On Wed, Mar 13, 2024 at 3:07 PM Blumenthal, Uri - 0553 - MITLL < [email protected]> wrote:
> Also, what are the WG's thoughts on including standalone PQC signatures in > the same draft? > > > > I think that including standalone PQC sigs would be very desirable. > I don't think there is any particular reason to include PQC signatures in the same draft as PQ key establishment. In TLS 1.3, key establishment and signature are orthogonal concepts, and it will be easier to review if they are kept in separate documents. -Ekr > > > > *From:* TLS <[email protected]> *On Behalf Of *Deirdre Connolly > *Sent:* Tuesday, March 5, 2024 9:15 PM > *To:* [email protected] > *Subject:* [TLS] ML-KEM key agreement for TLS 1.3 > > > > I have uploaded a preliminary version of ML-KEM for TLS 1.3 > <https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/> > and have a more fleshed out > <https://github.com/dconnolly/draft-tls-mlkem-key-agreement> version to > be uploaded when datatracker opens. It is a straightforward new > `NamedGroup` to support key agreement via ML-KEM-768 or ML-KEM-1024, in a > very similar style to -hybrid-design > <https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/>. > > > > It will be nice to have pure-PQ options (that are FIPS / CNSA 2.0 > compatible) ready to go when users are ready to use them. > > > > Cheers, > > Deirdre > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
