IETF Logo Mail Archive

[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

Ben Schwartz <bemasc@meta.com> Thu, 12 February 2026 21:57 UTC

Return-Path: <prvs=050314fc62=bemasc@meta.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 113EEB68ADB8 for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 13:57:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.692
X-Spam-Level:
X-Spam-Status: No, score=-2.692 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjOpO46OBoyj for <tls@mail2.ietf.org>; Thu, 12 Feb 2026 13:57:28 -0800 (PST)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 34044B68ADB1 for <tls@ietf.org>; Thu, 12 Feb 2026 13:57:24 -0800 (PST)
Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 61CKQBLj1218994; Thu, 12 Feb 2026 13:57:23 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=s2048-2025-q2; bh=3/7TL8CSzcd3GzB8mxun 2Bbl3NL/4wv7fCPh7lsgbxg=; b=bWY82Z7CO7ozHEzPYZLCqsncoLZAlIwW9xEM /79knlz9UF3RFiEfHM4qikR9wrZ/0Hv5CVdh8Q47nJGI3ZF8HPbicRf1hBDvyuFj APwnTy4dsaf1rU2lP2l+WA0qqym73EWhTn/Ty/3S8IkAXaUe2Nl/ZUJK9tNdhkn1 Nbf2HeNvrwcNcOA4IikBJ8yGaJuz6ZrbfiuPKGbDvP8kqVGI6aUvey8CZ1Cm1FyA qUqGo1K6VWuPXT7Uq7xLoZPr5S6feCJKockt+ipFO73sMUipq6x+rrZU2rJDozE5 hNNohg8e6RdAQrpZHw3RSBeXfzWTjGyrVvDFVIc6+BwtJr6hKQ==
Received: from bl0pr03cu003.outbound.protection.outlook.com (mail-eastusazon11012051.outbound.protection.outlook.com [52.101.53.51]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 4c9jadm75n-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 12 Feb 2026 13:57:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=H3X9ixgfOnBsSEsha0uZJTDVFaF34a7yAwKKGHt/XT4vzXarUPr1/Bn7zbEZ0tILfQtgBt9hXVAfIUncJCUYuVCAkljsuuog7GQqzbit2lMB8naIIpqswe8dP/kYx7Mgn2GmdwXV0i27ta1Cms9qeBCpr8FD9L0hYwzA38YaLTwbAXYetgAVzoFgVohU0Py6FxYwWDUjoMZPOJzkN1tk51sAu3+Vx3KVhHwpLoLmVaiRj6l7LESpfMJxwLBGovHJLE4HZSo94hT2u7WIdYRYdsFd2dx44Vbb6HgpWUmXBQSo0yXVt5K3bcQtAM+D0cYv4YlvxUsLwFcycoVEK+O9RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jZPqiFAAedD7pfHe5rFy+STIr6nFq3tZxZuKzQ5JeWQ=; b=sQ5pze/6tBCehyklRrzb5AfDIcLzsmdhaqFo1nqXFEsTybgekzHCQsDeefTiCbHJKL7kEcauklTZn86naavYqR8ig9pIQ72RGZpK19F/XVdepF0vkFPPkpC2DF2UUGlEbyusXW6k/B3RkwMohjeU+Yll++/zsWRfyZf+I4++uP9sDhE4CgBALdI1sHj4LJdOodklymvog8Nz6m+FSBgXcgPD6nXY+XLMyWtm3M7KdSQLWpvEE+eF5OC68AXt+23yJyMhpXzP3E5ZtBpnW+rdthB73J81ox3OtoD5R4+p8J8W1IxnqGMd+FLHqteyLUvd7qWRQ7Cam1S6b2VdHsWlHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from DS0PR15MB5674.namprd15.prod.outlook.com (2603:10b6:8:151::9) by SAWPR15MB7090.namprd15.prod.outlook.com (2603:10b6:806:4d4::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.13; Thu, 12 Feb 2026 21:57:20 +0000
