Is there WG consensus for registering code points? To my understanding, OpenSSL 3.5 LTS already uses the unregistered numbers in the draft.
John From: Joseph Salowey <[email protected]> Date: Tuesday, 19 August 2025 at 16:41 To: TLS List <[email protected]> Subject: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3 Thanks to everyone who participated in this call. While we had more people respond to this call than the previous one, however, the ratio of the pros and cons was similar making the consensus rough. The lack of a motivating use case was a common reason for being against adoption. The chairs feel that the following is the best approach to move forward: Adopt the draft and park it until there is sufficient external interest to publish it such as usage in another standard or a groundswell of significant implementations. Adoption turns control of the document to the working group which can then put appropriate disclaimers on its use and a RFC would not be published without a driving use case. While this is not the normal process for the working group there have been instances in the past to hold a document such as for TLS hybrid key exchange and ECH. We realize that this is not ideal for either side of the issue, but we feel this approach meets the needs of both parts of the community. Thanks, Joe, Sean, and Deirdre On Mon, Jul 14, 2025 at 2:06 PM Sean Turner <[email protected]<mailto:[email protected]>> wrote: We kicked off an adoption call for Use of SLH-DSA in TLS 1.3; see [0]. We called consensus [1], and that decision was appealed. We have reviewed the messages and agree that we need to redo the adoption call to get more input. What appears to be the most common concern, which we will take from Panos' email, is that "SLH-DSA sigs are too large and slow for general use in TLS 1.3 applications". One way to address this concern is to add an applicablity statement to address this point. We would like to propose that this (or something close to this) be added to the I-D: Applications that use SLH-DSA need to be aware that the signatures sizes are large; the signature sizes for the cipher suites specified herein range from 7,856 to 49,856 bytes. Likewise, the cipher suites are considered slow. While these costs might be amoritized over the cost of a long lived connection, the cipher suites specified herein are not considered for general use in TLS 1.3. With this addition in mind, we would like to start another WG adoption call for draft-reddy-tls-slhdsa. If you support adoption with the above text (or something similar) and are willing to review and contribute text, please send a message to the list. If you do not support adoption of this draft with the above text (or something similar), please send a message to the list and indicate why. This call will close at 2359 UTC on 28 July 2025. Cheers, Deirdre, Joe, and Sean [0] https://mailarchive.ietf.org/arch/msg/tls/o4KnXjI-OpuHPcB33e8e78rACb0/ [1] https://mailarchive.ietf.org/arch/msg/tls/hhLtBBctK5em6l82m7rgM6_hefo/ [2] https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/ _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
