[TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3
Soatok Dreamseeker <soatok.dhole@gmail.com> Sun, 12 April 2026 18:35 UTC
Return-Path: <soatok.dhole@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 019CEDACFC65 for <tls@mail2.ietf.org>; Sun, 12 Apr 2026 11:35:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776018901; bh=KA4nVsAOXBrxYSVijpKnCXz1ofxYWXJOuRPZnehRvDc=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=UCjXDPp85LXd+talmmq/6RsEtPE+eYFGatxQ3pXIrKXVcw3l8/BlroPECJt5jbtxk qpWd2jrNvfvXIfQMEbb2iR2hyukD0+TSjqgyGSs6JpqiY99A1vYulZszJLeydHsQXb TLOL6yXgK4oBPpbnOWYgeiz7P6Ma+8KoHUJqppNg=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H5c4oRWQ9B-h for <tls@mail2.ietf.org>; Sun, 12 Apr 2026 11:35:00 -0700 (PDT)
Received: from mail-yx1-xb135.google.com (mail-yx1-xb135.google.com [IPv6:2607:f8b0:4864:20::b135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 67CD4DACFB48 for <tls@ietf.org>; Sun, 12 Apr 2026 11:33:34 -0700 (PDT)
Received: by mail-yx1-xb135.google.com with SMTP id 956f58d0204a3-651c3212b0bso181620d50.1 for <tls@ietf.org>; Sun, 12 Apr 2026 11:33:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776018808; cv=none; d=google.com; s=arc-20240605; b=ILdmCHmZ0OnD2sssNqoqLLlbXhQLumCou/doVP4EJSSOZRP3Ap5JWu0fKd7fnX29qv +kA3um4IRA9W1AKB5QL6Tjw/iPDmmcIoig5TPfdE/SVlf7C7ly9pvLQBnn76Xgvm8cqD 5Paz4yRJUsVYkIjGH9Un9r40sYBuwaAMt97OAiETEk6yjZsDOG7F+x0zYYQtHYiZ6tIz ZW3qJsg+4tBNRgNa96qoX6lYq6QyGr49C934Agtv2lNjPVu8byEV68WiUm5mlk1hq+9q 3peukq1qId+V/5aq9OXCZkwLsuH+iRh3mnjii4H9N2yDVbEEqyQT2XEjBXVvs+sD0BN1 /F9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=YVwzxTzD93LpFLPjoa8J9D6sn3UlH2JJFRe5KYVExr8=; fh=485OcxoqJ7+9eI6ThUA8796CZz9/pmWVDpEDA7wyMqA=; b=CBtDNIOc3j9MhYjCdagPljooD3tMp7MKpNlUWm9nNlSPAJF2QB16opvYSmSw0n7C5p KaEMU2jJD2vMUueMQL7HfFF1Kg6wKS5i9WZ5X0BT8jHmaEDjIbt41KBSI8g49MpablxN TB4bEFGbAPr/2EsA6NfTXC7/WwMZrqrveXkTbNfJvRoQdM3c6zJ/YzLhJreEjXZ0YtpD CgXmDqMHTRPIEp62DHc+/XbG5L053o4wkZu5926yphRS403mNEDI/ZLYkoRSK10mbzaN 4iy6c8cdQVJZ5M+rUd0fcIH/5SvFzi+z1TiV1mhszN4mMom7qYiPWByyw9+E/qa6Egrl RMWg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776018808; x=1776623608; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YVwzxTzD93LpFLPjoa8J9D6sn3UlH2JJFRe5KYVExr8=; b=n9IDWsVuXzjkgfRLjIIItHl7k0lzx4Sml1n3G+sKyYBApRZIt0vF3+2blSt8FEPVNI g5Z76xXS/4tq+fYxVH4HYgGARCyiED3vvI5QK9L/1dwU7tYOxhDKF5SCIhnzvr9YfFJI LevW1jVDr67oJck5MTHVSZIFb3pyZhE3qZsyj7MohOq5TrStlQa3qtE7eQWzwYQjim1P sGQ/R1lMkg2XBsUptaILweabDa0+ImwGOowscwxNJSMwIoxhf9u/jzQ5yKTwpjorRgEH pAUB0oVQU+lFvxvG53bTk7gXOmcGPZ01HBsaCw9CM/5L4ozWCtGJ3IHP0zl7rYPrJtD7 lZlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776018808; x=1776623608; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YVwzxTzD93LpFLPjoa8J9D6sn3UlH2JJFRe5KYVExr8=; b=L8Vw79acv7ouX50zgKtIvdj47dIKZPFgBSFsAd/PeI78Gfhc3bnDFR98+TbW88n/Kg DWdc4KuA1kHab9GCc8klEK/dvxAIZb3fBLe31YZOAeE4ZSgjJ0j6z+y2O4zKxmYbduw9 JfwnN2U0nm2kdulvAiR733j2l8rO81lxDR0SkQoT6NnYGI0fsmqhEQ/+5d36lhrvFFAb vEYqnyksO5T4IFXqUjowEGA8Rsx+S72cOPfGnWLP8dnuTVLcC61S34/KJlnp/998y0Mx nJvH3W9B2dizilzUOL43L7JypaOdwadSVaTJlGYBYEupqcH3/ehxPaG9xmHM2llclasJ 7ahg==
X-Forwarded-Encrypted: i=1; AFNElJ94ZL0qekzT59PeeNdZDcQnQhK7zuOMF7aamLdrbpuZ9/x4jkCYwVpMKt0yNoXvecLCVX8=@ietf.org
