The proposed structure makes sense to me. It will hopefully result in no more 
than one approach to composite or hybrid auth in TLS.

Cheers,

Andrei

From: Eric Rescorla <[email protected]>
Sent: Thursday, June 25, 2026 1:24 PM
To: Scott Fluhrer (sfluhrer) <[email protected]>
Cc: <[email protected]> <[email protected]>
Subject: [EXTERNAL] [TLS] Re: Upleveling on PQ + T signatures for TLS

On Thu, Jun 25, 2026 at 1:21 PM Scott Fluhrer (sfluhrer) 
<[email protected]<mailto:[email protected]>> wrote:
If you're taking an informal poll, then my opinions would be:

I was actually trying to suggest a structure for going forward, perhaps 
starting with a presentation/discussion on (1) in Vienna.

-Ekr


1: Yes

2: I'd suggest adopting the draft draft-reddy-tls-composite-mldsa - it is the 
technically the simplest from a TLS perspective.

________________________________
From: Stephen Farrell 
<[email protected]<mailto:[email protected]>>
Sent: Thursday, June 25, 2026 4:14 PM
To: Eric Rescorla <[email protected]<mailto:[email protected]>>; 
<[email protected]<mailto:[email protected]>> <[email protected]<mailto:[email protected]>>
Subject: [TLS] Re: Upleveling on PQ + T signatures for TLS


Hiya,

On 25/06/2026 19:17, Eric Rescorla wrote:
>
> 1. Form a WG opinion on whether we need to do simultaneous
>     PQ + T at all.
>
> 2. Assuming the answer to (1) is yes then try to pick one
>     approach for doing it.

The above seems reasonable. ISTM the opinions of those
maintaining (web) server packages are needed to do step
2 above as the various approaches have consequences for
acquiring and managing server credentials.

Cheers,
S.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to