If you're taking an informal poll, then my opinions would be: 1: Yes
2: I'd suggest adopting the draft draft-reddy-tls-composite-mldsa - it is the technically the simplest from a TLS perspective. ________________________________ From: Stephen Farrell <[email protected]> Sent: Thursday, June 25, 2026 4:14 PM To: Eric Rescorla <[email protected]>; <[email protected]> <[email protected]> Subject: [TLS] Re: Upleveling on PQ + T signatures for TLS Hiya, On 25/06/2026 19:17, Eric Rescorla wrote: > > 1. Form a WG opinion on whether we need to do simultaneous > PQ + T at all. > > 2. Assuming the answer to (1) is yes then try to pick one > approach for doing it. The above seems reasonable. ISTM the opinions of those maintaining (web) server packages are needed to do step 2 above as the various approaches have consequences for acquiring and managing server credentials. Cheers, S.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
