Hi Peter, Please see inline
On Sun, 3 Nov 2024 at 22:17, Peter C <pete...@ncsc.gov.uk> wrote: > Tiru, > > > > Is SLH-DSA considered a practical option for TLS end-entity certificates? > > > > Under realistic network conditions, TLS handshakes with full SLH-DSA > certificate chains seem to be about 5-10 times slower than traditional > certificate chains and, in some cases, can take on the order of seconds. > See, for example, the results in https://eprint.iacr.org/2020/071, > https://eprint.iacr.org/2021/1447, https://mediatum.ub.tum.de/1728103 and > https://thomwiggers.nl/post/tls-measurements/. > > > > I agree that there’s an argument for using SLH-DSA in root certificates, > but I’m surprised it’s being proposed for the full chain. > SLH-DSA is not proposed for the end-entity certificates, it is preferred for CA certificates (please see the 3rd paragraph in https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.html#section-2) -Tiru > > > Peter > > > > *From:* Russ Housley <hous...@vigilsec.com> > *Sent:* 03 November 2024 11:13 > *To:* tirumal reddy <kond...@gmail.com> > *Cc:* IETF TLS <tls@ietf.org> > *Subject:* [TLS] Re: New Version Notification for > draft-tls-reddy-slhdsa-00.txt > > > > Thanks for doing this work. I hope the TLS WG will promptly adopt it. > > > > Russ > > > > On Nov 2, 2024, at 8:15 PM, tirumal reddy <kond...@gmail.com> wrote: > > > > Hi all, > > This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ > specifies how the PQC signature scheme SLH-DSA can be used for > authentication in TLS 1.3. > > Comments and suggestions are welcome. > > Regards, > -Tiru > > ---------- Forwarded message --------- > From: <internet-dra...@ietf.org> > Date: Sun, 3 Nov 2024 at 05:39 > Subject: New Version Notification for draft-tls-reddy-slhdsa-00.txt > To: Tirumaleswar Reddy.K <kond...@gmail.com>, John Gray < > john.g...@entrust.com>, Scott Fluhrer <sfluh...@cisco.com>, Timothy > Hollebeek <tim.holleb...@digicert.com> > > > > A new version of Internet-Draft draft-tls-reddy-slhdsa-00.txt has been > successfully submitted by Tirumaleswar Reddy and posted to the > IETF repository. > > Name: draft-tls-reddy-slhdsa > Revision: 00 > Title: Use of SLH-DSA in TLS 1.3 > Date: 2024-11-02 > Group: Individual Submission > Pages: 8 > URL: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.txt > Status: https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ > HTML: https://www.ietf.org/archive/id/draft-tls-reddy-slhdsa-00.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-slhdsa > > Abstract: > > This memo specifies how the post-quantum signature scheme SLH-DSA > [FIPS205] is used for authentication in TLS 1.3. > > >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
