Hello, What's the situation with other groups for TLS 1.3? Specifically, are there any plans to specify SecP384r1MLKEM1024?
As mentioned in multiple emails already, high security system already have a strict requirement to use P-384 curve exclusively. Similarly, for post-quantum resistance they will be required to use ML-KEM-1024. Will you add it to the draft, or should we start work on a separate one that defines those hybrid algorithms? -- Regards, Alicja (nee Hubert) Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
