On Fri, Mar 7, 2025 at 7:01 PM Kris Kwiatkowski <k...@amongbytes.com> wrote:
> May I know if you have a plan for FIPS certificaton for PQC after release? > Absolutely - OpenSSL-3.5 will be heading into a fresh FIPS140-3 validation in April once the release is final - and that will include the PQC algorithms that have been added. Our testing for ML-KEM, ML-DSA and SLH-DSA uses ACVP published test data as the basis along with some interesting scripts to get the test data into a format our test suites support. There is also a multi-vendor KMIP PQC interop running this week that has vendors using OpenSSL-3.5 and Bouncy Castle Java 1.81 (beta) and that is exercising the same ACVP tests via KMIP between KMIP clients and KMIP servers - but that is in the context of the day job rather than OpenSSL - see https://groups.oasis-open.org/discussion/kmip-tc-interop-process-2025-for-pqcpdf-uploaded as a starting point for information on that activity. That testing also covers X25519MLKEM768 for those vendors which have that capability enabled. ML-DSA certificates are not within the scope of that test activity. There is also on-going discussion between vendors about a PKCS#11 v3.2 PQC focused interop but timing and participants for that haven't yet been figured out. Tim
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
