Thanks.
Sounds real good.
On 07/03/2025 10:22, Tim Hudson wrote:
On Fri, Mar 7, 2025 at 7:01 PM Kris Kwiatkowski <k...@amongbytes.com> wrote:
May I know if you have a plan for FIPS certificaton for PQC after release?
Absolutely - OpenSSL-3.5 will be heading into a fresh FIPS140-3 validation
in April once the release is final - and that will include the PQC
algorithms that have been added.
Our testing for ML-KEM, ML-DSA and SLH-DSA uses ACVP published test data as
the basis along with some interesting scripts to get the test data into a
format our test suites support.
There is also a multi-vendor KMIP PQC interop running this week that has
vendors using OpenSSL-3.5 and Bouncy Castle Java 1.81 (beta) and that is
exercising the same ACVP tests via KMIP between KMIP clients and KMIP
servers - but that is in the context of the day job rather than OpenSSL -
see
https://groups.oasis-open.org/discussion/kmip-tc-interop-process-2025-for-pqcpdf-uploaded
as a starting point for information on that activity. That testing also
covers X25519MLKEM768 for those vendors which have that capability enabled.
ML-DSA certificates are not within the scope of that test activity.
There is also on-going discussion between vendors about a PKCS#11 v3.2 PQC
focused interop but timing and participants for that haven't yet been
figured out.
Tim
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
