[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)

David Stainton <dstainton415@gmail.com> Wed, 01 July 2026 09:44 UTC

Return-Path: <dstainton415@gmail.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B9C2A10B78E4F for <tls@mail2.ietf.org>; Wed, 1 Jul 2026 02:44:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782899084; bh=Dyx99k5vB1ZgjzLtOZ9e4UH3lUAJJRdotZ0rmjOCv44=; h=References:In-Reply-To:From:Date:Subject:To; b=UHdAY1ncROUPLagwXyqGG1buJ9f1ypH/C+chOuvshv3Ga2yJQQ+s8uM4qA+3kv9Y/ XRsseZ0reaYXXZXC54EpEhp8JIYkXpU+kv0EDAUbA7IdG98LXO4CZxg48lfY0V8wS7 q0/I8e7KHtxlZBr/iNuX1+iB5pzgg/aqmnj8iWR8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 76yX5W8X8AMQ for <tls@mail2.ietf.org>; Wed, 1 Jul 2026 02:44:44 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4C67310B78E48 for <tls@ietf.org>; Wed, 1 Jul 2026 02:44:44 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-5aeba09900bso396026e87.2 for <tls@ietf.org>; Wed, 01 Jul 2026 02:44:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1782899083; cv=none; d=google.com; s=arc-20260327; b=GWb55NKUzPbTdpNc1VItkxyoaCYGTDRMQyMCEuF90YscHMn2ji4eh18rLJQ/HLONXr H4yBSkTuHaZw4NhhjixeOh5NTz+mHg7KW+BP4eYf3SLi0/YJE3Ju7YbPmVE//Mb0IrAn wFylyNBZI6qDKNrf+Y+d53rt2p1fJbUaAb5pu259QDIVCAK6iB1h7rI20WXJIiB5bVi9 WDjXwD4CfLtApqpU6wdTf58rwzLxAOdXdla6LQ+Fb3xju+x3olIJI19axW1tD2slOY7F oByjNelLyHWabYhPxYx02ioI5A91FdPkSWmaDQba5eCXHlEDq0Vc2PVHlK7f+4jDD7IT fcfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Dyx99k5vB1ZgjzLtOZ9e4UH3lUAJJRdotZ0rmjOCv44=; fh=xAG10IiJPP4GOmlOfCntepTVUPXOLNYiPXFwzwy9dzI=; b=AZuiUOTVdEoT7YTiJlVZgQl41PialIiJBqYf5gseMbjXLDOw1UxD2/nfbH5Hdqgb7q UYGJmN/ehTYgneK0F+oLrgQlMzaeeetb9jmlCRPbBjh9zbbJIWJETrpDjPIW6GLk+SsS BmUI31ocaJCD2pHh22WhA0wadiQOBjWFF2aef7O03uK9hnQkdUnDTvuFeBu3++ThTZHV Kt4QH6iqz33+rRsBZsFiz7pyO91eCBBoDAEuc14MS1cxmx9ePXwMWBrzSn5oTiFaxBRV N2F09SXfDHLM3zFxSj8sDDXhXvhi1OBD/vB0MiHx0U7nVEfH6poaY1wuFrG/xInlak+6 f+GQ==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782899083; x=1783503883; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Dyx99k5vB1ZgjzLtOZ9e4UH3lUAJJRdotZ0rmjOCv44=; b=GlyB8an+yUF2h4uxPlMglcZwSp0P/wUCbPNefuJK34zQhApSyC/upA9i+zo7XCQqoT qEcJ0IffHV2iaz0xVLrkDWTooM4IUrFa5G+piYsRhq30AbLDVg5GgalT0/EgyFunw6hJ MmxV38FKkgpEP/YAeP/hB0xEBthJjj/0F2fTUMbfamOrjIGVzVDhxp4gsuTFYsPGhnVW Bh3GQ9hsDhYO6lopXsVivV13STK8NcG83Q2xmQ3WWQoR9XuNiWH5cVaHh3k3ZHirZQTK jwFVIQrsgoT+Jv9xxt2O9PU4MZ/AE5z400VFgwGrjr8L8i0wmWebKF7ia/1KKAmVhNIR pEEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782899083; x=1783503883; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Dyx99k5vB1ZgjzLtOZ9e4UH3lUAJJRdotZ0rmjOCv44=; b=IKEBh36LPTsv8iBnUG7JQqi/HMPS2bCVoosjqbEeXot1wCh0OOC/sQYOIHtkZHb1q3 pJpl3vgJqQmRMc1LYJjWRXBYkTAizhBUJOWmYl96V1fcMEtEtZexMuJPou0gn1rVwT7C 2hda1zAFQtn1esb+snvqpgk1VNkJDXMGTlAssk/hEPqQ0Se0MDxuU4557i5czf7cfToV wz8rn4oDaoyyWzDvdSAoX37YNN4NPrZm8PdEQ0wLl9eOm1I3xXu3qmyglhrrWJHaS3Fy mMryAnug5iOT68yJDdGBsmG/3x3h4MGDdR3dB8otIUrHLZkvlHqAXF4phUyeiB+E9s0h tbOw==
X-Gm-Message-State: AOJu0Yz+N/jww6Gh2OoQdHT4AzUe9D9H9FI9Ype95f3fumydLoq4mee+ 2hMxzLhR8dkllqJMA+hqmS3y5067LansHaQR1zP+WLqLm0mci463pUG2AOraEwNP6WO3S6t+yxa kFfoQGIJDM8nIzyXr48mNDkHB60xzpFLxOA==
X-Gm-Gg: AfdE7cm9uL4QJ15hTiOrdjVDUfbEPEvmFvmneMIJLGCSqWzR4VHCEcWhSZawOI+uKAg SAqfcOWNOR53WNwn39ZkplSVSre2JDn0HxbLS4WvophBhoujzYnWtQrOikVqDK7d0Vvtc8CJhRj h+TYJznQw54XjZqvjqAI6TQMoNJS264QDzBIm5Kj6m7gxzZztuwUrVLTgqGSmM4hgl0MuHBlj9y wB/sQXJgWgvm+q6m2U0sZG5jHzKVpOmRMSxjsDarAJb9U2OBmNmXCKzx/hxMkYOyl+Nbcadg5MS XW4QegkgF/OMEQrZ03i9/2LVtXGBNekKBIs9f6tH3HgO+OSXh44YHQ9MrA==
X-Received: by 2002:a05:6512:350c:b0:5ae:b969:417d with SMTP id 2adb3069b0e04-5aec6762a8cmr231272e87.0.1782899082840; Wed, 01 Jul 2026 02:44:42 -0700 (PDT)
MIME-Version: 1.0
References: <178231320760.1520243.5914961961176039994@dt-datatracker-f9b87776f-8pmmg>
In-Reply-To: <178231320760.1520243.5914961961176039994@dt-datatracker-f9b87776f-8pmmg>
From: David Stainton <dstainton415@gmail.com>
Date: Wed, 01 Jul 2026 11:44:30 +0200
X-Gm-Features: AVVi8CdCfixo6IwmT0Emnjt9hIUuZvOgv5n_VAjR2r4B4kdfisy_YHrN8J2JYO0
Message-ID: <CAFN1edprLwHGrTP+45A+4O9G5jxpjU8p0Y_btj=JmTqdNhuyGQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000080cf370655898a80"
Message-ID-Hash: GKSRDQWUUY4VYHLQ2KHENC7YCH6X6BGC
X-Message-ID-Hash: GKSRDQWUUY4VYHLQ2KHENC7YCH6X6BGC
X-MailFrom: dstainton415@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TodOftD9_5f-YdLvkpNor1lo6s4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I object to the publication of this document.

My concern is that the solo pq draft specifying use of only ML-KEM places
all confidentiality on a single primitive whereas if we use a secure KEM
combiner then total compromise requires breaking both primitives.

In my estimation it would put people's lives in jeopardy if this document
were published because many manufacturers/implementers would end up
implementing it just to be complete. Some of them would even make it their
default.

I understand the other side's argument that blocking publication of the
document may slow down pq adoption. That's fine with me if those venders
were going to be implementing the solo pq design.

Sincerely,
David