> that mechanism is not deployable in some environments (I guess, ones with some > kind of strict FIPS-only requirement, though I'm not conversant in the details > of such an environment).
A question (not necessarily for Ben): Are there any concrete/specific environments that we know about that will need non-hybrid PQ KEMs for reasons other than national regulatory reasons? I don’t know of any, especially since NIST has clarified/changed the rules so that hybrid key agreement schemes AB are valid for FIPS if either A or B is valid, and also if it’s BA. I’ve spoken to many of our customers and internally explained things to product architects, and nobody has raised any concern. Now of course, I don’t speak to everyone, and Akamai has fewer customers than many of those involved here; perhaps they can say something. Suppose the payment card industry standards (PCI-DSS) says they want all terminals to move to PQ, and in particular MLKEM. Would that bother you?
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
