Liaison statement
Reply to LS on the work item related to QKD and TLS integration framework in SG13
Additional information about IETF liaison relationships is available on the
IETF webpage
and the
Internet Architecture Board liaison webpage.
| State | Posted |
|---|---|
| Submitted Date | 2026-04-23 |
| From Group | tls |
| From Contact | Scott Mansfield <Scott.Mansfield@Ericsson.com> |
| To Group | ITU-T-SG-13 |
| To Contacts | gyumyoung.lee@gmail.com hans.kim@iotct.net mazhangchao@casquantumnet.com tsbsg13@itu.int |
| Cc | Christopher Inacio <stndrds-inacio@andrew.cmu.edu> Scott Mansfield <Scott.Mansfield@Ericsson.com> Deb Cooley <debcooley1@gmail.com> Deirdre Connolly <durumcrustulum@gmail.com> Joseph Salowey <joe@salowey.net> Sean Turner <sean+ietf@sn3rd.com> Transport Layer Security Discussion List <tls@ietf.org> |
| Response Contact | Joseph Salowey <joe@salowey.net> Sean Turner <sean+ietf@sn3rd.com> Deirdre Connolly <durumcrustulum@gmail.com> |
| Technical Contact | Deb Cooley <debcooley1@gmail.com> |
| Purpose | For information |
| Attachments | (None) |
| Liaisons referred by this one |
LS on the work item related to QKD and TLS integration framework in SG13
|
| Body |
Any use of QKD with TLS should be done such that failure of QKD does not degrade security of TLS: - The PSK Key Exchange Mode should be 1 (psk_dhe_ke) so that the QKD key gets combined with the result of internal TLS key exchange. - The TLS key exchange group should be one of the PQ algorithms registered in IANA's TLS registries [1]; draft-ietf-tls-ecdhe-mlkem registers code points to use traditional and PQ algorithms together and draft-ietf-tls-mlkem registers code points to use just PQ algorithms. - The extension 33 (tls_cert_with_extern_psk) should be used, so TLS also performs the traditional certificate authentication (see RFC 8773 or the soon-to-be-issued draft-ietf-tls-8773bis). - The certificates should use a PQ signature algorithm, ML-DSA for example. [1] https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml |