Unlike TLS itself defines cipher suites, ECH just depends on the HPKE registry from RFC 9180 ( https://www.iana.org/assignments/hpke/hpke.xhtml#hpke-aead-ids). While there aren't currently any PQ-safe HPKE IDs registered, we do have proposals for them ( https://www.ietf.org/archive/id/draft-connolly-cfrg-hpke-mlkem-04.html) and when one is registered, ECH should "just work", so I don't think there probably is an action here for ECH.
-Ekr On Mon, Nov 11, 2024 at 1:48 AM Gianpaolo Angelo Scalone, Vodafone <Gianpaolo-Angelo.Scalone=40vodafone....@dmarc.ietf.org> wrote: > Hi, not sure if this has to go under ECH or under DNS SVCB/HTTPS RR, but > given current status ECH will provide E2E privacy today , but is not > Quantum Safe. > > Would it make sense to have a specific section on making ECH quantum safe > and provide privacy also in perspective? > > C2 General > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
