On 8 July 2017 at 05:40, Russ Housley <[email protected]> wrote: > The TLS WG wants to work on a a way to combine a PSK with (EC)DH after the > current specification is finished for quantum protection.
TLS 1.3 allows this already. The drawback being that you need to get the PSK. At the moment, this means talking to the server once before in most cases. I thought that the PQ plan was to add a new key exchange paired with ECDH, along the lines of what was proposed in draft-whyte-qsh-tls13-01 (I recall someone asking CFRG for advice on combining of the outputs, but that doesn't seem to have gone anywhere). _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
