[Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-03.txt> (Use of ML-DSA in TLS 1.3) to Informational RFC
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 19 May 2026 21:04 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: last-call@mail2.ietf.org
Delivered-To: last-call@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4EEA0F10B8EC for <last-call@mail2.ietf.org>; Tue, 19 May 2026 14:04:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779224646; bh=MxOEhNM0O3qoiOn8nusUAd10bd85V2Dk/gyfiO/0i0I=; h=Date:To:Subject:From; b=Ih6lJE5JalKEopEyxgZZo4GLAHaD03Xv3rF2O/ioeg3ocNLqmN9i2h7TlPcI41zVw 8pONj46dtIDBF6OFLz12rcp9QDSZucAZy2orZdBdfalI5GGlNssv0NDwaGjzZIQHuu SUe4xgizUFGZf7lSf21Ti5mm9Hob0scdjotGJJ2E=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VbR9px3to2QR for <last-call@mail2.ietf.org>; Tue, 19 May 2026 14:04:06 -0700 (PDT)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 09354F10B8E7 for <last-call@ietf.org>; Tue, 19 May 2026 14:04:06 -0700 (PDT)
Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-c7980c060cfso1831880a12.2 for <last-call@ietf.org>; Tue, 19 May 2026 14:04:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779224639; x=1779829439; darn=ietf.org; h=content-transfer-encoding:from:content-language:subject:to :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=MxOEhNM0O3qoiOn8nusUAd10bd85V2Dk/gyfiO/0i0I=; b=GrdxvBGQf6fPg7JD7emjhULmAJMvifu2eiF+CzH/MVKRuNJjb+daee1OEipNkVNoVl SdW1RhbpbugbNbzWYi1MKlMSJgT39RLkm/ZQNLP+uaSJlHIFim+Xj2NRBD3pr2wG9BLs T6jRxUqSPKiWLHb8+E1n73xzuX1ApnvDaYRhbpd1Z8nsP3P+IdZ7NIx59Kc1AwhTNFGY hVVb6QcCy4PFFVEcBeTjugpr/nU60z6C4S/xgmKkI3dkXdmAPRLr4A8wphDAjrTUS8Yg JCKV6MqOwA7L6gsbQpJZcmCWHvFxlA/vPqz9G4Dg/XbkHQJvMbFu/MAlJSuijLPQD8it 0PTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779224639; x=1779829439; h=content-transfer-encoding:from:content-language:subject:to :user-agent:mime-version:date:message-id:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MxOEhNM0O3qoiOn8nusUAd10bd85V2Dk/gyfiO/0i0I=; b=WSargcVcv5oaChwOFeNN007+ntUCoGPyoRopeSl0jc39iPnSgpuCE76YZqERnOtUqI 1WovQrOJcD+CXVwt4+76K21MJBtZjw9Oeev0krQSafjR5FVsS8qSDNtW4+KgoMoFe69n pRGfuhl71TdPdYpy/PA7Qqg/aiEwHmkODX6lrVE4gZ7GRjbXBdTrY6cqtbWG5uKlB+Xj iroIU1DShnSwO8GT6xQURdnM/8NvnzzdIZJLPzfbZCtAeGPRrCM4uNFBe8lenBQDRzcq rosnIFSkF/VFO1BZAg8YJsBJKUwTqSDTOD5Lh21ajtNTdiYv+jmzxsVv5PebwnZEJR0C 0kmw==
X-Gm-Message-State: AOJu0YyHb38ObOUh7y8rhePDRV/n3i54fMouoVbUg+oteZ8OlVqF9qci yeAbupm6hkNO98Ujm6L/DutQOjWKzuQaPq0zS+BZtWdjE7hfilqYa2fXoNAQpQ==
X-Gm-Gg: Acq92OHYVd/rqsZbaMgwxTmrSg64yBy3K1SpZUgjplcUtAYbi34NwTQspsyJmmamt1Z 5qDw1ChF/QepNhVM5ADExWAgpIQthbu+LTCS2I+sdrjHnxNvnY4Q4OhcDSUQ3yYpx3vaSeUeevj rJNlyhbZXQKHabr54tg/qEmsK8RoZ4FNGNijr4cyipAy4AsIgoTRpTl81AZCcdNXN7ixnoN9b3P h6o/+esYV0pPbnkm3daJPcVjSoKL/VemfagDRCckEigNG4uqMEei9u5v/EpOQys9oeODYgCCv14 MetI3uNdVDD7F0A3V0ekPIyIGL8a/28r9yrdG7LZaME/W7rDTc5Wcdu1sPtxqBiBxNtRC4RONqP gMOus60tanP2hI9oAx1DJqxsBaTI8R//Fap+Gj5KLpqwtGEw/hEk6bXnqff7dHeXIEKYqGiP/Mj tBxaZ3cCfxFRfx2h7BhvreuhczhzD6pT7NanFE5i0XmVUISdV6a7TfhcrWwGASyV/0oIONhygKY 4bqXO/Xoxmifhz+mNyHwiAm1GQn
X-Received: by 2002:a17:902:ce85:b0:2bd:ef15:9fce with SMTP id d9443c01a7336-2bdef15a1e4mr91961115ad.20.1779224638671; Tue, 19 May 2026 14:03:58 -0700 (PDT)
Received: from ?IPV6:2404:4400:a100:1829:5956:ca53:df83:6568? ([2404:4400:a100:1829:5956:ca53:df83:6568]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2bd5d0f8efesm202044225ad.55.2026.05.19.14.03.57 for <last-call@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 19 May 2026 14:03:58 -0700 (PDT)
Message-ID: <dc5e3bdf-da72-4a27-91e3-beecf67dd770@gmail.com>
Date: Wed, 20 May 2026 09:03:54 +1200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: last-call@ietf.org
Content-Language: en-US
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Message-ID-Hash: YDLZY3JTGA6O64CTV5PEVTOIZSLTEJ45
X-Message-ID-Hash: YDLZY3JTGA6O64CTV5PEVTOIZSLTEJ45
X-MailFrom: brian.e.carpenter@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-03.txt> (Use of ML-DSA in TLS 1.3) to Informational RFC
List-Id: IETF Last Calls <last-call.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/Ci6-8GUyVZ5eg8g9WfWAaj-DqJc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Owner: <mailto:last-call-owner@ietf.org>
List-Post: <mailto:last-call@ietf.org>
List-Subscribe: <mailto:last-call-join@ietf.org>
List-Unsubscribe: <mailto:last-call-leave@ietf.org>
I am concerned that the Security Considerations of this draft do not state clearly that as a non-hybrid PQ algorithm, it is potentially less secure than a hybrid equivalent.
