> > As for SecP256r1MLKEM768 and SecP384r1MLKEM1024 in this draft, the
> > current status is that they're basically not supported in
> > deployments at all.
> acm.us-west-1.amazonaws.com (US),
[ etc. ]
I stand by what I said. The top-100000-sites survey from
https://www.netmeister.org/blog/pqc-use-2025-03.html
in March 2025 showed 27417 sites supporting X25519MLKEM768 and only 129
sites supporting SecP256r1MLKEM768.
> TLS is not just the web (origins, CDNs, and browsers).
Sure, but is there a reason to expect non-web usage of TLS to have more
support for SecP256r1MLKEM768 than web usage?
Probably the most important use of TLS beyond the web is for controlling
embedded devices. Vulnerability scans show again and again that these
devices are normally out of date (and it's also well understood why), so
most of them will have TLS stacks that predate SecP256r1MLKEM768, never
mind the question of why they'd want to use that instead of something
that's safer and much more widely supported.
---D. J. Bernstein
===== NOTICES REGARDING IETF =====
It has come to my attention that IETF LLC believes that anyone filing a
comment, objection, or appeal is engaging in a copyright giveaway by
default, for example allowing IETF LLC to feed that material into AI
systems for manipulation. Specifically, IETF LLC views any such material
as a "Contribution", and believes that WG chairs, IESG, and other IETF
LLC agents are free to modify the material "unless explicitly disallowed
in the notices contained in a Contribution (in the form specified by the
Legend Instructions)". I am hereby explicitly disallowing such
modifications. Regarding "form", my understanding is that "Legend
Instructions" currently refers to the portion of
https://web.archive.org/web/20250306221446/https://trustee.ietf.org/wp-content/uploads/Corrected-TLP-5.0-legal-provsions.pdf
saying that the situation that "the Contributor does not wish to allow
modifications nor to allow publication as an RFC" must be expressed in
the following form: "This document may not be modified, and derivative
works of it may not be created, and it may not be published except as an
Internet-Draft". That expression hereby applies to this message.
I'm fine with redistribution of copies of this message. There are no
confidentiality restrictions on this message. The issue here is with
modifications, not with dissemination.
For other people concerned about what IETF LLC is doing: Feel free to
copy these notices into your own messages. If you're preparing text for
an IETF standard, it's legitimate for IETF LLC to insist on being
allowed to modify the text; but if you're just filing comments then
there's no reason for this.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
