[TLS] Re: Composite ML-DSA
David Benjamin <davidben@chromium.org> Wed, 15 April 2026 16:45 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 507C6DCF6A89 for <tls@mail2.ietf.org>; Wed, 15 Apr 2026 09:45:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776271550; bh=/fY2Nvgnfu7f/Z6uWZykZkLE+z824qaOqkdVdMkCVvo=; h=References:In-Reply-To:From:Date:Subject:To; b=yy669EUxVfwVUm4iy/4eA9vKeoqpTfLcLTxlIWQmzveXbn0vEyJcNVHg2Y+jGBG+a 2jBCpBQkJ50vNC0L8qnHRRaTpon5a/Norh0bucgHqmHGtdQ9xzYrhdSEkj8HHJTSQH EVA//ym+Xs7cEBqCuORShCQ8014ssgkQZVc9QS8A=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -9.499
X-Spam-Level:
X-Spam-Status: No, score=-9.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMEYSdjsKdUl for <tls@mail2.ietf.org>; Wed, 15 Apr 2026 09:45:49 -0700 (PDT)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BEB73DCF2219 for <tls@ietf.org>; Wed, 15 Apr 2026 09:38:48 -0700 (PDT)
Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-b9c1da7ac63so1115350366b.0 for <tls@ietf.org>; Wed, 15 Apr 2026 09:38:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776271122; cv=none; d=google.com; s=arc-20240605; b=cZTwSZO2ycwYLc0dyaEqNmlZfOuHVZI3mIEKwaywIkGLYAAz7+7UxUwganF7bghUxQ bKzbNU5fyquJEHEGTDagaJ6uKDEiqegaxEvbh/EQ5k4m8Sc8GjnRzcmwQwe3X5bnTiHn y8KYgJqt0UgksIOG5L3fcdSzUdS028jJf6vm86HUUPIeuU5g6Rs8/Eq8DCQCs37FVaCT nqVyeA+IFDVzIwuw1UHneXPpx4Ih4Kd5xyAmoejj0Vj2/DiEi40BaKkms9O/zjLLzOj6 0uLMK5NXQuHQNsTVc3AlYqhMeARFuCJX60KVWLgsFWDe1EYHooDCuqCg5rJ8/NST5ahT NYhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=NKJHEpaYz967n1uUtSYwREWBYZWWR4vAfZk01FSiH4U=; fh=iMQEz7fIE2XtFWqLUMEt8tz+aEDEJVSqHa2ftqd9oME=; b=bhYskNvbsEguEquCGnrV0mGC5mmvjV0wEhvUhUHHDXpctSNH8qS2K3/qHJ2jBXTUu/ V44XL+8B60bUCnrm64sfFs4KuALGgd1M4IlpCWatbL6Z6YhexoBjxJY1zKDVZpwkJYsX IXOPDu9l9RDPZA+yWl9foMopjom3muWFssW+Tfv1RittrKU4gt8QuPNDX2jXXmjRVeTV o9xfkz6YRt33UGtnQ53BDd+oKfif8boP4qqvzGZ7CIAKLALPpMcrseyI8zzIut0v7cwQ 9ZOrsKTvMkb1BLPSLjeigFvsFE4ZRu+bcbSMfcWFAQP18hq5YxT2PKfGaGdVbQyA5EDe yOuA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1776271122; x=1776875922; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=NKJHEpaYz967n1uUtSYwREWBYZWWR4vAfZk01FSiH4U=; b=fRUVqATHWXYKeDNq7R4tmwR2FepUylzORSKi55bw3iCwlASuGzWiTrMgp+kILx0s+o RSEi0r1PWhNjxxqWWclOGFRM7wNuD7lEiIReDrZcalyJmHH7Ca6Q3k8fLJZ3F3U1GPvx HTH/bTFBbZQcOao/q5mZ0YaJJT9/6+zwinL54=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776271122; x=1776875922; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NKJHEpaYz967n1uUtSYwREWBYZWWR4vAfZk01FSiH4U=; b=LA+MHRLCKjwMqjU6tXxnDxfe42sENOmHDu86ZGfnPnmSCqT7Nmvaeyp3GloJA7aOEv ZtQYTSR4PoOzcEI70MRK3E1b0avrZ1RzEKPzgQOpaTxnmKBBnVUtaPGBf/NwuTB2Ye91 kPCZhuj2BZ1twC/VT5R6kO/DW4aUSj4VdA8HkA77RYh5V8uVBZ1RZLYNOWumtlcjLWqq poxhBTjXUyE0iNvzkWLrh+wF4nDDRDwYglJeWeagaijZ9F28GDZZSS3eYfuWYqyViDH3 tBB/jFVgpXU72vAhoyvEecfwO+q/E9zjfvJc8Y6cvBkNT/jByqyQSXmvqqt05dURpnnJ xAgA==
X-Gm-Message-State: AOJu0YzZrOtQqISHVRGnm7awPyVyy+cO5/ds4HDIGm3xINV5y4AMe08m ox5Cy+hZiiDBTApsv7oymS3y0wlhBOM44Hh9a4oR7KOzzgpkeaYwrnyebw5ZG21XKQ2NP+D7SaH nX+8Cq9SVEiAHLtxiiQq72+qiMcGmnQfDjL4wNJumFVwB+n8mnCWkCro=
X-Gm-Gg: AeBDieumLcffN/ZoUVye890Q/5RwoH+RpR+H0E74mFfrECqir0+2q+LjviWYqvq+RdU 9x5lzBWO13mVZAZqYtmjfT/52cpX8u4CMtCkbG7S+ANjjNZP5HzZu6P8wYIl+JI7KSkm6SEQeYV Pxl+7bzXyYB4KpYdALZebXhh3jWt/qxd+q11JMddtNeRtQVdmim9+8mmn90nZQnx6Km6HzHmb2e S4DCzMGYYYW3I+tOdbqi0s1mVzelZAvSoc1O9pSShP3LEtFJnTOJD9CndP2ERisrkR3M04XLQtY GTTKaM8hY4XBC4sEuedcAQPfniQRfa1eYOc4rx+YF/QP1OMX2WAOfDZzAGqGhVHcxssaCffta1g lcQZqaifGrfnJ+jCkOA==
