Issues
--
* tlswg/draft-ietf-tls-esni (+0/-0/💬1)
1 issues received 1 new comments:
- #628 DNS issues from AD review. (1 by ekr)
https://github.com/tlswg/draft-ietf-tls-esni/issues/628
Pull requests
-
* tlswg/draft-ietf-tls-esni (+3/-2/💬1)
3 pull requests submitted:
-
Tim Hollebeek writes:
[ regarding "composite and hybrid" ]
> To be clear, the draft says absolutely nothing about either of those
> two topics
To be clear, that's not a good thing. The draft is deviating from the
normal, amply justified security practices regarding PQ deployment. The
resulting s
Ilari Liusvaara writes:
> The argument forgets that to break ECC+PQ, the attacker has to break
> _either_:
> a) ECC and PQ.
> b) The hybrid construction.
The combiner is much simpler than the PQ system. Furthermore, the main
way that academics manufacture literature on combiner attacks is by
hypin
+1 to what Dan says below.
From: D. J. Bernstein
Date: Saturday, 23 November 2024 at 16:04
To: tls@ietf.org
Subject: [TLS] Re: [EXT] Re: ML-DSA in TLS
Ilari Liusvaara writes:
> The argument forgets that to break ECC+PQ, the attacker has to break
> _either_:
> a) ECC and PQ.
> b) The hybrid const
On Thu, Nov 21, 2024 at 08:45:14PM -, D. J. Bernstein wrote:
> Blumenthal, Uri - 0553 - MITLL writes:
> > Given how the two (KEM and DSA) are used, and what threats may exist
> > against each of them, I think it’s perfectly fine to use PQ instead of
> > ECC+PQ here.
>
> Hmmm. I don't see where
Reviewer: James Gannon
Review result: Ready
Hi Folks,
I am the assigned DNS Directorate reviewer for this. Apologies for the late
review; we had a reviewer switch during the cycle. I have read the document,
and while I am not a TLS guy who can wrap my head around it well enough, I see
that Ted's c
> -Original Message-
> From: ilariliusva...@welho.com
> Sent: Saturday, November 23, 2024 3:44 AM
> To: tls@ietf.org
> Subject: [TLS] Re: [EXT] Re: ML-DSA in TLS
>
>
> But with signatures, the risks become substantial because:
>
> - Complexity. Some of it to deal with known non-obviou
