Both. On Mon, Sep 9, 2024 at 2:32 PM Kris Kwiatkowski <k...@amongbytes.com> wrote:
> Sweet! > Does this migration includes also cloudflare->origin (egress) connections > or just eyeballs->cloudflare? > > Cheers, > Kris > On 06/09/2024 12:02, Bas Westerbaan wrote: > > Hi all, > > We are planning to replace X25519Kyber768Draft00 (0x6399) > with X25519MLKEM768 (0x11ec) [1], a hybrid of ML-KEM-768 and X25519. > > We will support X25519Kyber768Draft00 and X25519MLKEM768 at the same time > for a while to allow clients the opportunity to migrate without losing > post-quantum security. > > Apart from these two, we also supported X25519Kyber768Draft00 under > codepoint 0xfe31 and X25519Kyber512Draft00 (0xfe30). We logged zero uses of > these two in the last week with a 1/100 sample rate. We will disable > 0xfe31, 0xfe30 over the common weeks. > > Best, > > Bas > > > PS. Not sure I shared it here already, but we have public graph tracking > client PQ key agreement deployment: > https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption-adoption > At the time of writing about 17% of all human traffic (by request count) > with us is using X25519Kyber768Draft00. > > [1] https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/ > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
