As with the earlier thread, this message is off-topic for this list.

Regardless of what NIST does, the TLS protocol does and will support a
variety of curves.

On Wed, Jun 5, 2024 at 20:14 D. J. Bernstein <d...@cr.yp.to> wrote:

> Andrei Popov writes:
> > This is a complicated compliance question. I'm not qualified to
> > comment on this option.
>
> I think it's worth investigating, considering the following NIST quote:
>
>    Their associated key agreement schemes, X25519 and X448, will be
>    considered for inclusion in a subsequent revision to SP 800-56A.  The
>    CMVP does not intend to enforce compliance with SP 800-56A until
>    these revisions are complete.
>
>
> https://web.archive.org/web/20200810165057/https://csrc.nist.gov/projects/cryptographic-module-validation-program/notices
>
> Does anyone have any documents showing that NIST has reneged on the
> above announcement? Possibilities:
>
>    * Yes: then I'd appreciate a pointer so that concerned members of the
>      community can tell NIST what they think about this and, hopefully,
>      get NIST to change course.
>
>    * No: then the announcement and consistent handling of this by NIST
>      would be another reason for IETF to not be dragged down by the
>      current limitations of NIST SP 800-56A.
>
> If nobody has ever tried asking NIST to approve an X25519 solution as
> per the above announcement, surely that would be a useful experiment,
> creating a path towards simplifying subsequent TLS WG discussions.
>
> ---D. J. Bernstein
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-le...@ietf.org
>
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to