On Sun, Mar 15, 2026 at 8:51 PM Eric Rescorla <[email protected]> wrote:
> Per the discussion in today's meeting. > > ISTM that the main intent is to entirely preclude the use of PQ with > TLS 1.2. In that case, I think we should probably say: > > - Clients MUST NOT advertise these code points unless they > are advertising TLS 1.2 as well as TLS 1.3. > This should say TLS 1.3 as well as TLS 1.2, or, as Rich says "unless they are advertising TLS 1.3" > > - Servers MUST NOT advertise these code points unless they > have negotiated TLS 1.3 or above. > > - If TLS 1.2 is negotiated, servers MUST NOT send > certificates which are signed by or contain keys using > these algorithms. > > -Ekr > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