Received: from DS0PR15MB5674.namprd15.prod.outlook.com ([fe80::c125:b18:8040:19dc]) by DS0PR15MB5674.namprd15.prod.outlook.com ([fe80::c125:b18:8040:19dc%6]) with mapi id 15.20.9611.012; Thu, 12 Feb 2026 21:57:20 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Deirdre Connolly <durumcrustulum@gmail.com>, Russ Housley <housley@vigilsec.com>
Thread-Topic: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
Thread-Index: AQHcnFuNP5Z0ZmFFtEulFx+cHAjQsrV/lyIAgAADhICAAAFOnw==
Date: Thu, 12 Feb 2026 21:57:20 +0000
Message-ID: <DS0PR15MB5674C55563A2FA4A0ADE7FC2B360A@DS0PR15MB5674.namprd15.prod.outlook.com>
References: <CAOgPGoDLVqAVesWjrrD9ZR8HMkqQVLMp69vOkXPkk87MzcsOSw@mail.gmail.com> <AS5PR07MB10596FC9D182E975AA0E11F8E8960A@AS5PR07MB10596.eurprd07.prod.outlook.com> <1050A0B9-9F8D-4762-BAF6-1BD290249F90@vigilsec.com> <CAFR824wWeM-0XYYc2XbLHBZFwCUZY4G-uoPTt6X0H23QgNcpUQ@mail.gmail.com>
In-Reply-To: <CAFR824wWeM-0XYYc2XbLHBZFwCUZY4G-uoPTt6X0H23QgNcpUQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR15MB5674:EE_|SAWPR15MB7090:EE_
x-ms-office365-filtering-correlation-id: 16ccb241-f657-42ee-1cba-08de6a81b24d
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|1800799024|366016|376014|4022899009|38070700021|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: YFheFGtsp0vaqyXSg69vhLOu/a9TGpqsfc+H6v2h6otxaReWALhRzPPxxd+YAbNzE2lFceZUqLkwMtBdJQmXPsMOWTrzcfzkgHi3rVRfQutYX8/gst0VWTjYqRHclnPUho8HTSyKB/hVQGIGV+OYwPR1OOC4RVwxVxleqqd6SitN6+O6hOalaBTSk4vNQlfmfiVbrwN1IzJhseuIRZdR9GTK3Y3pQ3IOhb1Kr+smCVIff695o3dCzQtt1bYkBePgoH7Zb50CvXbS1Y2a+TUslBuYl2A1gCtf673LkZOq1M6yvK4fOciOCxl4SiKaBpj8vFI3JOKzQpBeQLS+6G3AsIsBl8D5HUdjdyatoz4lAkswjSWXlw2kpjsJmBGzUYlkEuIzRYLfJ9oWA3H1uKG6lX3AFzfqfKajF7aek51OeUbSBzYhQO34mRHitCchnZ3fnl8WUVRdSBNlHoPna3Y5hifnbFFHbMnXm5DvItvicmG6TogXfvSG4Uifd4dLgDKahNMlm3Nn3KpEsUtXY8rfZtkc8MMB/JRsBO1Kit58AGRapOeE9hWP+/VC+VYMK3YCclIUsnZFuJAtTv0VHnpMnguG6KXXpZ8pml9t1731YtX9qPM7hsSOyAMv4pek3q3xf1uHmfPCxw1qMdR861ebXrNGpV84Cx7I8YrUOrLhjWpBDRe3f0/ML5Ujj9xD8DbXkef1K4U2xx0kQzMWK8HsYR0XaZHQy/AsdhzK4dpELOeh1U5pyKhQ0GDLXoz1ea3hHJMdBJ26k0M2Kda4KNVTmfhmgvcdGu1t6ytkWWJFV+k5CPgjRXWwxXOizpzZQmQAX/jxHVPD0iC+hRY0u1pgovO7bFv8euNndEY6bUgvfw2a5lKmeanLgTMq01eYfuIQfWJjrT7kleIVVr/UHNFIU2VLopg53MicG+zzn6aCRO3MOmMzjZyKdce0jFUzBxgJwwxIarHy3zUDrX4UWmTH9n37xP5xeI7Z2Gf82QRMnYFisOmman8Y7TKy0VZppx++/xSisuaosIG73CSismGHiIL8LCRD6xrUgYlpyhhmVpfJPhn9GnHhyCddCEJnh6L7W+zI8oVXJJ8C9yNh8HigPpkE+ARzXUQI4S7oWyHiGmTRfOpSvYg/QkIGOZol7pmqnJFE4YUnLA009X9FiIRkEsx/dKbfuHc50/CjQxWClIihOCKVWDGJ5VJ62havQ8hvOg8gNfp/7hXrK2L3uThbyf0BkEM/t56yWDo5JVq/GjaN6hwzw17ZoL5Z0OFQHSK/qzPiUIlejz0Pv8m/i6mB7PEZ2LX2CCOTJ32AFVb6uu8uWqbUTqek3nXXd5bR7ci94DHpSZZM8CtVYrE3VH1tLg4S3tt0pLBDoDA4abNXI/wxKTo5KJXzxOSqfkjPWSmFezbqiJcYGhncQOetG/6IXvZe9n+t0Z4G24dg7O+CXCuYS7ZTLVnzW/VMjVqP72juvx3vu+XEEWV6ZxG4JRDCpjzjyIfTo0JBvAYJAqAL94xown0uyQLdMftTdBqrCKK5x2+gkC+2peD1f53YZ0C4iUyQFlRWumu4VKQVUAqTOQU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR15MB5674.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(1800799024)(366016)(376014)(4022899009)(38070700021)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6b3SsV69efi8EDaURlxmW29NFR96mYWQk2kURgr0YXCKmOWqA4yGPkrpA0wd1WNqo4nMAL+DvJXQLToaXoXhR6nOAANUw7qDKXhYZxIyiQR9I/sC64B+D/D5ByJOBHjlIk7x4G03eiG7rimT1MgCopJ5ig+5aMn8tdUIOsw/uzsNmiEmVujzPjjRE7YdFBORlDi9EHrUHHN7HXoJUDsKRAsZa39tLREOtQSbTdWiBkhG6ozYVi5TOZTwE6UzvjZLin2H5biHGQiEyAm7IdvQLptHWvzJtprjYGzL3WpiaLgvrzTpfbbATJmK4hVdrflC6NKjXpjHR71Z2ecRsz9Mu/f2pZoWXuJx81o+tl0CIibhWDdN7/ZUsGICPn/WVLNyIOolbp401lv1HuvcF4Fbt2wzlLHObl3HIJaNlvnahSMEP9kZYjxfYp6P/CJ97uKn4ew8Zh6O/bzsXPi9t3F82qSfisX5+Byi0nS2BqorzSjXI97/jzUQBwM7TSbqRif0EWqsV4sg+Yh5KbF0BI7/coGY/vPI1gvvhkdvxM53df02JUKbpiE9ImMcDgyl4pvd/Q9vwNzEbtxlGIJf8Z7J7DvBWxIqTZayATk+epULo07H085OwP4YRM9UYYu1yX2yMM+3Qfj3qefXkmIKdzYAsY2TWgAeFpstAS21FqX4s23eWSA7izpHZDyRmT6pRdPLq6w1dOwT2aAMbpO8yeDH0xMjLnp1nfmpmSsrl6v9uSbVWpZWV5O4MDlHSBmCl9tKDyeUSAMBumXN/oklYkhBBOO98N6lRmCf8BdmOrsyRZpMAh+EKpcGcur1n3/6Ni6FsEmcTuxmpydmPupndeNPdSZkf/Nt5pc6cY/7Y6+9L25iT5tgNgYTbJ3Uz2rL2IPCrCkdxMOxjPs3PgsW3F6yst44JMe8+Pbyi4Z9VTQVYdwuUOaxwDqxxN7FAVKPW/iVBXyPvZLyInK5ZDAXdlO6qpk8CGBFepbjeUrKNrNhzB41bpeduq/k0JnZZ25LIOQgJLOnzMnjX8UlMVNhM349b+xWJRUVlBH7OkvJXrbupXKy5f6j7PhfD5agCbzW+a/P5wNir4VjsyIm2RaWIIGtxe9jg9GbF6aqYi77v7mvc45u33n/vj4Nt/mvck01qBOEoAFaLmINGRps7SFwJef/XTxUgy/1S6zmzKOuA3lNniCG5OEADlJfm34xp0ToQkAKyTqokq7nd8FDTHLz3NeXqoqWbN7b0gSemst+kBHM7w8nvOmcOIVd270mSFJ0u3uBXPAQ1VfhuJ/tOTej8/T4TeWkbcY2xlo+ntX2XgQwxlRWj0tOSPvAva+usAYUTfiwLwdrCq2gSv9NUf9KE0o7JvMP0DJabifxP2OdeBANfOtYZwO8DE91nDE1b89pNOdEr1PwOboXs51iW+iKGk1TKiLmFlFuEXbsu+NpsvjUU8NuMCnVBLsYeR0JNK/hPuVgh/8eNHEjWXPI9cIs3lcCci10TFxFzBOijt/xdfFTD9bNUAXN53YIwsZz3sf8kEi2KlFEdtijBVL3j51Z9vwG7P+2CfZmkJuP3ZO/n35BajhfE1lWgEYofxhNeK7B//ZnuGyfsKPSAakwSGmBILZARBT5QybXEFz1GH+YXj4xJ7oRHEKHAaETRHtq5+LlLO7UtZ8s2kyhu6vKwssqVjbY5FMl+j35OS/7u40OiKyxHGfDczIvs/doOP2TTmYDEDcNxsjN5hK096Uo5GJpcs5APgpx/4rJ6+up8GdMzyrWFagLlxZ3wCNrr+VROxDsbyj/
