IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

Simon Josefsson <simon@josefsson.org> Thu, 12 February 2026 23:40 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id ACD3BB696F10 for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 15:40:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.401
X-Spam-Level:
X-Spam-Status: No, score=-4.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="TpkSDUS4"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="B9mtjQ/r"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmBMonEG2UCx for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 15:40:31 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 29AA7B696EF3 for <tls@ietf.org>; Thu, 12 Feb 2026 15:40:31 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description; bh=EPNQUcRBd+7ACf6RFukLw0Sjh/r52Q3zVR3OiXDUyBE=; t=1770939630; x=1772149230; b=TpkSDUS43WxuWxhNmh5ofdsQvUs/9mGbtsyMB38986LYOK6yQleDK6ECmAiU1CFpWjWmccCyVNn l0dbqdCBNDQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description; bh=EPNQUcRBd+7ACf6RFukLw0Sjh/r52Q3zVR3OiXDUyBE=; t=1770939630; x=1772149230; b=B9mtjQ/rlTCc0gz5G+ibLWvbybw7uxDIulp3ogmx+u+GfK0YxphqvK5nKbnq569hEnLr9BwmVsg SAt3I653qKWfTDg3718t8uh/nygsHpu1EwkOC4QP4rfh6dTKdkC2QAne47bz/2HjMU/DTnnuhSM5v rX+K+Sc/rLBXwDFFrrEkIDE45c+UOfF/vvXbtUVLr2lII2mBaJpJtXV2rxpKaY+PvnLqfz6BWaSzl gnbMl27/hQeEQMuHPU5rBz9GV3+Z7lD2Y3a/lTN/mnYXW29z9iYaiRzOpmdt/LOwkXmy/JTHZWCE7 Fr7eOxYo2ySSwoZkdRDJpH3um0vhEqPAZihGYhADtWx8de+6tEPDI6ecO+Iv5vDbMf2jVtjH8wNCF GrqbNciz4rBYCO2WfyH1bJRtlvLyWPrcnnA/CQLgc+LcegZUlabH1X9Vbll9ICq/uhuzdq6CV;
Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:40482 helo=frallan) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1vqgIG-000NWO-VC for tls@ietf.org; Thu, 12 Feb 2026 23:40:21 +0000
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
In-Reply-To: <CAOgPGoDLVqAVesWjrrD9ZR8HMkqQVLMp69vOkXPkk87MzcsOSw@mail.gmail.com> (Joseph Salowey's message of "Thu, 12 Feb 2026 11:05:22 -0800")
References: <CAOgPGoDLVqAVesWjrrD9ZR8HMkqQVLMp69vOkXPkk87MzcsOSw@mail.gmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:260212:joe@salowey.net::UtOHvDcVaP4lC/Pv:1vLh
X-Hashcash: 1:23:260212:tls@ietf.org::gyW0rmXKBTbEU6g8:CkxY
Date: Fri, 13 Feb 2026 00:40:25 +0100
Message-ID: <87qzqpedjq.fsf@josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: XWGK2VEA6ABRVRHF43657FMAJKZ4ZXUU
X-Message-ID-Hash: XWGK2VEA6ABRVRHF43657FMAJKZ4ZXUU
X-MailFrom: simon@josefsson.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Zg-jTT9fbYcY9EkFe44ee0mYMV0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I don't think the TLS WG should publish this document.  Pure PQ KEM's in
TLS comes with cryptographic risks, and the risks aren't sufficiently
motivated by reasonable needs here.  Instead this seems politically
motivated.  Let's try to make sound engineering decisions in the IETF,
not act as a political lobby organization.

I worry that the particular construct in the document violate the ML-KEM
patent license.  There should be a IPR disclosure on this document for
the Kyber patents, as I believe authors are aware of the patents.

This is a document that is reasonable to publish outside of the TLS WG
since there appears to be deployed implementations of it, and having
documentation for interop reasons is useful.

Complaints raised in earlier WGLC's still remains, and should be taken
into review during this WGLC too.

Finally, I worry that due process is not followed since relevant
contributors are prohibited from participating, which subjugate others
to not feel at liberty of expressing similar opinions, resulting in a
non-transparent process that invite questions if this can be considered
a fair and open process.  Further reading:
https://en.wikipedia.org/wiki/Open_standard#Comparison_of_definitions

/Simon

Joseph Salowey <joe@salowey.net> writes:

> This message starts the second Working Group Last Call for the pure ML-KEM
> document (draft-ietf-tls-mlkem-07).
>
>
> The file can be retrieved from:
>
> https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/
>
> The diff with the previous WGLC draft (-05) is here:
>
>
> https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-07&difftype=--html
> <https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-06&difftype=--html>
>
>
> The main focus of this WGLC is to review new text providing more context
> around the use of pure ML-KEM.  For those who indicated they wanted this
> text, please let us know if the new text satisfies you and if you support
> publication. This working group last call will end on February 27, 2026.
>
>
> Thank You.
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
>

v2.39.1 | Report a Bug | By Email | System Status