X-Received: by 2002:a17:907:9414:b0:b9f:15d9:77d0 with SMTP id a640c23a62f3a-b9f15d97853mr366554566b.5.1776271120486; Wed, 15 Apr 2026 09:38:40 -0700 (PDT)
MIME-Version: 1.0
References: <3a16c7c4-345e-48ce-af70-a3bf503c8caf@app.fastmail.com> <CACf5n7_0hdeHJXXucva9pb=+pjhcgveHRpjA8XAcXB3LsYUvaw@mail.gmail.com> <CAFpG3gcC+UfO7E=ADGhwr2En5PwipZiq_r6_RdqvmT-5nnh2jw@mail.gmail.com> <d69ba150-0257-4e64-9abb-9229d03a03a6@app.fastmail.com> <87a4v42urw.fsf@josefsson.org> <ad-ebC8qSVHEgKcW@chardros.imrryr.org> <MN2PR17MB40317F72E2F0E49EF11377BECD222@MN2PR17MB4031.namprd17.prod.outlook.com> <PH3PPFA3FE8A23FE5B1CCA80C086902D1D7C1222@PH3PPFA3FE8A23F.namprd11.prod.outlook.com> <MN2PR17MB40313F23549B89F188D765EDCD222@MN2PR17MB4031.namprd17.prod.outlook.com> <LV0PR21MB662325C6F94AE362DEFC7E088C222@LV0PR21MB6623.namprd21.prod.outlook.com> <ad-63GSQ6XzRnGVq@chardros.imrryr.org>
In-Reply-To: <ad-63GSQ6XzRnGVq@chardros.imrryr.org>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 15 Apr 2026 09:38:22 -0700
X-Gm-Features: AQROBzCjcJuIJEIVzXvwx3BHNQghiC1b5KV27AUozfSqhKckPD_0zxqHS10rW1A
Message-ID: <CAF8qwaCqij=d6HtbeF_kmHw5JY3NWfAD=JFCftBt7vYjdVxodA@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002b2bbc064f825982"
Message-ID-Hash: 2PZRD3ROCX7HAEP4SOH44266GBEWQZKC
X-Message-ID-Hash: 2PZRD3ROCX7HAEP4SOH44266GBEWQZKC
X-MailFrom: davidben@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Composite ML-DSA
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ip90-6ne_reaEywX2VFwk_-bkBQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Right, if one is to do composites, modeling them as algorithms that happen to be made of two internally is correct. The cost is now that we have more algorithms. Particularly because the (correct) fix for composites' structural complexity is to instead invite a combinatorial explosion of different algorithms. Filippo raised an important point to keep in mind: the signature algorithm here is the long-lived TLS credential. This leaks outside of the TLS stack into your certificate, your CA, your key management story, etc. It's not like a cipher suite or key agreement which is just local to the TLS connection. That makes the cost of this security blanket much higher, so it needs to give higher benefit to justify it. On Wed, Apr 15, 2026 at 9:33 AM Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > On Wed, Apr 15, 2026 at 04:06:27PM +0000, Andrei Popov wrote: > > > The complexity argument is implementation-dependent. On Windows, the > > PKI stack encapsulates the multiple keys involved, so the use of a > > composite cert looks no different to the TLS stack (and other apps) > > than the use of any other cert. > > Likewise in OpenSSL, the real complexity is having to implement and > support the algorithms, when it is not clear who's going to use them, > and whether supporting them is a disservice to the community because it > breeds balkanisation through too many choices only some of which will be > supported by some of the stacks. I see it as a Pandora's box I don't > want to open without good cause. > > -- > Viktor. 🇺🇦 Слава Україні! > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] Re: Composite ML-DSA John Mattsson
