[TLS] Re: [EXTERNAL] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

Fri, 17 Oct 2025 17:29:02 -0700 

If you are fine with ML-KEM, you should be able to use it on its own.
That's it.

On Fri, Oct 10, 2025, 4:17 PM Rob Sayre <[email protected]> wrote:

> Hi,
>
> Alright, but that's the issue. I hope we can stick to that point.
>
> "migrating beyond hybrids and for users that need to be fully
> post-quantum."
>
> Where does the need to be solely PQ arise? Is it weaker in some way to use
> a hybrid?
>
> thanks,
> Rob
>
>
> On Fri, Oct 10, 2025 at 1:10 PM Deirdre Connolly <[email protected]>
> wrote:
>
>>
>> https://www.ietf.org/archive/id/draft-ietf-tls-mlkem-04.html#name-motivation
>>
>>
>> https://www.ietf.org/archive/id/draft-becker-cnsa2-tls-profile-02.html#name-the-commercial-national-sec
>>
>> On Fri, Oct 10, 2025 at 4:07 PM Rob Sayre <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> That does not answer my question: why?
>>>
>>> The hybrid draft has a rationale:
>>>
>>>
>>> https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-16#name-motivation-for-use-of-hybri
>>>
>>> thanks,
>>> Rob
>>>
>>> On Fri, Oct 10, 2025 at 1:02 PM Deirdre Connolly <
>>> [email protected]> wrote:
>>>
>>>> The drafts and the profile currently do not make Recommendations or
>>>> MTI's, they make the options available; ekr has now raised promoting one
>>>> hybrid option as Recommended = Y. Not everyone can or should use the same
>>>> options, we have a diversity of curves for example
>>>>
>>>> On Fri, Oct 10, 2025 at 3:56 PM Rob Sayre <[email protected]> wrote:
>>>>
>>>>> On Fri, Oct 10, 2025 at 12:33 PM Deirdre Connolly <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> CNSA 2.0 does not support hybrids in general, and their TLS profile
>>>>>> only supports ML-KEM-1024:
>>>>>> https://datatracker.ietf.org/doc/draft-becker-cnsa2-tls-profile/
>>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> But why is that? See this thread from the IETF general list:
>>>>>
>>>>> https://mailarchive.ietf.org/arch/msg/ietf/Xei2iDOk6zorD4oFnLoJ5mAdkdQ/
>>>>>
>>>>>
>>>>> As pointed out in that thread, all of these drafts seem to conflict
>>>>> with the rationale in draft-ietf-tls-hybrid-design.
>>>>>
>>>>> thanks,
>>>>> Rob
>>>>>
>>>>>

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to