Andrei Popov writes: > This is a complicated compliance question. I'm not qualified to > comment on this option.
I think it's worth investigating, considering the following NIST quote: Their associated key agreement schemes, X25519 and X448, will be considered for inclusion in a subsequent revision to SP 800-56A. The CMVP does not intend to enforce compliance with SP 800-56A until these revisions are complete. https://web.archive.org/web/20200810165057/https://csrc.nist.gov/projects/cryptographic-module-validation-program/notices Does anyone have any documents showing that NIST has reneged on the above announcement? Possibilities: * Yes: then I'd appreciate a pointer so that concerned members of the community can tell NIST what they think about this and, hopefully, get NIST to change course. * No: then the announcement and consistent handling of this by NIST would be another reason for IETF to not be dragged down by the current limitations of NIST SP 800-56A. If nobody has ever tried asking NIST to approve an X25519 solution as per the above announcement, surely that would be a useful experiment, creating a path towards simplifying subsequent TLS WG discussions. ---D. J. Bernstein _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
