Hi,
I am cornered with the current PR #53 suggesting that SP 800-227 “provides
general guidance”. This is not a correct description.
As stated in FIPS 203, SP 800-227 provides requirements for the use of ML-KEM
in applications. TLS 1.3 is such an application.
Unless the working group wants to discuss each requirement in detail, I would
suggest just adding:
”As stated in FIPS 203 {{FIPS203}}, SP 800-227 {{NIST-SP-800-227}} provides
requirements for the use of ML-KEM in applications.”
In general, I think it is very important that IETF follows NIST requirements
when using a NIST algorithms like ML-KEM.
Cheers,
John
https://github.com/tlswg/tls-ecdhe-mlkem/pull/53
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
