>
> Ultimately, I want fewer choices, but the direction the discussion is
> headed seems about right. At least in the short term, I think we need to
> eschew compression and only include one offer.
I also prefer fewer choices initially.
The only reason we're testing both X25519+Kyber512 and X25
On 22/08/2022 14:24, Bas Westerbaan wrote:
Here they're speaking about adding non-FIPS PQ to a non-PQ FIPS kex,[2] but
the other way around is also ok — what am I missing?
Let's assume Kyber is FIPS-approved. Indeed, you'll be able to have
a FIPS library with Z generated by Kyber and T generat
Dear, all,
On 22/08/2022 14:24, Bas Westerbaan wrote:
Here they're speaking about adding non-FIPS PQ to a non-PQ FIPS
kex,[2] but the other way around is also ok — what am I missing?
Let's assume Kyber is FIPS-approved. Indeed, you'll be able to have
a FIPS library with Z generated by Kyber a
On Tue, Aug 23, 2022, at 00:11, Kris Kwiatkowski wrote:
> As X25519 is not FIPS-approved, the lab won't be able to test it,
OK, hypothetical question, but maybe an important one.
Why would a certification lab care? We compose secrets with non-secrets all
the time, so even if X25519 were replac
