Eric Rescorla wrote: >Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys?
No reuse of ephemeral keys is always bad. John From: Eric Rescorla <[email protected]> Date: Saturday, 2 November 2024 at 02:09 To: John Mattsson <[email protected]> Cc: Filippo Valsorda <[email protected]>, Rich Salz <[email protected]>, Bas Westerbaan <[email protected]>, [email protected] <[email protected]> Subject: Re: [TLS] Re: MLKEM or Khyber KX On Fri, Nov 1, 2024 at 11:30 AM John Mattsson <[email protected]<mailto:[email protected]>> wrote: >and would warmly welcome it being a MUST in the IETF specification of the ML-KEM TLS hybrids. +1 Let’s try to make that happen https://github.com/post-quantum-cryptography/draft-kwiatkowski-tls-ecdhe-mlkem/pull/25 Is reuse of ML-KEM keys worse in some way than the reuse of ECDHE keys? -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
