I'm afraid I have no measurements to offer, but...
On 03/06/2024 19:05, Eric Rescorla wrote:
The question is rather what the minimum set of algorithms we need is. My point is that that has to include P-256. It may well be the case that it needs to also include X25519.
Yep, the entirely obvious answer here is we'll end up defining at least x25519+PQ and p256+PQ. Arguing for one but not the other (in the TLS WG) seems pretty pointless to me. (That said, the measurements offered are as always interesting, so the discussion is less pointless than the argument:-) Cheers, S.
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org