My $.02. * We should have a consistent ordering of [EC, PQ] in both the names and the key schedule. I.e., the code should be consistent with the naming and either the EC or the PQC ought to always come first. * I don't have a strong opinion about which should go first. * Can we please have a separator between them, as in MLKEM768_X25519?
-Ekr On Thu, Oct 17, 2024 at 8:18 AM Jan Schaumann <jschauma= 40netmeister....@dmarc.ietf.org> wrote: > Bas Westerbaan <bas=40cloudflare....@dmarc.ietf.org> wrote: > > The number of people that actually implement these hybrid KEMs is much > > smaller than the number of people that need to make a choice based on > their > > name. How do we explain that one is called MLKEM768X25519 and the other > > SecP256r1MLKEM768? > > "In hybrid key exchanges, the name reflects the > order." > > This strikes me as overall much less confusing all > around than > > "One is called <first><second>, the other is called > <second><first>, because we wanted to have both end in > the same string." > > People choosing will do a substring match ("I want > PQC, so... ok, here's one that contains 'MLKEM', let > me enable that."). > > -Jan > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org