Hi Muhammad, Your PR #22 is a duplicate of #20, please close it.
Nadim Kobeissi Symbolic Software • https://symbolic.software > On 8 Jun 2026, at 1:05 AM, Muhammad Usama Sardar > <[email protected]> wrote: > > Hi all, > > TL;DR: I have proposed 2 small PRs [0,1]. If these PRs are merged and a quick > FATT review [2] is done, I think I will no longer be opposed to the draft. I > would be fine with some wordsmithing which does not change the meaning > substantially. > > > > FWIW, I think we need to separate two different things here: > > Preference of hybrids: I believe there is already WG consensus on this via > "recommended" field: See PR [0]. > Formal proof: See John's 4 points below and PR [1] > > >> 1. KEM-based key exchange in TLS 1.3 is secure. >> 2. Hybrid key exchange following draft-ietf-tls-hybrid-design remains secure >> unless both components are broken simultaneously. >> 3. A compromise of the key exchange also compromises handshake >> authentication, not just confidentiality. > See PR [1] >> >> 4. Key share reuse breaks forward secrecy. > I think 4 is not needed because we already forbid key reuse by 8446bis, which > is normatively cited in this draft. > > > > >> And even then, we’d have to say “A machine-checked symbolic analysis done by >> an individual” > People doing formal analysis are very limited. IMHO, we should not discourage > the works of individuals by saying words like that. I believe right process > is to get it checked by FATT [2]. > > > > Best regards, > > -Usama > > > > [0] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/21 > > [1] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/22 > > [2] https://github.com/tlswg/tls-fatt#working-group-last-call-wglc > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
