Felix,
I'm not completely sure I understand what you are suggesting,
but I think it might not be quite as straightforward as that.
In general, if the PQ KEM is not secure then the HS can fail to be
indistinguishable from random: fixing the ECDH components of
the hybrid key shares and choosing dis
Starting with internal connections:
https://engineering.fb.com/2024/05/22/security/post-quantum-readiness-tls-pqr-meta/
> For our deployment, we have chosen Kyber with X25519 in a hybrid setting.
Kyber is the only key encapsulation mechanism selected by NIST for
standardization so far. Kyber come
This email starts the working group last call for the Internet-Draft
"Hybrid key exchange in TLS 1.3", located here:
https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
The WG last call will end 26th August 2024 @ 2359 UTC.
Please review the draft and submit issues and pull requests v
