On Fri, Nov 15, 2024, 8:52 PM Andrey Jivsov <cry...@brainhub.org> wrote:
> On Fri, Nov 15, 2024 at 3:56 PM Watson Ladd <watsonbl...@gmail.com> wrote: > >> ... >> Why not hash based signatures? >> > > I think that the stateful ones are perfectly suited for certifications in > X.509 certs, but in the TLS handshake this has to be Sphincs+, at 16.2KB > per signature at the AES-192 security level. In addition to size concerns, > it's not allowed in CNSA 2.0. Are vendors considering SPHINCS+ for this > purpose? > If CNSA 2.0 is the guide why consider hybrids? >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
