+1 Anything the WG does has to be proof against Quantum Cryptanalysis and LoW (Laptops on Weekends). The fact that the broken algorithms did not get picked does not change the fact that they made it to the third round.
On Sat, Aug 6, 2022 at 1:53 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > On 06/08/2022 17:47, Phillip Hallam-Baker wrote: > > Are you proposing pure Kyber or a hybrid though? > > I've not heard anyone suggest securing an IETF protocol > only via PQC algs. It'd be incredibly dim to make that > suggestion IMO, esp now that two of the 3rd round entries > have been busted. So I'm not worried that we'd even come > close to landing there for TLS. > > S. >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
