On Sat, Nov 2, 2024 at 12:12 AM John Mattsson <john.matts...@ericsson.com> wrote:
> Eric Rescorla wrote: > >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? > > No reuse of ephemeral keys is always bad. > Right. Based on the discussion so far, I think it would be reasonable to have a mandate for TLS 1.3 generally. However, I don't think it's a good thing to have a different rule for this key exchange algorithm than for TLS as a whole unless there's some specific technical reason for it. i would defer to the chairs on what they think the appropriate avenue is for such a requirement for 1.3. -Ekr >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
