We’ve tested ML-DSA support in the Windows TLS stack against Chrome canary. ML-DSA server certificates worked. ML-DSA client certificate in Chrome failed with ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. It appears that the code to sign with an ML-DSA key on Windows doesn't yet exist in Chromium.
Cheers, Andrei From: Filippo Valsorda <[email protected]> Sent: Wednesday, May 13, 2026 10:49 AM To: David Adrian <[email protected]> Cc: TLS List <[email protected]> Subject: [EXTERNAL] [TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3 2026-05-07 11:10 GMT-04:00 David Adrian <[email protected]<mailto:[email protected]>>: Following up my previous post to note that ML-DSA in TLS 1.3 will be rolling out in Chrome 150, releasing June 30. It is currently available on Chrome Canary. In practice, using ML-DSA requires explicitly configuring (via chrome://certificate-manager or via operating system local trust stores) RFC 9881 ML-DSA trust anchors, as there are no changes to the Chrome Root Store. The implementation uses the codepoints from this draft. Anyone who has the capability to do so, should test for interoperability. We have an implementation for the Go standard library that interoperates with Chrome Canary. 776709: crypto/tls: add ML-DSA support | https://go-review.googlesource.com/c/go/+/776709 On Thu, Apr 9, 2026 at 4:53 PM David Adrian <[email protected]<mailto:[email protected]>> wrote: I have read the document and support publication. Note that we are implementing this in Chrome [1], unflagged, albeit without any roots. [1]: https://chromestatus.com/feature/5174590524489728 On Thu, Apr 9, 2026 at 4:49 PM Yaroslav Rosomakho <[email protected]<mailto:[email protected]>> wrote: I support publication of this document. -yaroslav > On 9 Apr 2026, at 20:31, Sean Turner <[email protected]<mailto:[email protected]>> > wrote: > > This is the working group last call for Use of ML-DSA in TLS 1.3. Please > review draft-ietf-tls-mldsa [1] and reply to this thread indicating if you > think it is ready for publication or not. If you do not think it is ready > please indicate why. This call will end on April 23, 2026. > > REMINDER: If you have not done so recently, review the TLS WG's Mail List > Procedures; see [2]. > > The Chairs, > Deirdre, Joe, and Sean > > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/ > [2] https://mailarchive.ietf.org/arch/msg/tls/ucdImHExlbOf4Q3BCG81gjzi2xE/ > > _______________________________________________ > TLS mailing list -- [email protected]<mailto:[email protected]> > To unsubscribe send an email to [email protected]<mailto:[email protected]> -- This communication (including any attachments) is intended for the sole use of the intended recipient and may contain confidential, non-public, and/or privileged material. Use, distribution, or reproduction of this communication by unintended recipients is not authorized. If you received this communication in error, please immediately notify the sender and then delete all copies of this communication from your system. _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
