Hiya, On 21/02/2020 21:24, Scott Fluhrer (sfluhrer) wrote: > What it tries to address is "once we have an > approved algorithm, how do we integrate it into TLS".
Except that we do not have an approved algorithm. We have 17 round 2 KEMs with vastly different properties. Even when NIST are done that number seems likely to be >1. > Surely it > would be better to get that preliminary work out of the way first, > rather than waiting for the NIST process to conclude, and then start > spending the time working on the integration process. Given the range of differences in sizes of public values, CPU etc and the fact that we don't know how those algs will be parameterised, I don't believe this is work that can be usefully gotten out of the way first. Cheers, S. PS: I do believe that we'll want to mix NIST PQC algs with classic DH after we know the details of the PQC algs, just not before.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls