[TLS] Re: [EXT] RE: Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 30 June 2026 09:19 UTC

Return-Path: <prvs=3641cf0f0e=uri@ll.mit.edu>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 57A9610A94248 for <tls@mail2.ietf.org>; Tue, 30 Jun 2026 02:19:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782811140; bh=AQhInpi4/Dx1MA1oxcDo+cVHtjwyOxhO81n6T0XYyww=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=NLLEPtlPeYHY75VYiWyOWQb+nB6w5hwV7rzIhZ0eXZhLxfYwajtyUPpQeAo489nZK F3DUGxqG3s8egDceEUA8cjxXxWV7FIUtUVBtxebrLzav99coBFWDPLkGoLFUhnsEPH jVn928sfYSBjXs9waQvePhsMtCOXgq+mQIbwezmY=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.584
X-Spam-Level:
X-Spam-Status: No, score=-2.584 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, TRACKER_ID=0.1, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ll.mit.edu
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzGeCU5pLrM1 for <tls@mail2.ietf.org>; Tue, 30 Jun 2026 02:18:59 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) by mail2.ietf.org (Postfix) with ESMTP id 1F7EA10A941B6 for <tls@ietf.org>; Tue, 30 Jun 2026 02:18:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ll.mit.edu; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=dkim3; bh=01Rdg/NDSj9icpvHTZfOrWX4cdVW tfY7hh7DQ3c8USw=; b=NiAzj8RVXld2nEATxJWuDKrNGr+dkQHTPAAn3gXgnpts ICcofZ1WuuiwTDg8Z6uSnCQC2UMOyROIWl+oHrZ3zH2edYd0GU8ElLLOlFschDwr 8U92toJANaY5K2SFe8AuRqliunGh3BvrM12KK5fcqKivGPhyd+gcNb8xCTovTW+s bdh7cJhhxTpICTau7ot227OmcKUSrUAMGusmZ+gxr1tnw8U4LsygR1/ZXVBjC+fx 97i2+d9AvRUTGkSLctwtgSBgr0e59v/2sdYY6CuHAeSYxuHWXrgieu9CL0BHEk3L adZlZIKuXwhHZOvYqS9iuemWIGwsGbhzj+Ss3LKumg==
Received: from LLEX2019-02.mitll.ad.local (llex2019-02.llan.ll.mit.edu [172.25.4.98] (may be forged)) by MX3.LL.MIT.EDU (8.18.1.7/8.18.1.7) with ESMTPS id 65U9IrRg045400 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 30 Jun 2026 05:18:53 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Owee1HmF2q8f0fLtZWsqWpaSU23Pux0vgdQ4cim7rdPoX0lAmzrav94cBHOOXU6SCm8OC/06Z33pn01ywoKXthKuMnak6awn1w6++kHICBZoleGgvOThSaVQs3JGyZJrlfaufEfDC/4JuVS/YlTHa+GYsfjEs8gQN8uMRgxVWD924zuYCPTWWP3cwZwMZiNVchXKblAq+llN+hWKaIPIOk/1D5iJnGxBKp/I8HQfJFXiNMmsvaJKOZPugt2kjsEhNYH2y1D2MgLxQiivN+08feR9hdFJ25SNgrVxP/w0KFxe7nkOi43Tcd8GZ6U4Hgv2x3eQD+5XByI8eRnbwrOc5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=01Rdg/NDSj9icpvHTZfOrWX4cdVWtfY7hh7DQ3c8USw=; b=N7RPemWWUF+XqzBF3rtkdKfrJ2UYAoJvPzWL8a/FfrmHey0HZVVNilRUHXH29AbGG0s2BlZVDsC1XWG6yIoOmS1qYrAXMYWQxOqKqdeg25zJJJd4LqbH5dpqDKQh7u/qt4KWIGsz4hf+WNM4Iy9hAdZIiSM7KOQFYDrp0pK02LTgawEcJZXwPvxZY0tpVHIS+BUZnhO1dHUvAKpIPPW9IldvLtaZp2vW+oXuFwLvIiFXdRFSvf5k3C3sdkETPWd1xqyQLU9iUXypdGLt2jldi0fnxinAoM6aPXSV34BFUYObb2xHAI3fVPRrdCw4WswQZW850RH6Dkgccpx7JMzNrw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Yaakov Stein <ystein@allot.com>
Thread-Topic: [EXT] RE: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)
Thread-Index: AQHdB9tJ+qkU420l4UKBWRURRmE8c7ZVrdWdgAEikwCAAALAgA==
Date: Tue, 30 Jun 2026 09:18:50 +0000
Message-ID: <C81BB256-2183-4C5F-917B-B03C889277A9@ll.mit.edu>
References: <GV1PR08MB734688DEF290C4C19EF1263BD3F72@GV1PR08MB7346.eurprd08.prod.outlook.com>
In-Reply-To: <GV1PR08MB734688DEF290C4C19EF1263BD3F72@GV1PR08MB7346.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB2009:EE_
x-ms-office365-filtering-correlation-id: a7186ad6-e462-44e1-e9c9-08ded68898fd
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|10070799003|23010399003|6049299003|366016|1800799024|56012099006|38070700021|4053099003|18002099003|22082099003|4013099003|8096899003;
x-microsoft-antispam-message-info: zGqa8EtX4sCwSSvZZKubI7SAQlfOERuy88hZyxIM3++GRONWQecFKE88XHWbUBSRdNrSc9yaR26fc310ndyzWKeyn/P1CVA5FyQs8Ny2xFCZPG/f2Nz3qCpa0sCgqtTddk4w7afp0T2mQzJ8vhQPyYtj1dsgQk/pAB+1DrnA0T4JdTqTF8gPv89n9dW1WI1mJfirXZlUQ2uMvnwXwKAmsl1mpadenu5djoUzji1n3hyASrb8YDsrYZq85WTPvAX+XYgDXXCLLz0up0RAGvVLRvXPS9yW7iif7ZlHSeGfxfpkweDJti8ZfHSIWhdBykQD29vW/SufEU1zHYhqkNJWRekh/5SijLN1XRusH95nUB2jYQlzzknqMUGDHD9sEoo9ag2Zkpag4vsFplNJ9Ci7ddIMiSMsnrQcbLeBaorvP6PQ1LgfE7jC8yuVtxUXd01pa+KRAd24SDnPUs6hCX0Jgzby4V/05LsSiPVUbg9IvdxIieI24FC6jAjnN9qYdlcOHXeATqJ4HfB+a8ziCp1gOKK6fsTgasSZqkWLCJ9ZVOeorgvxwJUc31lfgB7dYpsjyPSqgDJ00N5KhoyS2x4vdQa74VdWEl2yWfHkMPPBXM8SMrguVj3/6bCxkX8qpGqRlMFoy4o40S/f8lioIGwvBY1XnBrxvdgzxCeoxW6ljTaIpsZBeG+KIHPTmnr8ayfNczHQIulC+fiiC16/VcbBQ6F+gyKPvVrZfBd0wPGbFYI=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(10070799003)(23010399003)(6049299003)(366016)(1800799024)(56012099006)(38070700021)(4053099003)(18002099003)(22082099003)(4013099003)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 0RnyRvD7Sw5YYt3QiAW0JrumuYi/V2qb9loYf6rDJ+qNWCPKByIRvp9gWL258QGsJExgXnnHx5k6Ro0R4d3M7AKv/MuNCTVxU8QJXMZ1Lk61vl7wdUTnd8O2y7QuRDcSxtwOmvJqJHkKEAH0J24NCvne4s1y+S4I4KWmtMTFoBIs7KBlZ3u+ZFtTumBIA2uU44noiwBw/DHQxBJ3RDlMU1Id1l7wyfa5QoaCzBiQH+SNuRXA7d7UzFRKzY92kKU3oROVaFbiDKI1d61mtDX6Rpjo1TJNwLw9bugjOnP9fbKHVI4rJVMBQT4PidJPWtznoT6MqCG3GW1H0BeogNRCyIm4P5RicCbo8eXtElRzOIFGTYR5Csl4yHe/eR9Zj+7Iyqb2+KYZoBgBE32QFpHN6aUiRrQfitmPtcATOYNNXVjlplt7L1SZHi3J7wDz+N7oHsoe20vJL8sjohNOZz3NDJHEhK8mm2MF3GWJH5paO2NVUJ81o3fkG19fI1khfyCTYUREu25FOVVUXN1aOgyCB/Z2j4pmzGmCPTVAubBafF5sRdGWsjgDFw3DxUGYbQMGDHWeCSfNFTxynh8AqqZs4//oQtwUujjpkmk0h8RtE+gmVLBt6P9F8LkWsVB2kNVPdfuqxRWOzBNckzxbalG9En03A3ui9MtdXLyPXaE1mzdGmyNFeRbXI08lHGjgaEy2erKhe+DOC+sg+mvgY1ZEBwlzVPcv5zupFKMoThomI+EkeXa6AcZTkWg95CW056VCZrmMB0M3NYmCiU+7zbSeLqjkhpOm6SLQCRgpRgXECigxnZmyqO1xcc51SBIbiazwQuZfXolxGFXm3d0uJ783DS2XxJ3jvijtBvgp+ETxqTRv3wqIKre+fHs6Dq4vpCwtU3nVCFrgKHlN+02FwIIc6IhAHfNrVmNt6ew/8VsjYaWYEcnP8uy+rljKOlUeP2Zc8FYNUs04QHFW56GgSjD/sIUf9LX3Vlu3pnzIdStS5Fu2/qOhWchaurDPflGwRbEvJ23oA89vYaam8wti9EeLfEtuu8fiImeaMwoAtNuHQNyerTeaMRMORGRmLJF1QDcPovWcTxRimiF/vboZgBjJqUXkb68KUXe2Ay7K2Kta2HJ38pcLQBUEGPiZYecc5YOssbhoJl/NatjgAdOSeXTmc7LKa8lK/wNL3ssbkCDkeY61/XoEBu7+OqOiKA6OOx13T+j4Dd2AZFO9+s4Y5L7bJplkjBiJhKRKlsjpxPHGyQJpAZ74XudelvJoul13uDBMxNW5Er9+7FKLMkoRwpvGjl6oX1iiMQZjQtIk1Nty65gVEsewQ0+Tf6YkGkeHkuc5J0k4vT6GS9oqKPPv63KqToR7URgJVGpov82VWDPHBkdVCyJt/YYSppae/AzXUK1oMLMBoIgCUX3b9Hv2WGG1s2/EMDPavUD6uLtZJqqWCUXdzZ6bzmRH8W3K5j2vzC7DjHKHxkDhm4WFk7TMg3RPAnuNyEC0m2AFcLRoO7UT6nZFUgpgsj99RpJOqC4X9HYZ
Content-Type: multipart/signed; boundary="Apple-Mail-F5CE81EA-05A0-4DB1-99E9-3CEE988BDC7C"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a7186ad6-e462-44e1-e9c9-08ded68898fd
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2026 09:18:50.3357 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB2009
X-Proofpoint-GUID: ljDEYKok1B318QqvLRP-olNd2hUg5VeL
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNjMwMDA4MiBTYWx0ZWRfX5nT0GUtJeFOX bKGaEjDYktIjgEJX3dWi8vao9TuPCT+PO76OjjqSBNyLUk00QVMgm06ded8QjLTLMTCGTFBc90M 1FPWmSBv9tQF1h3ZQt3pd50e3RorILmhZPY85b5RPsxwyh1HaZGNO+nCFM/e+wpsdZzJjxx4T3X 6dAgXOp4RywE8Czx+5W/pUzoZp8LM6KHN6IxM2ZGcCsvtt7QfO6V9Vi/3hN42YxMhndCexUqNRJ +rHNCf7pp+CJmmhk4n5o6jHFMLID07VVmEv7xGfMBhDEGLzfkoWkXU48DPv2jNTjHaBAt0fc8yH wAKJLcPZlqvvLMZNfjKKizABJeifXoLzAzLoiQ/WEJT3AktplL4YhUDoYeM4o9zlhKGpLPypH1o ELPgjBGi/CBc8/FE+nafxXeTPL5Ufg==
X-Proofpoint-Spam-Info: AW1haW4tMjYwNjMwMDA4MiBTYWx0ZWRfX7Q+FnWo3FOxZ HpPG5g91UoFxHE4ktZvWaWFURKdNszxb4aO1+9J70liQGaYRGce7I0vHL3TeHnNq4v5vagloSw6 nAJEwJ7FNz3Fkg3VEdXmwrVDH2yWzDZzbpNkZef+V5S0Xoil5IAI
X-Proofpoint-ORIG-GUID: ljDEYKok1B318QqvLRP-olNd2hUg5VeL
X-Authority-Analysis: v=2.4 cv=da6wG3Xe c=1 sm=1 tr=0 ts=6a4389fe cx=c_pps a=nMRZKKk9TE9jnVKm5NW3pg==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=FelO9ux0wxsA:10 a=VkNPw1HP01LnGYTKEx00:22 a=6J-vbcjw2OQC1sJBszXA:22 a=0bWFOBTDAHS_4l02IRiL:22 a=-MFj89YMAAAA:8 a=48vgC7mUAAAA:8 a=Hru0fLHSqeHtabDfNGoA:9 a=QEXdDO2ut3YA:10 a=HZcbvzxzw3XcVQJa18UA:9 a=tqdMzFhGG8mD8GCBlf4leDhY3gs=:19 a=sTxRpBpiy98KL1WkT8X2XIWo+SM=:19 a=1jnkJn08d7DFLnlE:21 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=_W_S_7VecoQA:10 a=iGN-unowDNf44prktAgA:9 a=ZVk8-NSrHBgA:10 a=30ssDGKg3p0A:10 a=p9VAUSbVINfbqoCsndKF:22
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.125,FMLib:17.12.100.49 definitions=2026-06-30_02,2026-06-26_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 spamscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2606160000 definitions=main-2606300082
Message-ID-Hash: MWJOB74D5J2EOFEXQXSM5RI2WDSQNFEI
X-Message-ID-Hash: MWJOB74D5J2EOFEXQXSM5RI2WDSQNFEI
X-MailFrom: prvs=3641cf0f0e=uri@ll.mit.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXT] RE: Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZjLopKjHGn-kJUfdBZNVWcZE8AQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hybrid and Pure have different risk profiles and trade-offs. It makes sense to let the user pick what suits best. That has been the traditional approach at IETF (being around for 20+ years, you should know), until some individual(s) with “holier than thou” attitude started insisting on “only my way is good enough - forbid everything else”.

Thus, while I agree that the two original statements can sound confusing - they do make sense (to me, at least).
—
Regards,
Uri

Secure Resilient Systems and Technologies
MIT Lincoln Laboratory

> On Jun 30, 2026, at 05:09, Yaakov Stein <ystein@allot.com> wrote:
> 
> 
> This Message Is From an External Sender
> This message came from outside the Laboratory.
> Uri,
>  
> I think you missed my point.
>  
> The statement made was
> hybrid is LESS secure (so pure ML-KEM should be used)
> he doesn’t support publishing pure ML-KEM (so hybrid should be used).
>  
> I was just a bit confused about how these two statements are to be reconciled.
>  
> Y(J)S
>  
> From: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
> Sent: Monday, June 29, 2026 6:52 PM
> To: Yaakov Stein <ystein@allot.com>; tls@ietf.org
> Subject: Re: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)
>  
> >> * For the time being, hybrid cryptography appears clearly less secure than solo post-quantum cryptography
> >>  I do not support the publication of this document.
>  >
> > Less secure but should be used ?
>  
> Hybrid will always be less secure, if (a) you agree that CRQC is coming, and (b) your data will remain sensitive through that time.
>  
> Therefore, IMHO it should not be used — but unlike some others on this list, I want those who have reasons to use Hybrid, to be able to do so, without having to convince me that they truly really want/need it.
> This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.