On Thu, Oct 17, 2024 at 8:36 AM Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> wrote: > > * We should have a consistent ordering of [EC, PQ] in both the names and the > key schedule. I.e., the code should be consistent with the naming and either > the EC or the PQC ought to always come first. > > > > That would be nice, but it appears that the requirements that some find > important (e.g., for me and others, FIPS) might preclude that.
I don't see why the X25519 hybrid needs to be FIPS. The secp256 hybrid works now, and then when MLKEM is FIPS p256 will still be there. Is the concern that p256 might get removed, and the ordering constraint will still exist? > > > > * I don't have a strong opinion about which should go first. > > > > As I said, I think compliance might force our hand. > > > > * Can we please have a separator between them, as in MLKEM768_X25519? > > > > Yes please! > > > > A consistent cipher *name* is probably a good idea. And the soon-to-be-added > Comment field can say “on the wire it’s reversed see RFC xxx” and that RFC > could/should explain it. > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org -- Astra mortemque praestare gradatim _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
