Title: Reply to LS on the work item related to QKD and TLS integration framework in SG13 Submission Date: 2026-04-23 URL of the IETF Web page: https://datatracker.ietf.org/liaison/2152/
To: ITU-T SG 13 From: Transport Layer Security (tls) Purpose: For information Email Addresses --------------- From: Scott Mansfield <[email protected]> To: [email protected],[email protected],[email protected],[email protected] Cc: Christopher Inacio <[email protected]>,Scott Mansfield <[email protected]>,Deb Cooley <[email protected]>,Deirdre Connolly <[email protected]>,Joseph Salowey <[email protected]>,Sean Turner <[email protected]>,Transport Layer Security Discussion List <[email protected]> Response Contacts: Joseph Salowey <[email protected]>,Sean Turner <[email protected]>,Deirdre Connolly <[email protected]> Technical Contacts: Deb Cooley <[email protected]> Referenced liaison: LS on the work item related to QKD and TLS integration framework in SG13 (https://datatracker.ietf.org/liaison/2141/) Body: Any use of QKD with TLS should be done such that failure of QKD does not degrade security of TLS: - The PSK Key Exchange Mode should be 1 (psk_dhe_ke) so that the QKD key gets combined with the result of internal TLS key exchange. - The TLS key exchange group should be one of the PQ algorithms registered in IANA's TLS registries [1]; draft-ietf-tls-ecdhe-mlkem registers code points to use traditional and PQ algorithms together and draft-ietf-tls-mlkem registers code points to use just PQ algorithms. - The extension 33 (tls_cert_with_extern_psk) should be used, so TLS also performs the traditional certificate authentication (see RFC 8773 or the soon-to-be-issued draft-ietf-tls-8773bis). - The certificates should use a PQ signature algorithm, ML-DSA for example. [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Attachments: No document has been attached _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
