Hi all, The draft looks ready to go to me, and I think that it would be good to mark at minimum X25519MLKEM768 with Recommended=Y — but I don’t think this should hold up this document.
On Bas’ point, it kind of seems that there are separate concerns for clients (more options lead to HRRs) and servers (more choice may be fine / desirable). This probably deserves its own discussion as it seems to go beyond the recommended column. Cheers, Thom > Op 7 okt 2025, om 16:51 heeft Eric Rescorla <[email protected]> het volgende > geschreven: > > I have reviewed this document and I think it is ready to go with > one exception, namely the Recommended column. > > The RFC 8447 standard for "Recommended=Y" is: > > Per this document, a "Recommended" column has been added to many of > the TLS registries to indicate parameters that are generally > recommended for implementations to support. > > I think there's a general expectation that we want people to > implement and deploy these algorithms, and I would expect > that the X25519 and P-256 versions to be widely deployed, > at least on the Web. Therefore, I think we should mark all of > these as Recommended=Y. I note that this would require > advancing this document as Proposed Standard. We should do > that as well. > > -Ekr > > > > > On Tue, Oct 7, 2025 at 6:47 AM Joseph Salowey <[email protected] > <mailto:[email protected]>> wrote: >> This is the working group last call for Post-quantum hybrid ECDHE-MLKEM Key >> Agreement for TLSv1.3. Please review draft-ietf-tls-ecdhe-mlkem [1] and >> reply to this thread indicating if you think it is ready for publication or >> not. If you do not think it is ready please indicate why. This call will >> end on October 22, 2025. >> >> Please note that during the WG adoption call, Dan Bernstein pointed out some >> potential IPR (see [2]), but no IPR disclosure has been made in accordance >> with BCP 79. Additional information is provided here; see [3]. >> >> BCP 79 makes this important point: >> >> (b) The IETF, following normal processes, can decide to use >> technology for which IPR disclosures have been made if it decides >> that such a use is warranted. >> >> WG members can take this information into account during the working group >> last call. >> >> Reminder: This working group last call has nothing to do with picking the >> mandatory-to-implement cipher suites in TLS. >> >> Cheers, >> Joe & Sean >> >> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ >> [2] https://mailarchive.ietf.org/arch/msg/tls/mt4_p95NZv8duZIJvJPdZV90-ZU/ >> [3] https://mailarchive.ietf.org/arch/msg/spasm/GKFhHfBeCgf8hQQvhUcyOJ6M-kI/ >> >> _______________________________________________ >> TLS mailing list -- [email protected] <mailto:[email protected]> >> To unsubscribe send an email to [email protected] >> <mailto:[email protected]> > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
