The thread starts with “Due to this, Cisco has preliminarily considered Kyber unusable” This is obviously not true anymore as Scott very clearly stated that Cisco wants to see both hybrid and non-hybrid ML-KEM standardized, and that they want to implement and ship both. I agree with Scott. Also, I think Cisco was quite clear on that if the IPR uncertainties regarding ML-KEM was not addresses, which they were, they wanted NTRU, not NTRU Prime https://datatracker.ietf.org/doc/html/draft-fluhrer-cfrg-ntru-01
Mozilla is obviously shipping ML-KEM in Firefox. I am an avid user of Firefox, and I am happy to see X25519MLKEM768 on more and more webpages. Cheers, John From: Loganaden Velvindron <logana...@gmail.com> Date: Monday, 23 December 2024 at 02:56 To: Rob Sayre <say...@gmail.com> Cc: TLS List <tls@ietf.org> Subject: [TLS] Re: PQ Cipher Suite I-Ds: adopt or not? If there are some patent concerns regarding ML-KEM going forward, Would considering NTRU-Prime as a less risky option for TLS Kex? (Please see this thread: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdiscourse.mozilla.org%2Ft%2Fpatent-license-for-kyber%2F128114&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893766686%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Fi1LM1Q49lgZfAwBOQf5HhvEXZccY%2Bjk9VXHg6yHEaU%3D&reserved=0)<https://discourse.mozilla.org/t/patent-license-for-kyber/128114> There is a section about patents here: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fntruprime.cr.yp.to%2Fwarnings.html&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893782148%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=T%2B2Ggx2ZxAV%2BCwqSvtrUlptlGHO9iYCFpCYf4Cq3xlA%3D&reserved=0<https://ntruprime.cr.yp.to/warnings.html> On Tue, 17 Dec 2024 at 02:53, Rob Sayre <say...@gmail.com> wrote: > > Hi, > > I only support an adoption call for this one: > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-kwiatkowski-tls-ecdhe-mlkem%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cb49fe1a69fb24e159b5808dd22f5004a%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638705157893792936%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=D3lsZ10f5cHom9RHdadaPqHt0bSWb6Q6Cz53MBbq1PM%3D&reserved=0<https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/> > > The other ones seem like they could wait, carefully noting that postponement > is not a "no" vote. > > thanks, > Rob > > > > > On Mon, Dec 16, 2024 at 2:21 PM Martin Thomson <m...@lowentropy.net> wrote: >> >> On Tue, Dec 17, 2024, at 08:59, Sean Turner wrote: >> > Is the WG consensus to run four separate adoption calls for the >> > individual I-Ds in question? >> >> I would like to see adoption calls for the key exchange modes and not the >> signature modes. The key exchange documents are both more ready and more >> urgent. >> >> The question of whether to set Recommended = Y for any particular choice is >> separable and can wait. Keep things as Recommended = N for now. >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-le...@ietf.org > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
