Dear tls and cfrg working groups,
With ML-KEM (née Kyber) expected to be finalized this year, it’s time to
revisit the question of which PQ/T hybrid KEMs to standardize, and which to
recommend.
# Status quo
For TLS at the time of writing there are two PQ/T hybrids registered:
X25519Kyber768 [1]
Thanks for this work!
Speaking for myself (not for my co-authors), this feels like friendly,
complementary work to draft-ounsworth-cfrg-kem-combiners; X-Wing could be
viewed as a profile of ounsworth-kem-combiners that optimizes around the
security properties of ML-KEM.
Bas makes a good
There is interest in using TLS 1.3 and QUIC for communication in space
-- partly for reason such as "reusing off the shelf components". But
this is not the typical Internet environment. The transmission delays
can be very long: a few seconds between Earth and Moon, from a few
minutes to tens of
Hiya,
Interesting question...
On 11/01/2024 00:07, Christian Huitema wrote:
I am wondering what the proper fix should be.
I don't know the answer (or if there's one answer) but
suspect that it may be better to first explore various
scenarios (as you've kinda kicked off with forwarding to
the
On Thu, Jan 11, 2024, at 11:07, Christian Huitema wrote:
> One first problem with this code is that implementations may or may not
> have an estimate of the RTT when they are issuing the ticket. In theory
> the server could measure the RTT by comparing the send time of the
> server first flight
On 1/10/2024 7:00 PM, Martin Thomson wrote:
On Thu, Jan 11, 2024, at 11:07, Christian Huitema wrote:
One first problem with this code is that implementations may or may not
have an estimate of the RTT when they are issuing the ticket. In theory
the server could measure the RTT by comparing th
On Thu, Jan 11, 2024, at 15:45, Christian Huitema wrote:
> Good for you. Not all implementations do that. It is hard for me to
> blame them, because the 10 seconds recommendation is justified by for
> "clients on the Internet", and delays larger than 1 or maybe 2 seconds
> are quite rare on the
On 1/10/2024 10:20 PM, Martin Thomson wrote:
On Thu, Jan 11, 2024, at 15:45, Christian Huitema wrote:
Good for you. Not all implementations do that. It is hard for me to
blame them, because the 10 seconds recommendation is justified by for
"clients on the Internet", and delays larger than 1 o
