On Mon, Nov 6, 2023 at 5:40 PM Kampanakis, Panos <kpanos= [email protected]> wrote:
> > Concretely, after ML-KEM is finished, I was planning to update > draft-schwabe-cfrg-kyber to match it, and proposing to register a codepoint > for a single ML-KEM-768 hybrid in draft-ietf-tls-hybrid-design. > > > > Agreed, but I would suggest three (x25519-mlkem768, p256-mlkem768, > p384-mlkem1024) to cover FIPS and CNSA 2.0 compliance. More than three > combinations is unnecessary imo. > x25519-mlkem768 will be FIPS thanks to mlkem768. Have you seen x25519 is in SP 800-186 now? So I say we can leave out p256-mlkem768. Best, Bas >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