X-Gm-Message-State: AOJu0Yx0NbBx75A6uI7Ef1Gtz4yns7wWxeRj7/RVyOhFlu+U55QzPmQr 9MpLO5rI6za5M1i2tGIXz0/JUY6MZDxZuuutBWaa4XVYjqPk700t/HX6KAXhZ9dYof4cKahVFh1 J3PuoqHMOsF5D4VqrMj7bqGk7AN+rdjz/K1Jb
X-Gm-Gg: AeBDievX37yi19rj8in0Jx3z48P6k+Tna7VgtJNo17Ebzw60jjcjCNjb4X3FisNP0da na8Dxuw0bDGi70185ztguw/74VGrZ6fZN/Fz6883zDTPHfsUNOqv1kZWcwPZgU7hIsG+LxOxNLs 5Z+ua20bw4NiFYmxtxxcp2bsxSb+4mMhWOLeKNVvU5Nnz6mB9HAGO006MNJaiCx4kn1OqVNx5Fm L1+MrnMiH5yCTvVoYMcpoQygNpKomxrQUM4+UkSpDdUhdIwoAQjS1ZHOPKcfIiGUybRJhwtQHkY gM41IfTZp8hHvCGbs7sZA7ulVbZt1k4Iq/4G2ia694OdqjBJDIpICIgktJfBOw2xC5LctYuxdw8 Z2UXCGqdjXTwa6mClgiMhR9S1AqEoDbNU8q/9LAEoWm4ittRO/gdBHEez
X-Received: by 2002:a05:690e:4842:b0:64d:6cf8:f9d with SMTP id 956f58d0204a3-65198beeadamr6874613d50.58.1776018807671; Sun, 12 Apr 2026 11:33:27 -0700 (PDT)
MIME-Version: 1.0
References: <16CF0FDA-7263-461A-9F2B-D37DBEAF5DD9@sn3rd.com> <874ilg4j5f.fsf@josefsson.org> <CAMjbhoW2hGst4bOv0AsJceEeP9n-d-phBk3OSU+TmRz=SnwXLw@mail.gmail.com> <87zf3833tu.fsf@josefsson.org>
In-Reply-To: <87zf3833tu.fsf@josefsson.org>
From: Soatok Dreamseeker <soatok.dhole@gmail.com>
Date: Sun, 12 Apr 2026 14:33:15 -0400
X-Gm-Features: AQROBzBRqxBsaO672No994I1WMalzqScScjP1yTeIupe0ftKtm4bLFbVQr-P52A
Message-ID: <CAOvwWh3BviyKLWqZR4u9kFr9bYW1s2bfjf+oRjsRuAozuSgfTg@mail.gmail.com>
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000255076064f479a1a"
Message-ID-Hash: 7MJKO7PS7NJWNIUWJXEYHVJFE2GDDY5N
X-Message-ID-Hash: 7MJKO7PS7NJWNIUWJXEYHVJFE2GDDY5N
X-MailFrom: soatok.dhole@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7rwzMGxm__WCuG6AS-OuH2N3GwA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
As someone who *prefers* hybrid KEMs, I do not believe the same argument holds for hybrid signatures. There is no analogous "harvest now, decrypt later" against signature schemes. They can only be exploited once a CRQC exists, and not a moment sooner. The pre-QC algorithmic risk of pure ML-DSA vs hybrid ML-DSA is significantly lower than that of ML-KEM vs hybrid ML-KEM. On Sun, Apr 12, 2026 at 5:51 AM Simon Josefsson <simon= 40josefsson.org@dmarc.ietf.org> wrote: > Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> writes: > > > On Sun, Apr 12, 2026 at 11:35 AM Simon Josefsson <simon= > > 40josefsson.org@dmarc.ietf.org> wrote: > > > >> I've re-read the document and continue to believe that this work ought > >> not to be published through the TLS WG. There are other publication > >> venues available for crypto algorithm registrations, and I believe using > >> our time in the WG on non-hybrid KEM's to be a bad idea because of all > >> the concerns expressed throughout the life of this document. > >> > > > > Simon, just to be sure you read the right document: this thread is not > > about KEMs. > > Thanks for the catch - one week of vacation in the sun tends to re-set > the terminology brain :) > > Please read my comment replacing 'non-hybrid KEM' with 'non-hybrid > PQ-Signature' above, and replace 'throughout the life of this document' > with 'by earlier discussions on the insecurity of non-hybrid PQ usage'. > > /Simon > > > > > > >> > >> /Simon > >> > >> Sean Turner <sean@sn3rd.com> writes: > >> > >> > This is the working group last call for Use of ML-DSA in TLS > >> > 1.3. Please review draft-ietf-tls-mldsa [1] and reply to this thread > >> > indicating if you think it is ready