> So is it possible to transfer the accept_confirmation in some plain text
> extensions
> like Key Share, or other dedicated extension?
>
Just a historical note here: the acceptance signal was designed this way so
that the client has an explicit signal of whether the server used the inner
ClientHe
> What's the situation with other groups for TLS 1.3?
> Specifically, are there any plans to specify SecP384r1MLKEM1024?
This draft was a merger of two drafts because one of the TLS Registry experts
asked if they could do so.
I agree that P384 is probably of interest to many people, and it would
Hello,
What's the situation with other groups for TLS 1.3?
Specifically, are there any plans to specify SecP384r1MLKEM1024?
As mentioned in multiple emails already, high security system
already have a strict requirement to use P-384 curve exclusively.
Similarly, for post-quantum resistance they
Hi all,
We are planning to replace X25519Kyber768Draft00 (0x6399)
with X25519MLKEM768 (0x11ec) [1], a hybrid of ML-KEM-768 and X25519.
We will support X25519Kyber768Draft00 and X25519MLKEM768 at the same time
for a while to allow clients the opportunity to migrate without losing
post-quantum secu
Sure, that's fine
On Wed, Sep 4, 2024 at 8:07 AM Sean Turner wrote:
> Since this is correctly marked as “Editorial” are there any objections to
> changing the state to “Hold For Document Update”?
>
> spt
>
> > On Aug 23, 2024, at 18:18, Eric Rescorla wrote:
> >
> > I don't think this is an erra
