On Sat, Nov 9, 2024, 1:34 AM John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote:
> Hi, > > > > I just looked at the presentation from the TLS session. My views: > > > > - I think the order of P256 and MLKEM should be switched, irrespectively > of NIST's current discussion. Even if NIST do not change their current > specifications, I think long-term FIPS compliance is much more important > then short-term FIPS compliance. > > > If MLKEM is approved then X25519MLKEM768 would work. Yes this is a bit ugly but most devices can handle the extra code for both. - Don't touch X25519MLKEM768, not even the name. Just make it a rule that > the name is in the opposite order. > > > > - I think the draft should be adopted > > > > - I think the draft should be standards track > > > > - I think all three code points should be RECOMMENDED=Y > > > > - I think the draft should update RFC8446bis to make X25519MLKEM768 MTI. > I think IETF should send a clear message that TLS implementations should > migrate to quantum-resistant key exchange asap. X25519MLKEM768 is already > the de facto standard. At some point we need a quantum-resistant MTI and I > don't see any other option than X25519MLKEM768 and I don’t see any reason > to wait. Key exchange and signatures can be handled independently. > > > > Cheers, > > John > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
