Re: Channel binding for post-quantum cryptography
| От | Jacob Champion |
|---|---|
| Тема | Re: Channel binding for post-quantum cryptography |
| Дата | |
| Msg-id | CAOYmi+ng6BjSrQtqPFH0suP8+rg6w-tiuOzHW7Ms2026_E_31A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Channel binding for post-quantum cryptography (Michael Paquier <michael@paquier.xyz>) |
| Список | pgsql-hackers |
On Mon, Oct 27, 2025 at 10:55 PM Michael Paquier <michael@paquier.xyz> wrote: > Another thing that bugs me is that this patch would force sha-256 for > everything, without at least checks based on NID_ML_DSA_44, > NID_ML_DSA_65 or NID_ML_DSA_87. That may be more flexible, but I'm > wondering if it could become a problem long-term to enforce blindly > such a policy every time algo_nid is undefined. I think it would be a problem, at least if the previous conversations around X509_get_signature_nid() are any indication. Filip, you said > RFC 5929 recommends SHA-256 for unknown/unsupported algorithms but I don't see any language like that; can you provide a quote? That doesn't seem like a recommendation that would allow for interoperability in the long term. The IETF draft at [1] (which was updated just last month) seems to provide new signatureAlgorithm IDs for ML-DSA. Is this just a matter of waiting until the specs are released and OpenSSL implements them? Thanks, --Jacob [1] https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
В списке pgsql-hackers по дате отправления: