Joseph Salowey
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Filippo Valsorda
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Stephen Farrell
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… D. J. Bernstein
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Russ Housley
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Sophie Schmieg
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Yaroslav Rosomakho
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Andrei Popov
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Salz, Rich
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Quynh Dang
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Dan Wing
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Salz, Rich
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Peter Gutmann
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Viktor Dukhovni
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… John Mattsson
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Thom Wiggers
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Scott Fluhrer (sfluhrer)
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Izzy Grosof
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… John Mattsson
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Stephen Farrell
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nick Sullivan
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Yaroslav Rosomakho
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… John Mattsson
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Salz, Rich
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Nico Williams
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Kurt Roeckx
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Peter Gutmann
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nicola Tuveri
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Thom Wiggers
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… Blumenthal, Uri - 0553 - MITLL
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Izzy Grosof
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Paul Wouters
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Viktor Dukhovni
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: [EXT] Re: WG Last Call: draft-ietf-tls-… Keegan Dasilva Barbosa
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (… Muhammad Usama Sardar
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Salz, Rich
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Stephen Farrell
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Deirdre Connolly
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Rob Sayre
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Izzy Grosof
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… David Adrian
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Nadim Kobeissi
- [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (… Simon Josefsson