[TLS] Re: MLKEM or Khyber KX
Eric Rescorla wrote: >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? No reuse of ephemeral keys is always bad. John From: Eric Rescorla Date: Saturday, 2 November 2024 at 02:09 To: John Mattsson Cc: Filippo Valsorda , Rich Salz , Bas Westerbaan , tls@ietf.org Subject: Re: [TLS] Re: MLKEM or Khyber KX On Fri, Nov 1, 2024 at 11:30 AM John Mattsson mailto:40ericsson@dmarc.ietf.org>> wrote: >and would warmly welcome it being a MUST in the IETF specification of the ML-KEM TLS hybrids. +1 Let’s try to make that happen https://github.com/post-quantum-cryptography/draft-kwiatkowski-tls-ecdhe-mlkem/pull/25 Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? -Ekr ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Re: MLKEM or Khyber KX
On Sat, Nov 2, 2024 at 12:12 AM John Mattsson wrote: > Eric Rescorla wrote: > >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? > > No reuse of ephemeral keys is always bad. > Right. Based on the discussion so far, I think it would be reasonable to have a mandate for TLS 1.3 generally. However, I don't think it's a good thing to have a different rule for this key exchange algorithm than for TLS as a whole unless there's some specific technical reason for it. i would defer to the chairs on what they think the appropriate avenue is for such a requirement for 1.3. -Ekr > ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Fwd: New Version Notification for draft-tls-reddy-composite-mldsa-00.txt
Hi all, The draft https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/ specifies how ML-DSA in combination with traditional algorithms can be used for authentication in TLS 1.3. Comments and suggestions are welcome. Regards, - Tiru -- Forwarded message - From: Date: Sun, 3 Nov 2024 at 05:33 Subject: New Version Notification for draft-tls-reddy-composite-mldsa-00.txt To: Tirumaleswar Reddy.K , John Gray < john.g...@entrust.com>, Scott Fluhrer , Timothy Hollebeek A new version of Internet-Draft draft-tls-reddy-composite-mldsa-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-tls-reddy-composite-mldsa Revision: 00 Title:Use of Composite ML-DSA in TLS 1.3 Date: 2024-11-02 Group:Individual Submission Pages:8 URL: https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.txt Status: https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/ HTML: https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-composite-mldsa Abstract: This document specifies how the post-quantum signature scheme ML-DSA [FIPS204], in combination with traditional algorithms RSA- PKCS#1v1.5,RSA-PSS, ECDSA, Ed25519, and Ed448 can be used for authentication in TLS 1.3. The composite ML-DSA approach is beneficial in deployments where operators seek additional protection against potential breaks or catastrophic bugs in ML-DSA. The IETF Secretariat ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
[TLS] Fwd: New Version Notification for draft-tls-reddy-slhdsa-00.txt
Hi all, This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ specifies how the PQC signature scheme SLH-DSA can be used for authentication in TLS 1.3. Comments and suggestions are welcome. Regards, -Tiru -- Forwarded message - From: Date: Sun, 3 Nov 2024 at 05:39 Subject: New Version Notification for draft-tls-reddy-slhdsa-00.txt To: Tirumaleswar Reddy.K , John Gray < john.g...@entrust.com>, Scott Fluhrer , Timothy Hollebeek A new version of Internet-Draft draft-tls-reddy-slhdsa-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-tls-reddy-slhdsa Revision: 00 Title:Use of SLH-DSA in TLS 1.3 Date: 2024-11-02 Group:Individual Submission Pages:8 URL: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.txt Status: https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ HTML: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-slhdsa Abstract: This memo specifies how the post-quantum signature scheme SLH-DSA [FIPS205] is used for authentication in TLS 1.3. The IETF Secretariat ___ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
