Because that’s what CNSA requires. Regards, Uri
> On Mar 29, 2023, at 00:45, Kampanakis, Panos <[email protected]> wrote: > > > > > I would also like secp384r1_kyber1024 option, please. > > Why do you up the ECDH curve sec level with Kyber1024? It adds unnecessary > size to the keyshare. like secp384r1_kyber768 combines two equivalent > security levels. > Those that want to be extra conservative can go secp521r1_kyber1024 which > won’t be much worse than secp384r1_kyber1024 in performance or size. > > > > From: TLS <[email protected]> On Behalf Of Blumenthal, Uri - 0553 - MITLL > Sent: Tuesday, March 28, 2023 10:40 PM > To: Krzysztof Kwiatkowski <[email protected]>; Christopher Wood > <[email protected]> > Cc: [email protected] > Subject: RE: [EXTERNAL][TLS] Consensus call on codepoint strategy for > draft-ietf-tls-hybrid-design > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > Can we add secp256r1_kyber768 option for those who prefer NIST curves? > > I support this. > > I would also like secp384r1_kyber1024 option, please. > > Thanks
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
