The two independent layers is all about implementation, not cryptography.  If 
you look at the more detailed solutions that implement two layers you'll see 
separate boxes with firewalls,  intrusion detection, etc. placed between them. 
That concept is orthogonal to a discussion of multiple algorithms.

Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: Ken Kubota <[email protected]>
Sent: Tuesday, July 7, 2026 5:47:51 PM
To: William Layton (GOV) <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: [TLS] WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)

Why the apparent change of position?

In this PDF document, the NSA consistently requires the exact opposite: a 
hybrid approach (two tunnels/layers).

"The security against a passive attack targeting Data in Transit
(DiT) across Public Black networks is provided by the layered
encryption of two independent tunnels (Inner and Outer)
using a specific selection of security protocols as instructed
in each CP. The two independent Encryption Components
provide confidentiality and high-level assurance for the
solution, because the adversary should never be able to
exploit a single cryptographic implementation to
compromise both tunnels.

Two layers of Data at Rest (DAR) Commercial National Security
Algorithm (CNSA) encryption are employed to provide
confidentiality and mitigate passive attacks of stored data.
The DAR components are independent in a number of ways
to mitigate the ability of an adversary to exploit a single
cryptographic implementation to compromise both layers."

This document is available at: 
https://web.archive.org/web/20260425180701/https://www.nsa.gov/portals/75/documents/resources/everyone/csfc/threat-prevention.pdf

It is also still available on the NSA website.

Originally referenced in: 
https://mailarchive.ietf.org/arch/msg/spasm/ytjNpbERE-YgKw-7c_w-ZRUA1Fw/

The questions raised there remained unanswered: 
https://mailarchive.ietf.org/arch/msg/spasm/WJMl6inph8t8m898kcBzhpWZC0o/

Kind regards,

Ken Kubota

____________________________________________________

Ken Kubota
https://doi.org/10.4444/100



Am 07.07.2026 um 22:08 schrieb [email protected] 
<[email protected]>:

I support publication.

Implementors will make their own decisions. This algorithm choice looks likely 
to be implemented in multiple places, so having clear documentation of both 
security considerations and technical details (as provided by the draft) is 
worthwhile for those who might choose to use it.

-Bill
_______________________________________________
TLS mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to [email protected]<mailto:[email protected]>


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to