> 1. X25519MLKEM768 should be ranked higher than X. What is X? All other > (future) keyshares? Listing the non-PQ recommended=Y keyshares explicitly? > The most direct advise would be that client should rank PQ keyshares higher > than non-PQ shares. But that would mean ranking some recommended=N > keyshares higher than recommended=Y shares.
I would go for "X25519MLKEM768 higher than non-PQ shares" to keep the footprint down. This avoids ranking N over Y and we could repeat/refine this statement whenever we make a new KEM recommended=Y. Since the reason for PQ-algorithms is in the X25519MLKEM768 motivation, smart engineers should figure out the meaning [0] and might just need a little "nudge" so they remember that there is a preference ranking, not just an algorithm on/off switch :) -- TBB [0] e.g. I fully trust them to figure out which shares are "non-PQ", so no need to explicitly list them.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
