I don't think the TLS WG should publish this document. Pure PQ KEM's in TLS comes with cryptographic risks, and the risks aren't sufficiently motivated by reasonable needs here. Instead this seems politically motivated. Let's try to make sound engineering decisions in the IETF, not act as a political lobby organization.
I worry that the particular construct in the document violate the ML-KEM patent license. There should be a IPR disclosure on this document for the Kyber patents, as I believe authors are aware of the patents. This is a document that is reasonable to publish outside of the TLS WG since there appears to be deployed implementations of it, and having documentation for interop reasons is useful. Complaints raised in earlier WGLC's still remains, and should be taken into review during this WGLC too. Finally, I worry that due process is not followed since relevant contributors are prohibited from participating, which subjugate others to not feel at liberty of expressing similar opinions, resulting in a non-transparent process that invite questions if this can be considered a fair and open process. Further reading: https://en.wikipedia.org/wiki/Open_standard#Comparison_of_definitions /Simon Joseph Salowey <[email protected]> writes: > This message starts the second Working Group Last Call for the pure ML-KEM > document (draft-ietf-tls-mlkem-07). > > > The file can be retrieved from: > > https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/ > > The diff with the previous WGLC draft (-05) is here: > > > https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-07&difftype=--html > <https://author-tools.ietf.org/iddiff?url1=draft-ietf-tls-mlkem-05&url2=draft-ietf-tls-mlkem-06&difftype=--html> > > > The main focus of this WGLC is to review new text providing more context > around the use of pure ML-KEM. For those who indicated they wanted this > text, please let us know if the new text satisfies you and if you support > publication. This working group last call will end on February 27, 2026. > > > Thank You. > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
