Hi Dan,
If memory serves, this came via discussion on the list in July 2021 after my
presentation at IETF 105. At the time we presented a choice between two main
approaches: one where each part of the combination was fully negotiated with
corresponding data structures for everything, and a sim
> -Original Message-
> From: TLS On Behalf Of Douglas Stebila
> We wanted to see if there is any further feedback on our draft "Hybrid key
> exchange in TLS 1.3" ... We have not received any new feedback from the
working group
> since we posted our last non-trivial update in October 2020.
Hi Douglas,
Your general approach paves the way for improved forward security, as
insurance against new attacks, a non-negligible risk (*). So, the TLS WG
should advance it soon. Sorry, that I've not yet looked at the details, but
I trust that your I-D is good.
Best regards,
Dan
PS
(*) The
On Jul 7, 2021, at 09:26, Salz, Rich wrote:
>
> PQ OID's came up in the LAMPS working group, which seems to want to defer to
> NIST. You should maybe cross-post your note there.
Hi Rich,
Unless I'm mistaken, OIDs are relevant to TLS in the context of signatures, but
not key exchange; TLS def
Thanks Martin. All makes sense, and I'll incorporate in a revision. Though at
this point changing the word "hybrid" to "composite" would be a rather big
rewrite so I'll omit that unless there are very strong objections to the word
hybrid.
Douglas
> On Jul 6, 2021, at 21:53, Martin Thomson
PQ OID's came up in the LAMPS working group, which seems to want to defer to
NIST. You should maybe cross-post your note there.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
I just took a look. I didn't read the (large) appendices, though I appreciate
that they have value.
The draft is largely in good shape. I have a few minor concerns.
I don't think that you want to reserve the hybrid_private_use(0x2F00..0x2FFF)
range of values. There were specific reasons for
I personally do not find the proposed approach appealing (or even useful).
There are three possibilities.
a. Quantum computers capable of breaking crypto (QC) become practical *and*
NIST PQC winner(s) resist both quantum and classic attacks;
b. QC become practical, and NIST PQC candidates fail (
Dear TLS working group,
We wanted to see if there is any further feedback on our draft "Hybrid key
exchange in TLS 1.3"
(https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) and what steps
are required for it to advance further. We have not received any new feedback
from the workin
