> Sure. On the same note – how do we know that there will be no new research findings about ECC? (Besides the fact that once CRQC is built, it becomes useless.)
Not useless. It would still be a good anti-ddos / cookies technique until each phone is a CRQC. The truth is probably somewhere in the middle – ratio of the desired/desirable targets to available CRQCs. I.e., IMHO, ECC will outlive its usefulness rather before “each phone is a CRQC”, but not immediately after MSS or NSA build their first one. Especially if you do an ECC exchange before a PQ exchange like a Classic McEliece. This is what the Additional KE (RFC9370) facilitates for IKEv2: https://datatracker.ietf.org/doc/rfc9370/ <https://datatracker.ietf.org/doc/rfc9370/> Yes, I know – we do the same (though for different reasons 😉). Thanks
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
