Hi Peter,
I think there's a misunderstanding. My response to your original
question on what assumption one needs to make on the PQ KEM to be able
to reuse the argument in [DOWLING] was "none", in the following sense:
If you're _only_ after the classic security shown in [DOWLING], then
there's
Hi,
> On Sep 4, 2024, at 11:28, Raghu Saxena wrote:
>
> On 9/3/24 10:52 PM, 涛叔 wrote:
>> This idea was derived from my attempt to implement encrypted TLS SNI Proxy.
>> The SNI
>> does not only expose privacy information, many ISP use it to block certain
>> web site.
>> Even though the current d
I do not think we need to make Curve25519 MTI. The purpose of MTIs is to
provide a minimum baseline for interoperability, and we have that already
with the existing MTI. That's entirely compatible with most people
preferring X25519 because they believe it's better than the MTI.
-Ekr
On Mon, Aug
