Eric Rescorla wrote: >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
No reuse of ephemeral keys is always bad. John From: Eric Rescorla <e...@rtfm.com> Date: Saturday, 2 November 2024 at 02:09 To: John Mattsson <john.matts...@ericsson.com> Cc: Filippo Valsorda <fili...@ml.filippo.io>, Rich Salz <rs...@akamai.com>, Bas Westerbaan <b...@cloudflare.com>, tls@ietf.org <tls@ietf.org> Subject: Re: [TLS] Re: MLKEM or Khyber KX On Fri, Nov 1, 2024 at 11:30 AM John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org<mailto:40ericsson....@dmarc.ietf.org>> wrote: >and would warmly welcome it being a MUST in the IETF specification of the ML-KEM TLS hybrids. +1 Let’s try to make that happen https://github.com/post-quantum-cryptography/draft-kwiatkowski-tls-ecdhe-mlkem/pull/25 Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? -Ekr
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
