As with the earlier thread, this message is off-topic for this list. Regardless of what NIST does, the TLS protocol does and will support a variety of curves.
On Wed, Jun 5, 2024 at 20:14 D. J. Bernstein <d...@cr.yp.to> wrote: > Andrei Popov writes: > > This is a complicated compliance question. I'm not qualified to > > comment on this option. > > I think it's worth investigating, considering the following NIST quote: > > Their associated key agreement schemes, X25519 and X448, will be > considered for inclusion in a subsequent revision to SP 800-56A. The > CMVP does not intend to enforce compliance with SP 800-56A until > these revisions are complete. > > > https://web.archive.org/web/20200810165057/https://csrc.nist.gov/projects/cryptographic-module-validation-program/notices > > Does anyone have any documents showing that NIST has reneged on the > above announcement? Possibilities: > > * Yes: then I'd appreciate a pointer so that concerned members of the > community can tell NIST what they think about this and, hopefully, > get NIST to change course. > > * No: then the announcement and consistent handling of this by NIST > would be another reason for IETF to not be dragged down by the > current limitations of NIST SP 800-56A. > > If nobody has ever tried asking NIST to approve an X25519 solution as > per the above announcement, surely that would be a useful experiment, > creating a path towards simplifying subsequent TLS WG discussions. > > ---D. J. Bernstein > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
