On Sun, Jul 20, 2025 at 07:44:35AM +0000, John Mattsson wrote:
> For many infrastructure use cases of TLS/DTLS/QUIC, the performance of
> the initial handshake is not very important. OpenSSL 3.5 LTS already
> has support of SLH-DSA.
Though, for the record, that support does not currently extend to of the
SLH-DSA variants as a **TLS** signature algorithms. One obvious reason
is of course absense of corresponding codepoints. And these would
likely not be included in the default sigalg lists send by clients or
servers, so would need to be explicitly used in a non-default
"SignatureAlgorithms" setting.
The above is merely a clarification, not an indication of either support
for or opposition to adoption. I'm not strongly inclined towards either
position. For those in a hurry to see this done, Do all the SLH
parameter sets need to be adopted? Or is a subset sufficient for the
immediate use-cases?
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