Content-Type: multipart/alternative; boundary="_000_DS0PR15MB5674C55563A2FA4A0ADE7FC2B360ADS0PR15MB5674namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR15MB5674.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16ccb241-f657-42ee-1cba-08de6a81b24d
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2026 21:57:20.7873 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L4lb4RjCkuw0e17Sbe+uQEKcj18XLpr0qfUwqXMj50I+JzdApj29w2pB/1cRysCO
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SAWPR15MB7090
X-Proofpoint-ORIG-GUID: DKEgEUgPHlBLBzwseVtduLjDUVGxAzdm
X-Authority-Analysis: v=2.4 cv=SMJPlevH c=1 sm=1 tr=0 ts=698e4cc2 cx=c_pps a=Q0mMAVO0nY0JadJ+SMvTrQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=HzLeVaNsDn8A:10 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22 a=NEAV23lmAAAA:8 a=xIZO9abAAAAA:8 a=tGX7uwomAAAA:8 a=48vgC7mUAAAA:8 a=VJFHFPW5AAAA:8 a=pGLkceISAAAA:8 a=0YBHakDft1zkvv5zR7kA:9 a=lqcHg5cX4UMA:10 a=PRpDppDLrCsA:10 a=QEXdDO2ut3YA:10 a=_qV--WFle5I-4LNYQMkA:9 a=2q4O/K3rjNU7EHYdBHB6dYyilSc=:19 a=UWVO7xzUwKHX2Ygf:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=LgweUIBtl_kRknmLL_AE:22 a=ZFOOzkjxzLGrPE5HuMia:22 a=AgADThdNmWmKxPRFMdYg:22
X-Proofpoint-GUID: DKEgEUgPHlBLBzwseVtduLjDUVGxAzdm
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjEyMDE3MCBTYWx0ZWRfX2UuvGhJfvjW5 VedwLsbJDJyB7awLA5rfvLFjGa4dIFqwT06cMLobueDKzr3reM4sXBlhP44Ce2ehXBnIbTo6bSi 6nIu3BmcZHJCpwfhRbc6jGFxoYJ2ThKZ0IFWPgGpcPLaCUYsQ+597D5UrDPkdP1qnvIMHu09gIx pbYv3RU3fZBvREmpybagQHXqNYZKyHD5NsOJBPHWlR4GU6KisBWl+WINAUfwNiOAnD9Rt5KK1Mb BL2Xm3cagEo6MXLhUrIWMIB9id7P0sjAGXlhVKNpB9Ac+utRnhNOOLmVOkoedty0y9TWLxb2ds3 ev/smGiBnanMz60/neVilhqiL1tUB8/Ulbn9/jYb1Wj/Fi5CFkDEnHkiAAbKeqEvCA8a8Fawf7A cFMUtiw6ecnkhcs0gpOkHB2UsytPXkNiV8Slj9JdbF0BxUnU01ASBZnXk8u7sFookJ2csLXmuPh uLOCCWT1lWBa+BaFp1g==
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-12_05,2026-02-12_03,2025-10-01_01
Message-ID-Hash: 3SNMIUCCLAU4PQOSPXQTJ6VLJQCFZRXN
X-Message-ID-Hash: 3SNMIUCCLAU4PQOSPXQTJ6VLJQCFZRXN
X-MailFrom: prvs=050314fc62=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/441wPrhFNgFojP-7HyDBzVyWdgs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Thanks for the updates!  Is ITSP.40.111 really a regulation?  Like CNSA 2.0, it seems to be an internal rulemaking within a government, rather than a regulation that binds the private sector generally.

