The proposed structure makes sense to me. It will hopefully result in no more than one approach to composite or hybrid auth in TLS.
Cheers, Andrei From: Eric Rescorla <[email protected]> Sent: Thursday, June 25, 2026 1:24 PM To: Scott Fluhrer (sfluhrer) <[email protected]> Cc: <[email protected]> <[email protected]> Subject: [EXTERNAL] [TLS] Re: Upleveling on PQ + T signatures for TLS On Thu, Jun 25, 2026 at 1:21 PM Scott Fluhrer (sfluhrer) <[email protected]<mailto:[email protected]>> wrote: If you're taking an informal poll, then my opinions would be: I was actually trying to suggest a structure for going forward, perhaps starting with a presentation/discussion on (1) in Vienna. -Ekr 1: Yes 2: I'd suggest adopting the draft draft-reddy-tls-composite-mldsa - it is the technically the simplest from a TLS perspective. ________________________________ From: Stephen Farrell <[email protected]<mailto:[email protected]>> Sent: Thursday, June 25, 2026 4:14 PM To: Eric Rescorla <[email protected]<mailto:[email protected]>>; <[email protected]<mailto:[email protected]>> <[email protected]<mailto:[email protected]>> Subject: [TLS] Re: Upleveling on PQ + T signatures for TLS Hiya, On 25/06/2026 19:17, Eric Rescorla wrote: > > 1. Form a WG opinion on whether we need to do simultaneous > PQ + T at all. > > 2. Assuming the answer to (1) is yes then try to pick one > approach for doing it. The above seems reasonable. ISTM the opinions of those maintaining (web) server packages are needed to do step 2 above as the various approaches have consequences for acquiring and managing server credentials. Cheers, S.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
