I am against adoption. SLH-DSA sigs are too large and slow for general use in TLS 1.3 applications, especially since there are other options. I would support SLH-DSA in self-signed certs with CA:true with one of the upcoming smaller footprint SLH-DSA parameters (with 2^10) which could also be used in TLS cert chains.
-----Original Message----- From: Sean Turner <s...@sn3rd.com> Sent: Friday, May 16, 2025 9:27 AM To: TLS List <tls@ietf.org> Subject: [EXTERNAL] [TLS] WG Adoption Call for Use of SLH-DSA in TLS 1.3 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. We are continuing with our WG adoption calls for the following I-D: Use of SLH-DSA in TLS 1.3 [1]; see [2] for more information about this tranche of adoption calls. If you support adoption and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this draft, please send a message to the list and indicate why. This call will close at 2359 UTC on 30 May 2025. Reminder: This call for adoption has nothing to do with picking the mandatory-to-implement cipher suites in TLS. Cheers, Joe and Sean [1] https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/ [2] https://mailarchive.ietf.org/arch/msg/tls/KMOTm_lE5OIAKG8_chDlRKuav7c/ _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
