On Tue, Aug 19, 2025 at 8:35 AM John Mattsson <john.mattsson= [email protected]> wrote:
> Is there WG consensus for registering code points? To my understanding, > OpenSSL 3.5 LTS already uses the unregistered numbers in the draft. > Note that no WG consensus is needed to register code points, as the standard is Specification Required. -Ekr > > > John > > > > *From: *Joseph Salowey <[email protected]> > *Date: *Tuesday, 19 August 2025 at 16:41 > *To: *TLS List <[email protected]> > *Subject: *[TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3 > > Thanks to everyone who participated in this call. While we had more > people respond to this call than the previous one, however, the ratio of > the pros and cons was similar making the consensus rough. The lack of a > motivating use case was a common reason for being against adoption. The > chairs feel that the following is the best approach to move forward: > > > > Adopt the draft and park it until there is sufficient external interest to > publish it such as usage in another standard or a groundswell of > significant implementations. Adoption turns control of the document to the > working group which can then put appropriate disclaimers on its use and a > RFC would not be published without a driving use case. While this is not > the normal process for the working group there have been instances in the > past to hold a document such as for TLS hybrid key exchange and ECH. > > > > We realize that this is not ideal for either side of the issue, but we > feel this approach meets the needs of both parts of the community. > > > > Thanks, > > > > Joe, Sean, and Deirdre > > > > > > On Mon, Jul 14, 2025 at 2:06 PM Sean Turner <[email protected]> wrote: > > We kicked off an adoption call for Use of SLH-DSA in TLS 1.3; see [0]. We > called consensus [1], and that decision was appealed. We have reviewed the > messages and agree that we need to redo the adoption call to get more input. > > What appears to be the most common concern, which we will take from Panos' > email, is that "SLH-DSA sigs are too large and slow for general use in TLS > 1.3 applications". One way to address this concern is to add an > applicablity statement to address this point. We would like to propose that > this (or something close to this) be added to the I-D: > > Applications that use SLH-DSA need to be aware that the signatures sizes > are large; the signature sizes for the cipher suites specified herein range > from 7,856 to 49,856 bytes. Likewise, the cipher suites are considered > slow. While these costs might be amoritized over the cost of a long lived > connection, the cipher suites specified herein are not considered for > general use in TLS 1.3. > > With this addition in mind, we would like to start another WG adoption > call for draft-reddy-tls-slhdsa. If you support adoption with the above > text (or something similar) and are willing to review and contribute text, > please send a message to the list. If you do not support adoption of this > draft with the above text (or something similar), please send a message to > the list and indicate why. This call will close at 2359 UTC on 28 July 2025. > > Cheers, > Deirdre, Joe, and Sean > > [0] https://mailarchive.ietf.org/arch/msg/tls/o4KnXjI-OpuHPcB33e8e78rACb0/ > [1] https://mailarchive.ietf.org/arch/msg/tls/hhLtBBctK5em6l82m7rgM6_hefo/ > [2] https://datatracker.ietf.org/doc/draft-reddy-tls-slhdsa/ > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
