Hi, I supported adoption of draft-kwiatkowski-tls-ecdhe-mlkem in the belief that reuse of ephemeral keys were forbidden, which aligns with NIST requirements for ECDHE and DHE. I am strongly against any reuse of ephemeral private keys [1]. The reasons to not reuse ephemeral keys is much stronger for standalone ML-KEM than for X25519MLKEM768 and the benefit of reuse is much smaller.
I support adoption as long as reuse of ephemeral keys is normatively forbidden, i.e. MUST NOT reuse. [1] https://csrc.nist.gov/csrc/media/Presentations/2025/ml-kem-is-great/images-media/ml-kem-is-great.pdf Cheers, John From: Sean Turner <s...@sn3rd.com> Date: Tuesday, 1 April 2025 at 14:59 To: TLS List <tls@ietf.org> Subject: [TLS] WG Adoption Call for ML-KEM Post-Quantum Key Agreement for TLS 1.3 We are continuing with our pre-announced tranche of WG adoption calls; see [0] for more information. This time we are issuing a WG adoption call for the ML-KEM Post-Quantum Key Agreement for TLS 1.3 I-D [1]. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this draft, please send a message to the list and indicate why. This call will close at 2359 UTC on 15 April 2025. In response to other WG adoption calls, Dan Bernstein pointed out some potential IPR (see [2]), but no IPR disclosure has been made in accordance with BCP 79. Additional information is provided here; see [3]. BCP 79 makes this important point: (b) The IETF, following normal processes, can decide to use technology for which IPR disclosures have been made if it decides that such a use is warranted. WG members can take this information into account during this adoption call to determine if we should adopt these drafts. Reminder: This call for adoption has nothing to do with picking the mandatory-to-implement cipher suites in TLS. Cheers, Joe and Sean [0] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Ftls%2FKMOTm_lE5OIAKG8_chDlRKuav7c%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb95be5cdb7a740b1ecf808dd711d0917%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638791091716381034%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=VGRKPc4EhAYAyblhPzhr8ZhoSWUReRzWzchR07dqyPI%3D&reserved=0<https://mailarchive.ietf.org/arch/msg/tls/KMOTm_lE5OIAKG8_chDlRKuav7c/> [1] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-connolly-tls-mlkem-key-agreement%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb95be5cdb7a740b1ecf808dd711d0917%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638791091716399831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=n4qJEjHfBuRbYD2Jp7uxMk1skKeKD2omQuBAsABEnHU%3D&reserved=0<https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/> [2] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Ftls%2Fmt4_p95NZv8duZIJvJPdZV90-ZU%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb95be5cdb7a740b1ecf808dd711d0917%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638791091716415373%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=eJSFphFAjdlrsacqGFajd5B83uuUfFxl7pxRIJnUQPE%3D&reserved=0<https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/> [3] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fspasm%2FGKFhHfBeCgf8hQQvhUcyOJ6M-kI%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb95be5cdb7a740b1ecf808dd711d0917%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638791091716427807%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OwCvi8mbqg8i4%2FW9jpjEA8nhSlHGvNjnBRb5pqQMY1E%3D&reserved=0<https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/> _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
