OFFICIAL Hi,
I support publication of this document. I have a few nits, which aren't blockers but may be useful to tweak for clarity: 4.3 - "The shared secret output from the ML-KEM Encaps and Decaps algorithms over the appropriate keypair and ciphertext results in the same shared secret shared_secret as its honest peer," This was a little unclear to me because the beginning is talking about both peers and the end seems to be focused on one. I think something like the following would be clearer "Using the pk, sk pair generated from a KeyGen algorithm, the shared secret output, shared_secret, from the ML-KEM Encaps algorithm is the same as the output, shared_secret, of the ML-KEM Decaps algorithm". 5.1 - Other IETF drafts on this topic use IND-CCA2 rather than IND-CCA. I don't think it really matters, but I mention it here for consistency's case. Perhaps you could add a note that IND-CCA means IND-CCA2 here? 5.2 - There's an extra "the" in the first line. Also this section doesn't make sense to me - too many "ares" in one sentence. Could this be rephrased? Thanks, Flo Flo D - UK NCSC OFFICIAL -----Original Message----- From: Sean Turner via Datatracker <[email protected]> Sent: 05 November 2025 18:51 To: [email protected]; [email protected]; [email protected] Subject: [TLS] WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26) Subject: WG Last Call: draft-ietf-tls-mlkem-05 (Ends 2025-11-26) This message starts a 3-week WG Last Call for this document. Abstract: This memo defines ML-KEM-512, ML-KEM-768, and ML-KEM-1024 as NamedGroups and and registers IANA values in the TLS Supported Groups registry for use in TLS 1.3 to achieve post-quantum (PQ) key establishment. File can be retrieved from: https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/ Please review and indicate your support or objection to proceed with the publication of this document by replying to this email keeping [email protected] in copy. Objections should be motivated and suggestions to resolve them are highly appreciated. Authors, and WG participants in general, are reminded again of the Intellectual Property Rights (IPR) disclosure obligations described in BCP 79 [1]. Appropriate IPR disclosures required for full conformance with the provisions of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any. Sanctions available for application to violators of IETF IPR Policy can be found at [3]. Thank you. [1] https://datatracker.ietf.org/doc/bcp78/ [2] https://datatracker.ietf.org/doc/bcp79/ [3] https://datatracker.ietf.org/doc/rfc6701/ _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
