On Tue, Oct 07, 2025 at 09:39:52AM -0700, Eric Rescorla wrote:
> For context, there are currently four such supported groups for TLS:
> X25519, X448, P-256, and P-384. Is there a substantive reason why the
> hybrids of these same groups with MLKEM ought not to be RECOMMENDED=Y?
I was just drafting a message to suggest that the draf is missing an
obvious combination:
MLKEM1024 + X448
If MLKEM1024 is supported with SecP384r1 (P-384), it should also be
supported with X448. The supported combinations would then be more
"natural":
MLKEM768 + either P-256 or X25519
MLKEM1024 + either P-384 or X448
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
