Hiya,
On 16/04/2025 02:53, Salz, Rich wrote:
I don’t know of any, especially since NIST has clarified/changed the rules so that hybrid key agreement schemes AB are valid for FIPS ifeither A or B is valid, and also if it’s BA.
Right, that kind of external tweaking/changing, as to what's ok or not, causes wasted effort, so if we end up dealing with that for N regulatory situations we may waste a lot of effort. For me, that argues to not adopt things where the only justification is based on those kinds of regulation. (As the ISE route is entirely viable.)
I’ve spoken to many of our customers and internally explained things to product architects, and nobody has raised any concern. Now of course, I don’t speak to everyone, and Akamai has fewer customers than many of those involved here; perhaps they can say something.
Suppose the payment card industry standards (PCI-DSS) says they want all terminals to move to PQ, and in particular MLKEM. Would that bother you?
Well, you know I'm easily bothered:-) If "move to PQ" meant no hybrid stuff for TLS, I'd really wonder why. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
