Eric Rescorla wrote:
>Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
No reuse of ephemeral keys is always bad.
John
From: Eric Rescorla
Date: Saturday, 2 November 2024 at 02:09
To: John Mattsson
Cc: Filippo Valsorda , Rich Salz , Bas
Westerbaan , tls@ietf.org
Subject
On Sat, Nov 2, 2024 at 12:12 AM John Mattsson
wrote:
> Eric Rescorla wrote:
> >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
>
> No reuse of ephemeral keys is always bad.
>
Right.
Based on the discussion so far, I think it would be reasonable to have a
mandate for TLS
Hi all,
The draft https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/
specifies how ML-DSA in combination with traditional algorithms can be used
for authentication in TLS 1.3.
Comments and suggestions are welcome.
Regards,
- Tiru
-- Forwarded message -
From:
Date:
Hi all,
This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/
specifies how the PQC signature scheme SLH-DSA can be used for
authentication in TLS 1.3.
Comments and suggestions are welcome.
Regards,
-Tiru
-- Forwarded message -
From:
Date: Sun, 3 Nov 2024 at 05:39