--Ben
________________________________
From: Deirdre Connolly <durumcrustulum@gmail.com>
Sent: Thursday, February 12, 2026 4:51 PM
To: Russ Housley <housley@vigilsec.com>
Cc: <tls@ietf.org> <tls@ietf.org>
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

Thank you all for reading and replying. I have pushed some changes to the GitHub repo based on the discussions so far (not to datatracker yet): https: //github. com/tlswg/draft-ietf-tls-mlkem/compare/draft-ietf-tls-mlkem-05. . main (the tlswg. org

Thank you all for reading and replying. I have pushed some changes to the GitHub repo based on the discussions so far (not to datatracker yet):

https://github.com/tlswg/draft-ietf-tls-mlkem/compare/draft-ietf-tls-mlkem-05..main

(the tlswg.org<https://urldefense.com/v3/__http://tlswg.org__;!!Bt8RZUm9aw!6JX0lHBakOKOQwkU93hOnbvZZ6g_ADsXsJYmMVCq0Ra-yBJw18dr8yOhFjY47bSWrXt9ihttVadVt3a6pukU$> domain is messed up otherwise i would link the diff based on the Editor's draft)

On Thu, Feb 12, 2026 at 4:39 PM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
I support the publication of this document as an RFC.  I would prefer to have the clarity about ephemeral vs. static ML-KEM keys as posted by John Mattsson, but I can live with it as-is.

Russ


On Feb 12, 2026, at 3:08 PM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:

Hi,

I support publication iff all text related to “key reuse” is removed. In its current form, I do not believe -07 should be published.

Major Comments:

- FIPS 203 states that:

“the licensed patents be freely available to be practiced by any implementer of the ML-KEM algorithm as published by NIST.”

“requirements for the secure use of KEMs in applications, see SP 800-227.”

A reused key is, by definition, a static key. SP 800-227 imposes additional requirements for static keys compared to ephemeral keys. The draft does not explain how an implementer can satisfy these requirements. This creates potential non-conformance with NIST specifications.

-  The draft does not describe the significant security and privacy problems associated with key reuse. IND-CCA is a theoretical property of the algorithm. However, the security and privacy problems are related to the reuse of keys in the TLS 1.3 protocol in deployments.

Minor Comments:

- The discussion of randomness reuse in ciphertexts and references to SP 800-227 do not belong in a “key reuse” section. Ciphertexts are not keys, and SP 800-227 contains broader guidelines and requirements beyond static keys.

- “The client's shares are listed in descending order of client preference; the server selects one algorithm and sends its corresponding share.”

The server may also select no share and respond with a handshake_failure or a HelloRetryRequest (HRR). Since this is already specified in RFC 8446, it would be better to remove this text and simply reference RFC 8446.

- Section 5.1 appears to ​mix different concepts: hybrids, PQ/T hybrids, and lattice-based PQ/T hybrids. I assume the person asking for this section wanted a comparison with [ECDHE-MLKEM]. I suggest doing that. In the future, PQ/T hybrids will likely become less common, but it is unclear whether other hybrids (e.g., ML-KEM + HQC-KEM) will gain adoption.

Cheers,
John

From: Joseph Salowey <joe@salowey.net<mailto:joe@salowey.net>>
Date: Thursday, 12 February 2026 at 20:06
To:
<tls@ietf.org<mailto:tls@ietf.org>>
Subject: [TLS] WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2026-02-27)

This message starts the second Working Group Last Call for the pure ML-KEM document (draft-ietf-tls-mlkem-07).

The file can be retrieved from:
https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/<https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/__;!!Bt8RZUm9aw!6JX0lHBakOKOQwkU93hOnbvZZ6g_ADsXsJYmMVCq0Ra-yBJw18dr8yOhFjY47bSWrXt9ihttVadVt16FAWXD$>

The diff with the previous WGLC draft (-05) is here:

https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-07&difftype=--html<https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-06&difftype=--html__;!!Bt8RZUm9aw!6JX0lHBakOKOQwkU93hOnbvZZ6g_ADsXsJYmMVCq0Ra-yBJw18dr8yOhFjY47bSWrXt9ihttVadVtyQI6w0v$>

The main focus of this WGLC is to review new text providing more context around the use of pure ML-KEM.  For those who indicated they wanted this text, please let us know if the new text satisfies you and if you support publication. This working group last call will end on February 27, 2026.

Thank You.
_______________________________________________
TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>
To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>

_______________________________________________
TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org>
To unsubscribe send an email to tls-leave@ietf.org<mailto:tls-leave@ietf.org>

v2.40.1 | Report a Bug | By Email | System Status