Dear TLS working group, We wanted to see if there is any further feedback on our draft "Hybrid key exchange in TLS 1.3" (https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) and what steps are required for it to advance further. We have not received any new feedback from the working group since we posted our last non-trivial update in October 2020.
The draft as written does not actually specify any post-quantum algorithms nor give identifiers for specific algorithm combinations, only the formats for hybrid key exchange messages and key derivation. We have received a suggestion that the draft be updated to include identifiers for hybrid key exchange combining elliptic curve groups and the KEMs currently in Round 3 of the NIST PQC standardization process, so that implementations can begin testing interoperability using numbers listed in the draft, rather than relying on ad hoc lists for such purposes. Is that something the working group would like to see, or would you prefer to leave it as it currently stands, without any specific algorithm identifiers? Douglas, Scott, and Shay _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