for publication or not. If you do > >> > not think it is ready please indicate why. This call will end on April > >> > 23, 2026. > >> > > >> > REMINDER: If you have not done so recently, review the TLS WG's Mail > >> List Procedures; see [2]. > >> > > >> > The Chairs, > >> > Deirdre, Joe, and Sean > >> > > >> > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/ > >> > [2] > >> https://mailarchive.ietf.org/arch/msg/tls/ucdImHExlbOf4Q3BCG81gjzi2xE/ > >> > > >> > _______________________________________________ > >> > TLS mailing list -- tls@ietf.org > >> > To unsubscribe send an email to tls-leave@ietf.org > >> _______________________________________________ > >> TLS mailing list -- tls@ietf.org > >> To unsubscribe send an email to tls-leave@ietf.org > >> > > _______________________________________________ > > TLS mailing list -- tls@ietf.org > > To unsubscribe send an email to tls-leave@ietf.org > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] Re: Working Group Last Call for Use of ML-D… Filippo Valsorda
- [TLS] Working Group Last Call for Use of ML-DSA i… Sean Turner
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Stephen Farrell
- [TLS] Re: [EXTERNAL] Working Group Last Call for … Andrei Popov
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Quynh Dang
- [TLS] Re: Working Group Last Call for Use of ML-D… Stephen Farrell
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Jack Grigg
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Scott Fluhrer (sfluhrer)
- [TLS] Re: Working Group Last Call for Use of ML-D… John Mattsson
- [TLS] Re: Working Group Last Call for Use of ML-D… Daniel Van Geest
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Ilari Liusvaara
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Nadim Kobeissi
- [TLS] Re: Working Group Last Call for Use of ML-D… Thom Wiggers
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Stephen Farrell
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Jan Schaumann
- [TLS] Re: Working Group Last Call for Use of ML-D… Corey Bonnell
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Watson Ladd
- [TLS] Re: Working Group Last Call for Use of ML-D… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Use of ML-D… Robert Relyea
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… David Adrian
- [TLS] Re: Working Group Last Call for Use of ML-D… Tim Hudson
- [TLS] Re: Working Group Last Call for Use of ML-D… Christopher Patton
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Michael StJohns
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Robert Relyea
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Working Group Last Call for Use of ML-D… Simon Josefsson
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Simon Josefsson
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Marc Penninga
- [TLS] Re: Working Group Last Call for Use of ML-D… Michael StJohns
- [TLS] Re: Working Group Last Call for Use of ML-D… Martin Thomson
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Working Group Last Call for Use of ML-D… Peter Gutmann
- [TLS] Re: Working Group Last Call for Use of ML-D… tirumal reddy
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Jack Grigg
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Daniel Apon