[TLS] Re: ML-DSA and Composite ML-DSA: How about do both of them for TLS?
Bas Westerbaan <bas@cloudflare.com> Wed, 15 April 2026 20:45 UTC
Return-Path: <bas@cloudflare.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E559BDD27801 for <tls@mail2.ietf.org>; Wed, 15 Apr 2026 13:45:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776285907; bh=PQwVgXu90SZKfL6EjM3PhBT0qgbzBpF8FqlDrQ95a/w=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=btFL8BgkLuJAbAXr1U6xc74H4ucetM9cUoDRbpTVHHOZVp1i3nEeWtD0P9r0cw6Hh 2CfgesJ3/ktYSfpnbPKmftrwbLBfnJNP9WYGG9mCIAPwAtIpFTyxtTHQ2dfQclqTQu TkQqHJk7tVakkLcrZz3mykT65T6bIvf91EDpUHjs=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cloudflare.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbbQF3zLr8EC for <tls@mail2.ietf.org>; Wed, 15 Apr 2026 13:45:07 -0700 (PDT)
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 8F8CBDD277F3 for <tls@ietf.org>; Wed, 15 Apr 2026 13:45:07 -0700 (PDT)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-79a535e7c00so87820827b3.3 for <tls@ietf.org>; Wed, 15 Apr 2026 13:45:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776285907; cv=none; d=google.com; s=arc-20240605; b=b0fGIYIWfj6daSNsz0Rpja6x5+Apy/wt1+jUWg+ZOCOxmSZIJBlW6ehLAyqCyy9e9T ofJMejhzhuxegj/4whjtlaXdbqmWk5MZeZtw1b0/kJBjynuAgvbfrUppJcYZoAGBMFjh /0MrH63bj1aoM0FYetdb2ZIOO95BuscX1XAb7nV/cJiNKtmH928Q9wtZvx4zERVTAxVb c6k9H9oRCN5vqp+ZC4ruBAIi7wl7VocyyGxaOJkQcpKQZl0tiEEbrBRMzQql20RndmOh fuUyqpfchmx+F2Lhr037w+LKXHAj0NXu5G6APnIXk12ulxGlOSCxgaWN/CevNyzs63+Y q8rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=HqI52WQNvrYSHySrUqC03SnR/kkye5nGHMzploKqR6Q=; fh=+p1niX9gYXLhlQNlU8U1vdsIOCgOlrkoiriOmnKyCAU=; b=K7X/uiXlc7i/KFAEMqnUuTmqIRW6EX8vw2sPl08ClJtuWsAUABXNZc84dAqt7GpzNF in0PwQSU1dB99+mUNDuNGg9HpRO+Bv+TsWPDtud1its2iUeOZEoifAQr6RPW5FUrEDti L2YWFy5bin7h7pOGOhsNZQZnYx4XDEPB6Ev2LIkLq/F2XqgrIGT+bbVCvs6om6bPkPVd XPsaZa0ampk1ktFHalnJoL4T+hCtiqGDMgnit0eCgCP2MKJE5Mr4ez9fFQpbyCWwcW0Y dGVd9y3mafvCI5Aqn43lsVjVPdijDoXYl86AytYvDc7k2x0ViihpyIm+V7k6QktOjkGm n+Cw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1776285907; x=1776890707; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HqI52WQNvrYSHySrUqC03SnR/kkye5nGHMzploKqR6Q=; b=JHSzlO9wMQPtAaVfmMYv/imT5bJ3HTvZCt+z0FHGSgaqwk2fXWf2Nq9xWuyIEO12ek hik3vxoPA6pUpkLzN1KWeSbcwVE2KNTgwqUq+JfkLJbGu11K8kSNzdhDoAg0NlYbyU/L 5CEADjfRogAJ6bxpZgWcvwBlhECXAG7nONfPh3332fM0BNPFBnO7VOoHJBqTaqJIq96B zUT09Wb04SqHGP5TM9vZ0ii+TphvBwmbuXhMM8tfKeiUovedp/pNhDg4++z02H31CBXq 7QxnPUlO9bl5JGwEWBRlSZz4j78/9xyqq3evcD9LUku940EbpHDpuml3M6x/FIp/LQ5q p4tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776285907; x=1776890707; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=HqI52WQNvrYSHySrUqC03SnR/kkye5nGHMzploKqR6Q=; b=FAkxEHun0295uxpxmglJA5QfTcnhk6Eic96uUwtwNA25gggvBaQ6921pmf1cAJ/Nzm sD6zLzAoYDeoXcoxDsz5gqEhU5rOSyJWJnNa0dUrbq8tAzyvEaYSeNQBz0XDBwcHnQrl LbD6eXzI3nuMCPRWPUtcvFt7kdoKCayY+bkYsnSyjWphAHScTUZX4UdIioYXjwMB5cui HTkSbvs8mIXW3uW5a9Gu8KUTNAnlZxA5GSL2hCBgb48NXD9p9QcIH1A08AhybjBKNPKi 5SZJLJzcNHEmwbmKZN8Z361ljjC4UUnOGSHky7ORjdlOVruRx2LPSuJ/sOcHi1whehiA 2T8w==
