> Does it mean that both draft-ietf-tls-hybrid-design and
> draft-kwiatkowski-tls-ecdhe-mlkem should be standard track or only one of
> them?
draft-ietf-tls-hybrid-design depends on pre-standard Kyber and does not matter
any more; draft-kwiatkowski-tls-ecdhe-mlkem is completely separate, should
> On 10 Sep 2024, at 16:05, Salz, Rich wrote:
>
> • I assume draft-ietf-tls-hybrid-design will remove all mentioning of
> Kyber and only refer to the final standardized ML-KEM. I don't think TLS WG
> should publish anything with Kyber.
> In fact, the current unified draft has IANA instruc
On Tuesday, 10 September 2024 16:05:51 CEST, Salz, Rich wrote:
* I assume draft-ietf-tls-hybrid-design will remove all
mentioning of Kyber and only refer to the final standardized
ML-KEM. I don't think TLS WG should publish anything with Kyber.
In fact, the current unified draft has IANA i
* I assume draft-ietf-tls-hybrid-design will remove all mentioning of Kyber
and only refer to the final standardized ML-KEM. I don't think TLS WG should
publish anything with Kyber.
In fact, the current unified draft has IANA instructions to mark the
KyberDraft0 assignments as obsolete.
with curves that are Recommended = Y should be
Recommended = Y.
Cheers,
John
From: Kris Kwiatkowski
Date: Tuesday, 10 September 2024 at 08:09
To: Andrei Popov
Cc: Bas Westerbaan , tls@ietf.org
Subject: [TLS] Re: [EXTERNAL] draft-kwiatkowski-tls-ecdhe-mlkem and P-384
> On 10 Sep 2024, at 00:17
> On 10 Sep 2024, at 00:17, Andrei Popov wrote:
>
> This makes sense, however shouldn’t draft-kwiatkowski-tls-ecdhe-mlkem-01 be
> on the Standards track?
> Also, what is the thinking behind “Recommended: N” for the code points?
The draft-ietf-tls-hybrid-design draft is on the Informational tra
behind “Recommended: N” for the code points?
From: Bas Westerbaan
Sent: Monday, September 9, 2024 2:05 PM
To: Andrei Popov
Cc: Alicja Kario ; Kris Kwiatkowski ;
tls@ietf.org
Subject: Re: [TLS] Re: [EXTERNAL] draft-kwiatkowski-tls-ecdhe-mlkem and P-384
On Mon, Sep 9, 2024 at 10:56 PM Andrei
On Mon, Sep 9, 2024 at 10:56 PM Andrei Popov wrote:
> Yes, we need SecP384 hybrids.
>
> More generally, I see two separate hybrid key exchange drafts under
> discussion in the TLS WG:
> - draft-ietf-tls-hybrid-design-10 refers to pre-standard Kyber;
> - draft-kwiatkowski-tls-ecdhe-mlkem-01 define
Yes, we need SecP384 hybrids.
More generally, I see two separate hybrid key exchange drafts under discussion
in the TLS WG:
- draft-ietf-tls-hybrid-design-10 refers to pre-standard Kyber;
- draft-kwiatkowski-tls-ecdhe-mlkem-01 defines hybrids with ML-KEM 768.
Both drafts are on the Informational
