There are a number of Individual I-Ds that specify PQ cipher suite for TLS currently being developed that specify either “pure” PQ or composite/hybrid:
ML-KEM Post-Quantum Key Agreement for TLS 1.3; see https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/ <https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/> PQ hybrid ECDHE-MLKEM Key Agreement for TLSv1.3, see https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/ <https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/> I support adoption of these two now . Use of Composite ML-DSA in TLS 1.3; see https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/ <https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/> Use of SLH-DSA in TLS 1.3; see https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/ <https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/> I think these two can wait.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