X-Gm-Message-State: AOJu0YxEM1/zBUt/uzWi5ktaiL1+2c0CuLBhjg4nwaVLYu34d/zjUkbx HomxgWjIYnakWpKoWvALPNi0odSkhtCqAUVPNRa/8xmv0IU3QsCXC8PLJRdAR0thTH34nlt0nVK KPKTelxzMzQyD5JnhF7p8N1j3QAaDaVuxg8h86Ux7XP9kUdTqf1+7BZPFbw==
X-Gm-Gg: AeBDievSF1Urapg0IZ+JBMoKj3hZ+NWcMFiG5kNTVqfgyuCTjh2UjEvfG9UzNg8QajQ JsLUSoz9ZT27slgaR2nyMNoIhad6uZPPBnrrh2c1SNV9hxS7NQtKaSYwsEc1JgEHvvIZbVL7jGD LFlpk8ulMI3GPqTPv3vqEUFFdGI5l7IxUwn25pv2VtnB/HyJ8Z2hjl/+4Z46e762+iA2B+0UB3Z 0CEMHkqjCq0xEWFg1F3Q7fUG0NTtjkJhV8f+lv4hZf4z3Bwb46Gd1NOSfIfaUKY5MHhEsLPeFrR 1AhLaoRrF36G0gyD9bLhMssj1cuWOzUyx/scis34eMmr15Zvgyv3JRjFu3eNlCLqn4iHnJ7hUtP gUw==
X-Received: by 2002:a05:690c:6e83:b0:7b2:1bf1:7ffd with SMTP id 00721157ae682-7b21bf1825dmr161188367b3.51.1776285906729; Wed, 15 Apr 2026 13:45:06 -0700 (PDT)
MIME-Version: 1.0
References: <69dff6e1.050a0220.2b8524.79bbSMTPIN_ADDED_BROKEN@mx.google.com>
In-Reply-To: <69dff6e1.050a0220.2b8524.79bbSMTPIN_ADDED_BROKEN@mx.google.com>
From: Bas Westerbaan <bas@cloudflare.com>
Date: Wed, 15 Apr 2026 22:44:54 +0200
X-Gm-Features: AQROBzCoDvSC0-zLaCwqn16Qb_dA44rmD0DuMrXEvb5fDkHyIpyEmp4q___G2fo
Message-ID: <CAMjbhoXkpXe4EaNJKtyPfhOnFW8ZRWYkC-b2zHJWBoAtLcanyQ@mail.gmail.com>
To: Wang Guilin <Wang.Guilin=40huawei.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007da208064f85ca91"
Message-ID-Hash: 2NKQ6T5Q3X32XHELNQITUJIKUOCO23J4
X-Message-ID-Hash: 2NKQ6T5Q3X32XHELNQITUJIKUOCO23J4
X-MailFrom: bas@cloudflare.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: ML-DSA and Composite ML-DSA: How about do both of them for TLS?
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_4RaH4Ho6ROOob7N6lYT5N0xUCE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
It's not really two choices: ML-DSA is three and composites are 13. Deploying PQ is great, but if both ends don't accept the same thing, then we could've just as well not deployed it. Everyone agrees there are too many variants of composites, but when it comes time to choose which ones to include in a short list everyone disagrees. In the past I favoured composites, but given this fragmentation which we haven't been able to solve, and the limited security benefit anyway given there is no HNDL equivalent, the reality is that pure ML-DSA seems to be most interopable *and thus most secure* choice. To be clear I wouldn't object to composites being standardised, but they're just not useful if there is not an obvious choice. On Wed, Apr 15, 2026 at 10:36 PM Wang Guilin <Wang.Guilin= 40huawei.com@dmarc.ietf.org> wrote: > Something like half and half to support more on ML-DSA or Composite ML-DSA > for TLS 1.3. Discussions are not just about technologies, but also > confidence etc. > > So, why not take action to both? > > Then, ML-DSA document goes through WG last call, and to start a WG > adoption call for Composite ML-DSA draft. > > Just like if we are not sure what customers will like, so we offer two > courses for them to choose. > > In a little long time, it is quite likely that both become popular. > > Guilin > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] Re: ML-DSA and Composite ML-DSA: How about … Bas Westerbaan
- [TLS] ML-DSA and Composite ML-DSA: How about do b… Wang Guilin