- [TLS] Re: Working Group Last Call for Use of ML-D… Filippo Valsorda
- [TLS] Working Group Last Call for Use of ML-DSA i… Sean Turner
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Stephen Farrell
- [TLS] Re: [EXTERNAL] Working Group Last Call for … Andrei Popov
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Quynh Dang
- [TLS] Re: Working Group Last Call for Use of ML-D… Stephen Farrell
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Jack Grigg
- [TLS] Re: Working Group Last Call for Use of ML-D… Daniel Van Geest
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Ilari Liusvaara
- [TLS] Re: [EXTERNAL] Re: Working Group Last Call … Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Nadim Kobeissi
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Stephen Farrell
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Jan Schaumann
- [TLS] Re: Working Group Last Call for Use of ML-D… Corey Bonnell
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Watson Ladd
- [TLS] Re: Working Group Last Call for Use of ML-D… Loganaden Velvindron
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Robert Relyea
- [TLS] Re: Working Group Last Call for Use of ML-D… Salz, Rich
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Marc Penninga
- [TLS] Re: Working Group Last Call for Use of ML-D… Michael StJohns
- [TLS] Re: Working Group Last Call for Use of ML-D… Martin Thomson
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Working Group Last Call for Use of ML-D… Peter Gutmann
- [TLS] Re: Working Group Last Call for Use of ML-D… tirumal reddy
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Working Group Last Call for Use of ML-D… Jack Grigg
- [TLS] Re: Working Group Last Call for Use of ML-D… Eric Rescorla
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Joshua
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Wang Guilin
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Scott Fluhrer (sfluhrer)
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Andrei Popov
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Kris Kwiatkowski
- [TLS] Re: Working Group Last Call for Use of ML-D… Watson Ladd
- [TLS] Re: Working Group Last Call for Use of ML-D… Filippo Valsorda
- [TLS] Re: Working Group Last Call for Use of ML-D… David Adrian
- [TLS] Re: Working Group Last Call for Use of ML-D… Daniel Apon
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaroslav Rosomakho
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Composite ML-DSA tirumal reddy
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Composite ML-DSA tirumal reddy
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Scott Fluhrer (sfluhrer)
- [TLS] Re: Working Group Last Call for Use of ML-D… David Adrian
- [TLS] Re: Working Group Last Call for Use of ML-D… John Mattsson
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Ilari Liusvaara
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Michael StJohns
- [TLS] Re: Composite ML-DSA Salz, Rich
- [TLS] Re: Composite ML-DSA Scott Fluhrer (sfluhrer)
- [TLS] Re: Working Group Last Call for Use of ML-D… Soatok Dreamseeker
- [TLS] Re: Composite ML-DSA Sean Turner
- [TLS] Re: Composite ML-DSA Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Filippo Valsorda
