Hi all, I have just pushed a minor update to the AuthKEM [1] and AuthKEM-PSK [2] drafts. I also have a new “reference” implementation of AuthKEM.
AuthKEM allows authentication via KEM public keys, which in particular might save a lot of handshake traffic if you can replace ML-DSA by ML-KEM. This approach is particularly interesting if we can mitigate the overhead of the other signatures of the handshake using e.g. Merkle Tree Certificates. The reference implementation lives at [3]. I have only implemented AuthKEM server authentication right now; PSK and client auth will follow at some later point. The diff with the main branch of Rustls [4] might be particularly interesting if you want to see what the impact of an implementation of AuthKEM might be. Note that a large part of this diff is just instantiating Rustls' pluggable crypto provider API. The updates to the drafts include some things that I found when implementing the specified scheme, and I pinned some code points for experimental use (though with a note that these are not stable). As always, if you have questions or comments, you know where to find us. Cheers, Also on behalf of my co-authors, Thom [1]: https://datatracker.ietf.org/doc/draft-celi-wiggers-tls-authkem/ [2]: https://datatracker.ietf.org/doc/draft-wiggers-tls-authkem-psk/ [3]: https://github.com/kemtls/rustls-authkem/ [4]: https://github.com/rustls/rustls/compare/rustls:793553e...kemtls:a9ca69b
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
