Christian Huitema <huit...@huitema.net> wrote:
> To summarize, the QUIC handshake will require an extra RTT:
> * if the server flight is larger than 3 times the Client Hello,
> * if the Client Hello is larger than 12,000 bytes,
> * if the Server Hello is larger than 12,000 bytes.
> If would be very nice to have PQC variants that fit inside that budget.
might it be worth doing a "legacy" crypto operation first, even if that is
broken by a CRQC, if the time to break it is less than the RTT?
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
