On Fri, Nov 15, 2024 at 3:56 PM Watson Ladd <[email protected]> wrote:
> ... > Why not hash based signatures? > I think that the stateful ones are perfectly suited for certifications in X.509 certs, but in the TLS handshake this has to be Sphincs+, at 16.2KB per signature at the AES-192 security level. In addition to size concerns, it's not allowed in CNSA 2.0. Are vendors considering SPHINCS+ for this purpose?
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
