Hi, Comments on the two changes that (I think) were made based on my comments.
--- Thanks for adding - "Any of the hybrid groups specified in this document may be implemented in a FIPS approved way as discussed in Section 5." This removes the concerns I had about the motivation section. --- Regarding 800-227, I thought it would be good to remind the reader that FIPS 203 states: "For general definitions and properties of KEMs, including requirements for the secure use of KEMs in applications, see SP 800-227" The added text talks about "general guidance" and is in my view making things worse. Instead of spending time discussing exactly which requirements in 800-227 that apply to TLS 1.3, I suggest just removing the newly added text on 800-227 and publish. The draft does not have to duplicate text from NIST specifications. --- Cheers, John On 2025-11-17, 23:55, "[email protected]" <[email protected]> wrote: Internet-Draft draft-ietf-tls-ecdhe-mlkem-02.txt is now available. It is a work item of the Transport Layer Security (TLS) WG of the IETF. Title: Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3 Authors: Kris Kwiatkowski Panos Kampanakis Bas Westerbaan Douglas Stebila Name: draft-ietf-tls-ecdhe-mlkem-02.txt Pages: 11 Dates: 2025-11-17 Abstract: This draft defines three hybrid key agreements for TLS 1.3: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024 which combine a post-quantum KEM with an elliptic curve Diffie-Hellman (ECDHE). The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-tls-ecdhe-mlkem-02.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-ecdhe-mlkem-02 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
