|
|
|
|
|
|
by thayne
306 days ago
|
|
|
> you have to certify OpenSSH running on a particular OS on particular hardware Right, but if you use the certified version of OpenSSH, it will only allow you to use certain algorithms. > ML-KEM is NIST approved and AFAIK NIST is on record saying that hybrid KEMs are fine. My understanding is therefore that it would be possible for mlkem768x25519-sha256 (supported by OpenSSH) to be certifie ML-KEM is allowed, and SHA-256 is allowed. But AFAIK, x25519 is not, although finding a definitive list is a lot more difficult for 140-3 than it was for 140-3, so I'm not positive. So I don't think (but IANAFA as well) mlkem768x25519-sha256 would be allowed, although I would expect a hybrid that used ECDSA instead of x25519 would probably be ok. But again, IANAFA, and would be happy if I was wrong. |
|
|
I don't have a definitive reference for this though.