> On Feb 21, 2020, at 5:25 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > > On 21/02/2020 22:11, Watson Ladd wrote: > >> https://blog.cloudflare.com/towards-post-quantum-cryptography-in-tls/ >> https://blog.cloudflare.com/the-tls-post-quantum-experiment/ >> >> This was also presented at the NIST standardization workshop in October of >> 2019. > > Thanks. I read through [1]. It's fine work, but does not > convince me that this draft is ready to be an RFC before > the "winning" algs are known, as some have characteristics > that are quite different from the two that were tested > here. I maintain my position that adoption is fine but > finishing this before NIST are done is not. > > Cheers, > S. > > [1] > https://csrc.nist.gov/CSRC/media/Presentations/measuring-tls-key-exchange-with-post-quantum-kem/images-media/sullivan-session-1-paper-pqc2019.pdf > > <https://csrc.nist.gov/CSRC/media/Presentations/measuring-tls-key-exchange-with-post-quantum-kem/images-media/sullivan-session-1-paper-pqc2019.pdf>
These slides clearly indicate that an experiment is being performed. I encourage the experimentation, but I do not think that the TLS WG should adopt this draft. TLS 1.3 eliminated a lot of cruft from earlier versions. This is really good, and it make the security analysis much more tractable. We all know that adding complexity brings bugs. I would like adoption of a draft in this general direction after the NIST competition completes so that the TLS WG can focus on a small number of algorithms. Russ
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
