Apologies. I was getting a bit off topic. My point was that the crypto review panel could benefit from not only nist multi year pqc but also -- as a suggestion -- from projects like openssh who are deploying pqc ahead of others.
On Mon, 23 Mar 2026, 13:15 Filippo Valsorda, <[email protected]> wrote: > 2026-03-23 07:56 GMT+01:00 Loganaden Velvindron <[email protected]>: > > There are also open source projects like OpenBSD which have integrated > sntrup761 in hybrid mode > within OpenSSH for a long time. > > With security companies like Qualys constantly trying to find new > vulnerabilities in openssh, > I'm pretty sure that they would have found a vulnerability in > x25519sntrup761 kex codebase by now ? > > > OpenSSH added mlkem768x25519-sha256 in version 9.9 (2024-09-19) and made > it the default in 10.0 (2025-04-09). It also > switched sntrup761x25519-sha512 implementation in version 9.9, so its > Streamlined NTRUPrime implementation is at best as scrutinized as its > ML-KEM one (while many other languages and libraries don't have > production Streamlined NTRUPrime code at all). > > Anyway, it's not clear to me what that has to do with this document. >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
