reneme
commented
4 weeks ago Given the imminent patch release: #4404, should we already mark those suites as "deprecated" in 3.6.1 with a clear statement that they won't stay until Botan4?
Open randombit opened 4 weeks ago
reneme
commented
4 weeks ago Given the imminent patch release: #4404, should we already mark those suites as "deprecated" in 3.6.1 with a clear statement that they won't stay until Botan4?
Chrome 131 (eta next month) is going to remove support for Kyber r3 suites and switch to ML-KEM only
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
IMO we should do the same for Botan 3.7.0
This is as fast moving area and I don't think it makes sense to continue to support Kyber r3 suites for the entire life of Botan3, which is already committed to another 3 years of support (through 2027) and may well live longer depending on circumstances.