I am no expert on the computational cost of cryptanalysis but I think that the IETF is ethically obliged to warn the readers of our output about potential risks. RFC 3552 (BCP 72) requires us to document risks. This doesn't mean we shouldn't document non-hybrid solutions but neither should we conceal the risks.
Regards/Ngā mihi
Brian Carpenter
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Simon Josefsson
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Stephen Farrell
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Dave Cridland
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Nick Hilliard
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… John C Klensin
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Paul Wouters
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Stephen Farrell
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Christian Huitema
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Watson Ladd
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Rob Sayre
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Brian E Carpenter
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eliot Lear
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eric Rescorla
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eric Rescorla
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Brian E Carpenter
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eliot Lear
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… S Moonesamy
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Christian Huitema
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eric Rescorla
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… John C Klensin
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Tim Bray
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eric Rescorla
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Rob Sayre
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… D. J. Bernstein
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Bron Gondwana
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… D. J. Bernstein
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eliot Lear
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: [TLS] Re: Re: Last Call: <draft-i… Bron Gondwana
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Muhammad Usama Sardar
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Last Call: … D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Last Call: … Viktor Dukhovni
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Re: Re: Las… D. J. Bernstein
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Brian E Carpenter
- [Last-Call] Re: [TLS] Re: Re: Last Call: <draft-i… Daniel Apon
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Brian E Carpenter
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Stephen Farrell
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Tim Bray
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Rob Sayre
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… John C Klensin
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Stephen Farrell
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Eliot Lear
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… S Moonesamy
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… John C Klensin
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Last Call: … Brian E Carpenter
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Re: Re: Las… Ilari Liusvaara
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Re: Re: Las… John Mattsson
- [Last-Call] Re: <draft-ietf-tls-mldsa-03.txt> (Us… John C Klensin
- [Last-Call] Re: [TLS] Re: [EXT] Re: <draft-ietf-t… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: <draft-ietf-tls-mldsa-0… Muhammad Usama Sardar
- [Last-Call] Re: [TLS] Re: <draft-ietf-tls-mldsa-0… Nick Hilliard
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Re: Re: Re: Las… Loganaden Velvindron
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Russ Housley
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Ilari Liusvaara
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Filippo Valsorda
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Sophie Schmieg
- [Last-Call] Re: <draft-ietf-tls-mldsa-03.txt> (Us… Brian E Carpenter
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… John Mattsson
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Loganaden Velvindron
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Nadim Kobeissi
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Nadim Kobeissi
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Soatok Dreamseeker
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Bron Gondwana
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Nadim Kobeissi
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… John Mattsson
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Filippo Valsorda
- [Last-Call] Re: [TLS] Re: Re: Last Call: <draft-i… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Last Call: <draft-i… Viktor Dukhovni
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Tanja Lange
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Salz, Rich
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Filippo Valsorda
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Nadim Kobeissi
- [Last-Call] Re: [TLS] Last Call: <draft-ietf-tls-… Nadim Kobeissi
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Falko Strenzke
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Stephen Farrell
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Muhammad Usama Sardar
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… John Mattsson
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Salz, Rich
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Loganaden Velvindron
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… D. J. Bernstein
- [Last-Call] Re: Last Call: <draft-ietf-tls-mldsa-… Paul Hoffman
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Damien Miller
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Bron Gondwana
- [Last-Call] Re: [TLS] Re: <draft-ietf-tls-mldsa-0… John Mattsson
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… John Mattsson
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Deb Cooley
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… D. J. Bernstein
- [Last-Call] Re: [TLS] Re: Last Call: <draft-ietf-… Bron Gondwana
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Falko Strenzke
- [Last-Call] Re: [TLS] Re: Re: Re: Last Call: <dra… Peter Gutmann