I support publishing the document, with the groups as currently defined. Windows TLS stack will likely support (not enable by default) all 3.
Cheers, Andrei From: David Benjamin <[email protected]> Sent: Friday, October 10, 2025 2:31 PM To: Joseph Salowey <[email protected]> Cc: <[email protected]> <[email protected]> Subject: [EXTERNAL] [TLS] Re: Working Group Last Call for Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3 I support publishing the document. Of the options in there, X25519MLKEM768 is the one that Chrome has shipped. I'm not going to cast any votes either way on the question of recommended status, pure vs hybrids, and all the other distractions. I do not think it makes sense to try to add more options to this draft. More options can always go in another draft, though I'll echo Bas's note that too many options is a bad thing, and especially so for key shares due to how TLS 1.3 works. I do hope that, in the long run, key share prediction will soften that, but that's not the status today. On Tue, Oct 7, 2025 at 9:47 AM Joseph Salowey <[email protected]<mailto:[email protected]>> wrote: This is the working group last call for Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3. Please review draft-ietf-tls-ecdhe-mlkem [1] and reply to this thread indicating if you think it is ready for publication or not. If you do not think it is ready please indicate why. This call will end on October 22, 2025. Please note that during the WG adoption call, Dan Bernstein pointed out some potential IPR (see [2]), but no IPR disclosure has been made in accordance with BCP 79. Additional information is provided here; see [3]. BCP 79 makes this important point: (b) The IETF, following normal processes, can decide to use technology for which IPR disclosures have been made if it decides that such a use is warranted. WG members can take this information into account during the working group last call. Reminder: This working group last call has nothing to do with picking the mandatory-to-implement cipher suites in TLS. Cheers, Joe & Sean [1] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ [2] https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/ [3] https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/ _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
