Hi, Isn't this off-topic? The IETF can't stop you from having a meeting, but you're crossing the line by using IETF lists to advertise it.
thanks, Rob On Thu, Feb 27, 2025 at 11:08 PM John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote: > Hi, > > > > There was significant interest from several countries to have a > side-meeting on PQC at IETF 122 Bangkok, so Ericsson will organize such a > meeting on Monday 17 March 15.15 - 16.45 Bangkok time in Meeting Room 2 > [40 seats] (overlapping with Monday Session III). It is possible to > attend remotely. > > https://trello.com/c/nH9exeWo > > > > Potential discussion topics are listed below. There might be a few short > presentations to foster discussion, but the plan is to focus on dialogue > and discussion between people in the IETF and government stakeholders. > > > > Cheers, > > John Preuß Mattsson > > Expert, Cryptographic Algorithms and Security Protocols, Ericsson > > > Description > > *Time*: 15:15-16:45 > *Meeting Title:* PQC Dialogue with Government Stakeholders > *IETF Webex:* https://ietf.webex.com/meet/ietfsidemeeting2 > *Meeting Organizer*: John Preuß Matsson, Ericsson and Alexander Engström, > NDRE > *Email address*: john.matts...@ericsson.com > > *Meeting Description*: Potential discussion topics: > > - Recommended PQC algorithms (KEMs and signatures) > o ML-KEM, ML-DSA, SLH-DSA, FN-DSA, Classic McEliece, FrodoKEM, > BIKE/HQC, XMSS/LMS, … > o Security category 1,2,3,4,5? Does it depend on algorithm and use > case? > - Timelines for PQC migration > o When should migration begin? When will it be required? > o Does it depend on user, use case, protection lifetime, hardware vs > software, migration complexity, value of the protected node and data, > scheduled hardware replacement, etc.? > - Hybridization or standalone PQC > o Difference between KEMs and Signatures > o Differences between algorithms (e.g., lattice-based vs. hash-based) > o Differences between use cases (e.g., confidentiality vs. > authentication) > o Is hybridization a short-term necessity or a long-term strategy? > - Hybridization of PQC KEMs > o Single vs. multiple PQC algorithms? Role of symmetric keys? > o KEM combiners: general-purpose vs. optimized designs > o Which traditional curves? X25519/X448, NIST P-curves, Brainpool, … > - Hybridization of signatures > o Role of symmetric keys? > o Signature combiners, general or optimized? > o Desired properties: SUF-CMA? Other security properties? > o Which traditional signatures? EdDSA, ECDSA, RSA? > - KDF and hash functions > o ML-KEM and ML-DSA mandate SHA-3. > o Time to move away from SHA-2/HMAC/HKDF/MGF? > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
