Hi Deirdre, all,

Thank you for addressing all my technical objections in -08. I have closed the remaining last issue [0].

On 24.06.26 17:00, Joseph Salowey via Datatracker wrote:
The main question before the working group is: "Should the working group publish a 
document specifying stand alone ML-KEM?".

I have 'no opinion' on this question and WGLC.

- Promotion of Hybrids in draft-ietf-tls-ecdhe-mlkem: Following a separate 
consensus call, the WG agreed to promote the X25519MLKEM768 hybrid group to 
Recommended: Y in the IANA registry. Consequently, the IANA registry will 
reflect a clear community preference for a hybrid because Recommended: Y 
clearly indicates this while the standalone ML-KEM groups defined in this draft 
remain Recommended: N. The updated security considerations in [1] reference the 
IANA registry to emphasize this preference.

- Key Share Reuse Prohibited in draft-ietf-tls-rfc8446bis: The WG recently 
reached consensus to explicitly prohibit key share reuse across connections in 
TLS 1.3. The new text changes the guidance from SHOULD NOT to a strict MUST 
NOT. This resolves the concerns regarding static key reuse and its associated 
privacy and forward-secrecy risks for ML-KEM.

- Nadim updated the ProVerif model of TLS 1.3 to evaluate KEM and hybrid KEM 
groups in TLS 1.3. This supports other results which show that KEMs are secure 
when used in TLS 1.3 and that hybrid groups are secure even if one of the 
components is compromised.

Thanks a lot for all the above three.

Best regards,

-Usama

[0] https://github.com/tlswg/draft-ietf-tls-mlkem/issues/18

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to