On Fri, Nov 15, 2024 at 8:45 AM Stephen Farrell <[email protected]> wrote: > > > > On 15/11/2024 10:51, Bas Westerbaan wrote: > > We have posted a -00. > > > > https://datatracker.ietf.org/doc/html/draft-tls-westerbaan-mldsa-00 > > I'm unenthusiastic but don't strongly oppose adoption of this and > similar drafts, mostly because I think we should try get some WG > consensus on guidance for when these things may be needed (if ever) > and what the consequences might be should people deploy 'em in the > meantime. (By 'em I mean anything with any kind of PQ sig or non > hybrid PQ key exchange.) That guidance might or might not be in a > separate document, or be copied into each relevant one.
What part of "rough consensus and running code" says "wait for depoloyment until we have even more documents done?" Personally i think we are going to need something better than ML-DSA for the webPKI, probably different schemes at each hop. > > Cheers, > S. > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Astra mortemque praestare gradatim _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
