Also, what are the WG's thoughts on including standalone PQC signatures in the same draft?
I think that including standalone PQC sigs would be very desirable. From: TLS <tls-boun...@ietf.org> On Behalf Of Deirdre Connolly Sent: Tuesday, March 5, 2024 9:15 PM To: TLS@ietf.org Subject: [TLS] ML-KEM key agreement for TLS 1.3 I have uploaded a preliminary version of ML-KEM for TLS 1.3 and have a more fleshed out version to be uploaded when datatracker opens. It is a straightforward new `NamedGroup` to support key agreement via ML-KEM-768 or ML-KEM-1024, in a very similar style to -hybrid-design. It will be nice to have pure-PQ options (that are FIPS / CNSA 2.0 compatible) ready to go when users are ready to use them. Cheers, Deirdre
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
