Bas Westerban wrote >X25519+ML-KEM will be acceptable for FIPS Yes. I don’t see any need for P-256 hybrids. X25519+ML-KEM or just ML-KEM will both be acceptable for FIPS and should be enough for most users.
I think it is very important to choose very fast algorithms. More ephemeral key exchange leads to better security and privacy. People wanting to do pervasive monitoring often argue for purely symmetrical key exchange. Cheers, John Preuß Mattsson Sent from Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Bas Westerbaan <bas=40cloudflare....@dmarc.ietf.org> Sent: Monday, June 3, 2024 10:32 PM To: Stephen Farrell <stephen.farr...@cs.tcd.ie> Cc: Andrei Popov <Andrei.Popov=40microsoft....@dmarc.ietf.org>; Salz, Rich <rsalz=40akamai....@dmarc.ietf.org>; tls@ietf.org <tls@ietf.org> Subject: [TLS]Re: [EXTERNAL] Re: Curve-popularity data? X25519+ML-KEM will be acceptable for FIPS, just like P-256+Kyber is today. We just need to wait for the final standard, and (crucially) for the verified modules with ML-KEM. On Mon, Jun 3, 2024 at 8:56 PM Stephen Farrell <stephen.farr...@cs.tcd.ie<mailto:stephen.farr...@cs.tcd.ie>> wrote: I'm afraid I have no measurements to offer, but... On 03/06/2024 19:05, Eric Rescorla wrote: > The question is rather what the minimum set of algorithms we need is. My > point is that that has to include P-256. It may well be the case that > it needs to also include X25519. Yep, the entirely obvious answer here is we'll end up defining at least x25519+PQ and p256+PQ. Arguing for one but not the other (in the TLS WG) seems pretty pointless to me. (That said, the measurements offered are as always interesting, so the discussion is less pointless than the argument:-) Cheers, S. _______________________________________________ TLS mailing list -- tls@ietf.org<mailto:tls@ietf.org> To unsubscribe send an email to tls-le...@ietf.org<mailto:tls-le...@ietf.org>
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
