[TLS] Re: Secdir last call review of draft-ietf-tls-svcb-ech

Hi Tiru, Thanks for the review. I've filed it as https://github.com/tlswg/draft-ietf-tls-svcb-ech/issues/21. 1. I've opened a PR to add examples: https://github.com/tlswg/draft-ietf-tls-svcb-ech/pull/22 2. This text was heavily debated in DNSOP: https://mailarchive.ietf.org/arch/msg/dnsop/zOx

[TLS] Fwd: [pqc-forum] Recommendations for Key-Encapsulation Mechanisms | Draft SP 800-227 is Available for Comment

This might be of interest to some. -- Forwarded message - From: 'Moody, Dustin (Fed)' via pqc-forum Date: Tue, Jan 7, 2025 at 4:15 PM Subject: [pqc-forum] Recommendations for Key-Encapsulation Mechanisms | Draft SP 800-227 is Available for Comment To: pqc-forum The initial publ

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

2025-01-07 14:16 GMT+01:00 John Mattsson : > Alicja Kario wrote: > >Can you point to examples of people actually using x448 (TLS group ID 30) in > >practice? > > I think that is the wrong question. If no one deployed X448 I don't see why they would deploy X448MLKEM1024, so I see no reason to

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

On Tue, 7 Jan 2025 at 17:16, John Mattsson wrote: > > Alicja Kario wrote: > >Can you point to examples of people actually using x448 (TLS group ID 30) in > >practice? > > > > I think that is the wrong question. I think the right question is which > hybrids do IETF recommend people to use in the

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

Alicja Kario wrote: >Can you point to examples of people actually using x448 (TLS group ID 30) in >practice? I think that is the wrong question. I think the right question is which hybrids do IETF recommend people to use in the future. I think the answer is hybrids with X25519, X448, Ed25519, a

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

On Tue, 7 Jan 2025 at 17:35, Filippo Valsorda wrote: > > 2025-01-07 14:16 GMT+01:00 John Mattsson > : > > Alicja Kario wrote: > >Can you point to examples of people actually using x448 (TLS group ID 30) in > >practice? > > > > I think that is the wrong question. > > > If no one deployed X448 I d

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

How about having x448mlkem1024 allocated as an experimental codepoint for those who wish to use it ? On Mon, 6 Jan 2025 at 12:52, Viktor Dukhovni wrote: > > On Mon, Jan 06, 2025 at 08:00:04AM +, Kris Kwiatkowski wrote: > > On 06/01/2025 06:18, Viktor Dukhovni wrote: > > > it would be very un

[TLS] Re: [Uta] IoT certificate profile vs TLS SNI and subjectAltName

Hi Michael, > TL;DR> Help us avoid stuffing non-DNS strings into >SubjectAltName dNSName when doing device to device (D)TLS. I may fail to understandiung your question or intention. Maybe you clarify it. Your initial question in "draft-tls13-iot" was: "I was looking for a SN, or SAN th

[TLS] Re: draft-kwiatkowski-tls-ecdhe-mlkem and x448

(I originally proposed PR that added that codepoint, together with the secp384r1mlkem1024, so I'm really not against it, but...) Can you point to examples of people actually using x448 (TLS group ID 30) in practice? If you want to experiment, then there's the whole private range, what would ma

[TLS] Re: [Ace] IoT certificate profile vs TLS SNI and subjectAltName

On Mon, Jan 6, 2025 at 9:31 PM Watson Ladd wrote: > On Mon, Jan 6, 2025 at 6:14 PM Eric Rescorla wrote: > > > > > > > > On Mon, Jan 6, 2025 at 11:31 AM Michael Richardson < > mcr+i...@sandelman.ca> wrote: > >> > >> > >> Please note and respect the Reply-To: u...@ietf.org. > >> > >> > >> > >> 4.