> I encourage them to try it out. In many use cases hybrid PQ TLS 1.3 outperforms non-PQ TLS 1.2.
For several users, this is not a matter of performance [between “pure” and “hybrid” PQ]. >> There is a use case for MLKEM in the market of high-frequency >> trading. Apparently there were complaints from those users (eg >> traders) in the past about the performane impact of migrating >> to TLS 1.2. If there is a performance drop with TLS 1.3 with an >> MLKEM hybrid, then migration to PQ (or TLS 1.3) would stall. If >> they can offer a (even tiny) performance gain of TLS 1.3 MLKEM >> over TLS 1.2 ECDHE, then this individual would have a strong >> case to deploy PQ security. Otherwise, the traders will insist >> on waiting until a CRQC is publicly known to exist. > > The individual stated they are in favour of adoption the pure mlkem > document along with the hybrid document so people can pick either, > depending in their use cases. I personally fully support this position.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
