Some websites including Google is using the experimental ECC+Kyber hybrid solution, but Google and others still use AES-128, quantum computer can weaken 128-bit symmetric encryption to 64-bit security, it's the 1st concern. So the draft should only use AES-256. And NSA suggests 1024-dimensional MLKEM, the 2nd concern is that Google and others use MLKEM768. The 3rd concern is that the draft uses ECC in addition to Kyber. NIST has approved HQC (Hamming Quasi-Cyclic) in addition to the already approved ciphers, I suggest to switch from ECC+Kyber to HQC+Kyber; Since ECC is vulnerable to quantum computer, using ECC+Kyber is likely a false positive, so I think HQC+Kyber is better. In conclusion, I think there are 3 concerns.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
