Sweet!
Does this migration includes also cloudflare->origin (egress) connections or
just eyeballs->cloudflare?
Cheers,
Kris
On 06/09/2024 12:02, Bas Westerbaan wrote:
Hi all,
We are planning to replace X25519Kyber768Draft00 (0x6399)
with X25519MLKEM768 (0x11ec) [1], a hybrid of ML-KEM-768 and X25519.
We will support X25519Kyber768Draft00 and X25519MLKEM768 at the same time
for a while to allow clients the opportunity to migrate without losing
post-quantum security.
Apart from these two, we also supported X25519Kyber768Draft00 under
codepoint 0xfe31 and X25519Kyber512Draft00 (0xfe30). We logged zero uses of
these two in the last week with a 1/100 sample rate. We will disable 0xfe31,
0xfe30 over the common weeks.
Best,
Bas
PS. Not sure I shared it here already, but we have public graph tracking
client PQ key agreement deployment:
https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption-adoption
At the time of writing about 17% of all human traffic (by request count)
with us is using X25519Kyber768Draft00.
[1] https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
_______________________________________________
TLS mailing list --tls@ietf.org
To unsubscribe send an email totls-le...@ietf.org
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
