Bas Westerbaan <bas=40cloudflare....@dmarc.ietf.org> wrote: > The number of people that actually implement these hybrid KEMs is much > smaller than the number of people that need to make a choice based on their > name. How do we explain that one is called MLKEM768X25519 and the other > SecP256r1MLKEM768?
"In hybrid key exchanges, the name reflects the order." This strikes me as overall much less confusing all around than "One is called <first><second>, the other is called <second><first>, because we wanted to have both end in the same string." People choosing will do a substring match ("I want PQC, so... ok, here's one that contains 'MLKEM', let me enable that."). -Jan _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org