openssh bugs - Sep 2025 - [Bug 3866] New: Support for ML-KEM and ECDH hybrids

https://bugzilla.mindrot.org/show_bug.cgi?id=3866

            Bug ID: 3866
           Summary: Support for ML-KEM and ECDH hybrids
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tessgauthier at microsoft.com

Are there plans to support additional hybrid PQCs, such as
mlkem768nistp256-sha256 and mlkem1024nistp384-sha384?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3866

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Not at present. I believe that it is possible for hybrid ML-KEM/x25519
to be considered for FIPS certification, on the basis that ML-KEM is
certifiable and the combination is guaranteed to be no worse than
ML-KEM alone. Unfortunately I don't have a reference for this.

Given this, and the costs of maintaining a proliferation of algorithms,
we didn't plan on adding other hybrid ML-KEM variants.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.