On 02.12.24 18:38, Joseph Salowey wrote:
If you object to the adoption of this document please respond to this
thread by December, 9 2024.
Based on this, I would have expected only those objecting to respond.
But since those supporting the draft are also responding, so here goes
my support f
I agree with David, I think “and provides excellent security as-is” should be
removed.
John
From: David Benjamin
Date: Wednesday, 4 December 2024 at 18:57
To: John Mattsson
Cc: Salz, Rich , Sean Turner , TLS List
Subject: Re: [TLS] Re: Working Group Last Call for TLS 1.2 is in Feature Freeze
On Sat, Nov 02, 2024 at 07:12:02AM +, John Mattsson wrote:
> Eric Rescorla wrote:
> >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
>
> No reuse of ephemeral keys is always bad.
But ML-KEM is specifically designed (IND-CCA2, via FO transform) to
support key reuse, wi
On Thu, 5 Dec 2024, 09:29 Muhammad Usama Sardar, <
muhammad_usama.sar...@tu-dresden.de> wrote:
> On 02.12.24 18:38, Joseph Salowey wrote:
>
> > If you object to the adoption of this document please respond to this
> > thread by December, 9 2024.
>
> Based on this, I would have expected only those
Agreed. I hope that this becomes a MUST.
On Fri, 1 Nov 2024 at 22:30, John Mattsson
wrote:
>
> >and would warmly welcome it being a MUST in the IETF specification of the
> ML-KEM TLS hybrids.
>
>
> +1
>
> Let’s try to make that happen
> https://github.com/post-quantum-cryptography/draft-kwiatko
I hope so. Can we start an adoption call?
Russ
> On Dec 5, 2024, at 4:08 PM, Scott Fluhrer (sfluhrer)
> wrote:
>
> How do we proceed with this draft?
>
> This draft is quite boring (which is good from a cryptographical
> perspective); it just says ‘take ML-KEM and insert it as a key agreem
How do we proceed with this draft?
This draft is quite boring (which is good from a cryptographical perspective);
it just says 'take ML-KEM and insert it as a key agreement into TLS in the
obvious way'.
I understand that people want to discuss the hybrid KEM draft more (because
there are more
On Thu, Dec 5, 2024 at 7:31 AM Viktor Dukhovni wrote:
>
> On Sat, Nov 02, 2024 at 07:12:02AM +, John Mattsson wrote:
>
> > Eric Rescorla wrote:
> > >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
> >
> > No reuse of ephemeral keys is always bad.
>
> But ML-KEM is speci
+1
From: Russ Housley
Date: Thursday, 5 December 2024 at 22:20
To: Scott Fluhrer (sfluhrer)
Cc: IETF TLS
Subject: [TLS] Re: draft-connolly-tls-mlkem-key-agreement
I hope so. Can we start an adoption call?
Russ
On Dec 5, 2024, at 4:08 PM, Scott Fluhrer (sfluhrer)
wrote:
How do we proceed
