> > On 8 Nov 2023, at 8:34, Loganaden Velvindron
wrote:
> >
> > I support moving forward with hybrids as a proactively safe deployment
> > option. I think that supporting
> > only Kyber for KEX is not enough. It would make sense to have more
options.
> >
> > Google uses NTRU HRSS internally:
> >
Hi Paul,
We are unable to verify this erratum that the submitter marked as editorial.
Please note that we have changed the “Type” of the following errata
report to “Technical”. As Stream Approver, please review and set the
Status and Type accordingly (see the definitions at
Agreeing on security gains from hybrid.
Should TLS ask CFRG (again?) what to do about PQC?
> From: D. J. Bernstein
>
> Yoav Nir writes:
> > To justify a hybrid key exchange you need people who are both worried
> > about quantum computers and worried about cryptanalysis or the new
> >
> On 8 Nov 2023, at 8:34, Loganaden Velvindron wrote:
>
> I support moving forward with hybrids as a proactively safe deployment
> option. I think that supporting
> only Kyber for KEX is not enough. It would make sense to have more options.
>
> Google uses NTRU HRSS internally:
>
John Mattsson writes:
> NIST does not deserve any criticism for continuing to evaluate SIKE.
The NIST actions that I quoted go far beyond "continuing to evaluate
SIKE". NIST explicitly pointed to SIKE as part of its official rationale
for throwing away FrodoKEM and delaying a decision on Classic
On Wed, Nov 08, 2023 at 03:54:05AM +, Andrei Popov wrote:
> A few concerns I have with this extension:
>
> 1. Privacy: clients broadcasting intent to identify themselves to
> anyone who asks. I know, this is intended for crawler bots, but the
> TLS stack does not know whether our
