Two logical nits: On 25-Jun-26 05:36, Michael Richardson wrote:
...
When EcDSA is supported, curves secp256r1 and secp384r1 SHOULD be supported. When EdDSA is supported, curves Ed25519 and Ed448 SHOULD be supported. When RSA is supported, sizes of at least 2048 bits SHOULD be supported, with support for sizes up to 4096 bits as RECOMMENDED.
SHOULD and RECOMMENDED mean exactly the same thing per RFC2119, so surely you mean simply: When RSA is supported, sizes up to 4096 bits SHOULD be supported.
Of the above, EcDSA SHOULD be supported by all implementations, until some quantum-safe variant is standardized. ---- I don't know whether my "until..." will fly...
The problem in that sentence is "SHOULD". Are you trying to make EcDSA the MTI? If so it has to be "MUST... until...". However, I do question whether the "until" clause is useful. If a valid PQ mechansim is standardized at some point in the future, implementers of 8366bis won't spontaneously know about it, and if two such mechanisms are standardized, they won't spontaneously know which one is the new MTI. Also, maybe they need to drop all the old mechanisms in favour of PQ mechanisms. So in reality a new RFC would be needed to update 8366bis. I don't think "until" can do that much work. "Post-quantum security considerations are not addressed in this memo." ? (Not entirely joking.) Brian _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
