Joe Birr-Pixton

> * We've discussed a few times if we could turn the `dyn State` thing into an explicit (mostly private?), non-exhaustive enum of states. If we do that, we could...

> Currently, we do this by setting up a new `ClientCertVerifier` for each connection, and making it so this verifier shares a piece of state with some other code that...

Have you tried aws-lc-rs with WASM? If not this can be constructed on your side; suitable code using libcrux-ml-kem is available here: https://github.com/ctz/graviola/tree/main/rustls-graviola/src/kx

Thanks for raising this - I think my ideal solution involves https://github.com/rust-lang/rust/issues/129709 but I also think the ciphersuite enum is bloated and would be a quick and widely-applicable win.

My preference on this is that the Rust Project allow downstream projects to build (-> build-std) and replace `std` as a library. That will allow users with esoteric platform requirements...

In the meantime before I can look at this properly, I've ensured all the repo settings have the default permissions for GITHUB_TOKEN set to read-only.

Hi, thanks for the detailed report! A few points: At the moment the FIPS defaults reflect local knowledge of what algorithms are FIPS-approved or FIPS-pending. But that doesn't necessarily follow...

> 1. We have implemented `SECP256R1MLKEM768` in [b2e9c2c](https://github.com/rustls/rustls/commit/b2e9c2c020b058943a08c03bfc84c81d2bb9e6b2); this is not in any release yet but there is no impediment to releasing it. This is now released in https://crates.io/crates/rustls/0.23.28

Yep my WIP branch for this is at https://github.com/quinn-rs/quinn/compare/main...ctz:quinn:jbp-retry-calculation-uses-rustls -- haven't worked on it for a while and can't really remember where I got with it.

> I think absorbing these libraries into a blessed namespace but keeping them functionally out of the std library is a half measure that demonstrates a lack of conviction on...