Having read the full PR, the transcript looks accurate to me, and I agree with the decision of rejecting it, consistently with the adoption call's rough consensus.
D is for "weak cryptographic algorithms" <https://www.ietf.org/archive/id/draft-ietf-tls-rfc8447bis-15.html#section-3> and there is no evidence of ML-KEM being weak. 2025-11-04 10:00 GMT+01:00 Bellebaum, Thomas <[email protected]>: > To the chairs and members of the TLS WG, > > yesterday's TLS session included a brief update on draft-ietf-tls-mlkem, in > which a PR of mine [1] (it is a quick read, please go ahead) was grossly > misrepresented [0] and subsequently closed. > > Here is a transcript of the notes on the slide (excluding only a link to [1]): > > > - Changes Recommended = N to Recommended = D > > - Does not align with `-ecdhe-mlkem` > > - Would require IETF Standards Action with Expert Review or IESG Approval > > - Would group ML-KEM with NULL ciphers, RC4, DES, EXPORT ciphers, MD5, etc > > No justification why that is done, and no mention of the very explicit main > goal of the PR. > The reader would be forgiven to think this is a three-line PR. > > The actual PR adds closer to 50 lines [2] and addresses some of the very > valid concerns raised during the adoption call, specifically that for the > average application a hybrid is to be preferred. It is very specific about > only changing N to D as a means to communicate the risks involved with > non-hybrids. > > I ask that the PR be reopened and discussed on factual terms, preferably on > list where people can participate in the discussion. > > -- TBB > > PS: The technical issue here is not new and many on the list took issue with > it during the WG adoption call. After the call I said that (unlike other > participants) I will not appeal the adoption decision based on the > possibility to participate in the document's text as part of normal WG > activities. In fact, Paul Wouters brought additional security considerations > up last weekend as part of his evaluation following an appeal [3]. Waking up > one morning and discovering that not only have any changes been rejected with > little to no factual discussion of their merits, but also hearing the speaker > talk about "the only open issue before we do (maybe) a WGLC" feels like a > straight up slap in the face, if you please excuse the language there. > > [0] https://youtu.be/zTAuEx9Otys?si=5hllRBXbjkkG1E8o&t=1909 > [1] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6 > [2] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6/files > [3] https://mailarchive.ietf.org/arch/msg/tls/dzPT8KQe4S-_pZROLUJMvS9pM0M/ > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > *Attachments:* > • smime.p7s
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
