That sounds right. We still need to fill in the platform-specific glue code between our TLS stack and the OS-provided client certificate keys. (I don't expect that to be particularly difficult.)
On Wed, May 13, 2026 at 2:52 PM Andrei Popov <Andrei.Popov= [email protected]> wrote: > We’ve tested ML-DSA support in the Windows TLS stack against Chrome > canary. ML-DSA server certificates worked. ML-DSA client certificate in > Chrome failed with ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. It appears that > the code to sign with an ML-DSA key on Windows doesn't yet exist in > Chromium. > > > > Cheers, > > > > Andrei > > > > *From:* Filippo Valsorda <[email protected]> > *Sent:* Wednesday, May 13, 2026 10:49 AM > *To:* David Adrian <[email protected]> > *Cc:* TLS List <[email protected]> > *Subject:* [EXTERNAL] [TLS] Re: Working Group Last Call for Use of ML-DSA > in TLS 1.3 > > > > 2026-05-07 11:10 GMT-04:00 David Adrian <[email protected]>: > > Following up my previous post to note that ML-DSA in TLS 1.3 will be > rolling out in Chrome 150, releasing June 30. It is currently available on > Chrome Canary. In practice, using ML-DSA requires explicitly configuring > (via chrome://certificate-manager or via operating system local trust > stores) RFC 9881 ML-DSA trust anchors, as there are no changes to the > Chrome Root Store. The implementation uses the codepoints from this draft. > > > > Anyone who has the capability to do so, should test for interoperability. > > > > We have an implementation for the Go standard library that interoperates > with Chrome Canary. > > > > 776709: crypto/tls: add ML-DSA support | > https://go-review.googlesource.com/c/go/+/776709 > > > > On Thu, Apr 9, 2026 at 4:53 PM David Adrian <[email protected]> wrote: > > I have read the document and support publication. Note that we are > implementing this in Chrome [1], unflagged, albeit without any roots. > > > > [1]: https://chromestatus.com/feature/5174590524489728 > > > > On Thu, Apr 9, 2026 at 4:49 PM Yaroslav Rosomakho <yrosomakho= > [email protected]> wrote: > > I support publication of this document. > > > > > > -yaroslav > > > > > On 9 Apr 2026, at 20:31, Sean Turner <[email protected]> wrote: > > > > > > This is the working group last call for Use of ML-DSA in TLS 1.3. > Please review draft-ietf-tls-mldsa [1] and reply to this thread indicating > if you think it is ready for publication or not. If you do not think it is > ready please indicate why. This call will end on April 23, 2026. > > > > > > REMINDER: If you have not done so recently, review the TLS WG's Mail > List Procedures; see [2]. > > > > > > The Chairs, > > > Deirdre, Joe, and Sean > > > > > > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/ > > > [2] > https://mailarchive.ietf.org/arch/msg/tls/ucdImHExlbOf4Q3BCG81gjzi2xE/ > > > > > > _______________________________________________ > > > TLS mailing list -- [email protected] > > > To unsubscribe send an email to [email protected] > > > > -- > > > > > > This communication (including any attachments) is intended for the sole > > use of the intended recipient and may contain confidential, non-public, > > and/or privileged material. Use, distribution, or reproduction of this > > communication by unintended recipients is not authorized. If you received > > this communication in error, please immediately notify the sender and then > > delete all copies of this communication from your system. > > > > _______________________________________________ > > TLS mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > _______________________________________________ > > TLS mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
