[TLS] Re: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt

Viktor Dukhovni Tue, 18 Mar 2025 06:09:16 -0700

On Tue, Mar 18, 2025 at 05:30:36PM +0700, Kris Kwiatkowski wrote:

> Thanks for reporting that (again). Indeed, I was hoping this text
> could be added to draft-ietf-tls-hybrid-design.
> 
> Please, let me know if this text properly addresses your concern:
> https://github.com/post-quantum-cryptography/draft-kwiatkowski-tls-ecdhe-mlkem/pull/35


I know that John has been quite vocal on this point, but does it actualy
reflect WG rough consensus?  In

    
https://github.com/post-quantum-cryptography/draft-kwiatkowski-tls-ecdhe-mlkem/pull/35#discussion_r2000985130

I ask:

    Why not document the pros/cons and let implementations decide?  Some
    clients (server-to-server routine traffic) have no reason to, and
    get no benefit if they do, avoid session linking.  Why shouldn't
    they amortise the cost of key generation via reuse of ML-KEM
    ephemeral keys?

-- 
    VIktor.

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

[TLS] Re: I-D Action: draft-kwiatkowski-tls-ecdhe-mlkem-03.txt

Reply via email to