[TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3

Tue, 19 Aug 2025 10:36:01 -0700 

I had the memory that Victor said so in the TLS thread about OpenSSL 3.5 
supporting ML-KEM, ML-DSA, and SLH-DSA. But looking it up Victor only mentioned 
ML-DSA. Thanks for the clarification.

Cheers,
John

From: Peter C <Peter.C=40ncsc.gov...@dmarc.ietf.org>
Date: Tuesday, 19 August 2025 at 18:46
To: Filippo Valsorda <fili...@ml.filippo.io>, John Mattsson 
<john.matts...@ericsson.com>
Cc: TLS List <tls@ietf.org>
Subject: RE: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3
It added support for draft-ietf-lamps-x509-slhdsa, not for this.

Peter

From: Filippo Valsorda <fili...@ml.filippo.io>
Sent: 19 August 2025 17:34
To: John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org>
Cc: TLS List <tls@ietf.org>
Subject: [TLS] Re: Second WG Adoption Call for Use of SLH-DSA in TLS 1.3

2025-08-19 17:34 GMT+02:00 John Mattsson 
<john.mattsson=40ericsson....@dmarc.ietf.org<mailto:40ericsson....@dmarc.ietf.org>>:

To my understanding, OpenSSL 3.5 LTS already uses the unregistered numbers in 
the draft.

I also had that impression, but Viktor corrected me in another thread. See 
excerpt below.

2025-05-19 13:53 GMT+02:00 Viktor Dukhovni 
<ietf-d...@dukhovni.org<mailto:ietf-d...@dukhovni.org>>:
On Mon, May 19, 2025 at 01:29:40PM +0200, Filippo Valsorda wrote:

> 2025-05-19 12:41 GMT+02:00 John Mattsson 
> <john.matts...@ericsson.com<mailto:john.matts...@ericsson.com>>:

> > OpenSSL 3.5 has already shipped with the Values 0x0911 – 0x91C that
> > are in the draft.
>
> Frankly, this is a bit irritating, especially given the precedent of
> seed encodings, where we all got saddled with a fractal encoding to
> appease the "legacy" of a handful of early adopters. Now OpenSSL ships
> a production feature in a LTS version with 12 commandeered
> unregistered codepoints from the public range. Ok.

OpenSSL 3.5 DOES NOT have TLS codepoints for SLH-DSA.  I don't know
where John Mattsson got that impression.  The only PQ signature TLS
codepoints in OpenSSL 3.5 are:

    
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme

    0x0904  mldsa44     N   [draft-tls-westerbaan-mldsa-00]
    0x0905  mldsa65     N   [draft-tls-westerbaan-mldsa-00]
    0x0906  mldsa87     N   [draft-tls-westerbaan-mldsa-00]



_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to