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Tim Hudson
- [TLS] Re: Working Group Last Call for Use of ML-D… Robert Relyea
- [TLS] Re: Composite ML-DSA David Benjamin
- [TLS] Re: Composite ML-DSA Salz, Rich
- [TLS] Re: Composite ML-DSA David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Russ Housley
- [TLS] Re: Working Group Last Call for Use of ML-D… Joshua
- [TLS] Re: Working Group Last Call for Use of ML-D… Viktor Dukhovni
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Working Group Last Call for Use of ML-D… Robert Relyea
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Sean Turner
- [TLS] Re: Composite ML-DSA Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Salz, Rich
- [TLS] Re: Composite ML-DSA Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Salz, Rich
- [TLS] Re: Composite ML-DSA Daniel Van Geest
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Composite ML-DSA Daniel Van Geest
- [TLS] Re: Working Group Last Call for Use of ML-D… Wang Guilin
- [TLS] Re: Working Group Last Call for Use of ML-D… Thom Wiggers
- [TLS] Re: Working Group Last Call for Use of ML-D… Sophie Schmieg
- [TLS] Re: Working Group Last Call for Use of ML-D… Peter Gutmann
- [TLS] Re: Working Group Last Call for Use of ML-D… Falko Strenzke
- [TLS] Re: Composite ML-DSA Viktor Dukhovni
- [TLS] Re: Composite ML-DSA Andrei Popov
- [TLS] Re: Composite ML-DSA Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Composite ML-DSA Nico Williams
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Christopher Patton
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Rob Sayre
- [TLS] Re: Working Group Last Call for Use of ML-D… Simon Josefsson
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Yaroslav Rosomakho
- [TLS] Re: Composite ML-DSA Simon Josefsson
- [TLS] Re: Composite ML-DSA Simon Josefsson
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Composite ML-DSA Filippo Valsorda
- [TLS] Re: Composite ML-DSA Daniel Van Geest
- [TLS] Re: Working Group Last Call for Use of ML-D… Dennis Jackson
- [TLS] Re: Composite ML-DSA Dennis Jackson
- [TLS] Re: Working Group Last Call for Use of ML-D… Simon Josefsson
- [TLS] Re: Working Group Last Call for Use of ML-D… David Benjamin
- [TLS] Re: Working Group Last Call for Use of ML-D… Peter C
- [TLS] Re: Composite ML-DSA Nadim Kobeissi
- [TLS] Re: Working Group Last Call for Use of ML-D… Simon Josefsson
- [TLS] Re: Working Group Last Call for Use of ML-D… Bas Westerbaan
- [TLS] Re: Working Group Last Call for Use of ML-D… Muhammad Usama Sardar
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Composite ML-DSA Scott Fluhrer (sfluhrer)
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Composite ML-DSA Eric Rescorla
- [TLS] Re: Composite ML-DSA Daniel Van Geest
- [TLS] Re: Composite ML-DSA Nico Williams
- [TLS] Re: Composite ML-DSA tim.beckmann
- [TLS] Re: Composite ML-DSA Sophie Schmieg
- [TLS] Re: Composite ML-DSA Peter Gutmann
- [TLS] Re: Working Group Last Call for Use of ML-D… Yaakov Stein
- [TLS] Re: Composite ML-DSA Mike Ounsworth
- [TLS] Re: Composite ML-DSA Watson Ladd
- [TLS] Re: Composite ML-DSA Mike Ounsworth
- [TLS] Re: Composite ML-DSA Daniel Van Geest
- [TLS] Re: [EXTERNAL] Re: Composite ML-DSA John Gray
- [TLS] Re: Composite ML-DSA Falko Strenzke