> I think it is really premature to speculate on features PQ-secure algorithms > can or cannot provide (*) and try and have this influence *current* TLS1.3 > protocol design. Should one wish to include PQ algorithms in a future update > of TLS1.3, one can simply specify which protocol ingredients those updates > relate to. As long as the current TLS1.3 specification has some facility for > implementing algorithm agility, one can shy away from crystal ball gazing for > now.
+1
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
