Re: [TLS] tlsflags and "responses"

2022-02-21 Thread Yoav Nir
I have just submitted PR #20 to allow unacknowledged flags. It is a rewrite of section 3 (rules) https://github.com/tlswg/tls-flags/pull/20 It still requires that the flag extension not be sent when empty. Let me know if that’s a problem as well.

Re: [TLS] tlsflags and "responses"

2022-02-23 Thread Yoav Nir
Hi. I have merged the PR following review and proposed changes by Chris and Martin Thomson. The only point that remains open is Ekr’a suggestion to allow (require?) sending the extension when empty. Yoav > On 22 Feb 2022, at 7:35, Yoav Nir wrote: > > I have just submitted PR #20

Re: [TLS] [EXT] Re: What is the TLS WG plan for quantum-resistant algorithms?

2023-11-06 Thread Yoav Nir
> On 7 Nov 2023, at 0:29, Blumenthal, Uri - 0553 - MITLL > wrote: > > Do we want rfc describing the final NIST standards? And for which? I'm ok > with that — in this order of priority: ml-kem, ml-dsa, slh-dsa. > > Probably yes, and in the order you described. Sure, as long as by

Re: [TLS] What is the TLS WG plan for quantum-resistant algorithms?

2023-11-06 Thread Yoav Nir
> On 6 Nov 2023, at 21:44, Watson Ladd wrote: > > > > On Mon, Nov 6, 2023, 10:07 AM Kris Kwiatkowski > wrote: >> So, based on FIPS 140-3 I.G., section C.K., resolution 5, [1]. "SP800-186 >> does not impact the curves permitted under SP 800-56Arev3. Curves that

Re: [TLS] What is the TLS WG plan for quantum-resistant algorithms?

2023-11-07 Thread Yoav Nir
For signatures or keys in something like a certificate, I understand how you would want to have both the PQ and classical keys/sigs in the same structure, so satisfy those who want the classical algorithm and those who prefer the post-quantum. For key exchange? For the most part a negotiation

Re: [TLS] What is the TLS WG plan for quantum-resistant algorithms?

2023-11-08 Thread Yoav Nir
> On 8 Nov 2023, at 8:34, Loganaden Velvindron wrote: > > I support moving forward with hybrids as a proactively safe deployment > option. I think that supporting > only Kyber for KEX is not enough. It would make sense to have more options. > > Google uses NTRU HRSS internally: >

Re: [TLS] Can flags be responded to with an extension?

2022-05-23 Thread Yoav Nir
at 19:21, Benjamin Kaduk wrote: > > Hi Ekr, > > On Mon, May 09, 2022 at 08:56:26AM -0700, Eric Rescorla wrote: >> On Mon, May 9, 2022 at 8:43 AM Benjamin Kaduk > 40akamai@dmarc.ietf.org> wrote: >> >>> On Mon, May 09, 2022 at 06:10:43PM +0300, Yoav Nir

Re: [TLS] Can flags be responded to with an extension?

2022-05-09 Thread Yoav Nir
> On 14 Apr 2022, at 1:51, Benjamin Kaduk > wrote: > > On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric Rescorla wrote: >> Consider the case where the client wants to offer some capability that >> the server then responds to with real data, rather than just an >> acknowledgement. >> >> For

<    1   2   3