Hi all, We are planning to replace X25519Kyber768Draft00 (0x6399) with X25519MLKEM768 (0x11ec) [1], a hybrid of ML-KEM-768 and X25519.
We will support X25519Kyber768Draft00 and X25519MLKEM768 at the same time for a while to allow clients the opportunity to migrate without losing post-quantum security. Apart from these two, we also supported X25519Kyber768Draft00 under codepoint 0xfe31 and X25519Kyber512Draft00 (0xfe30). We logged zero uses of these two in the last week with a 1/100 sample rate. We will disable 0xfe31, 0xfe30 over the common weeks. Best, Bas PS. Not sure I shared it here already, but we have public graph tracking client PQ key agreement deployment: https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption-adoption At the time of writing about 17% of all human traffic (by request count) with us is using X25519Kyber768Draft00. [1] https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
