Because that’s what CNSA requires. Regards, Uri
> On Mar 29, 2023, at 00:45, Kampanakis, Panos <kpa...@amazon.com> wrote: > > > > > I would also like secp384r1_kyber1024 option, please. > > Why do you up the ECDH curve sec level with Kyber1024? It adds unnecessary > size to the keyshare. like secp384r1_kyber768 combines two equivalent > security levels. > Those that want to be extra conservative can go secp521r1_kyber1024 which > won’t be much worse than secp384r1_kyber1024 in performance or size. > > > > From: TLS <tls-boun...@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL > Sent: Tuesday, March 28, 2023 10:40 PM > To: Krzysztof Kwiatkowski <k...@amongbytes.com>; Christopher Wood > <c...@heapingbits.net> > Cc: TLS@ietf.org > Subject: RE: [EXTERNAL][TLS] Consensus call on codepoint strategy for > draft-ietf-tls-hybrid-design > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > Can we add secp256r1_kyber768 option for those who prefer NIST curves? > > I support this. > > I would also like secp384r1_kyber1024 option, please. > > Thanks
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
