On Wed, Feb 12, 2020 at 3:23 PM Martin Thomson <m...@lowentropy.net> wrote: > > On Thu, Feb 13, 2020, at 10:01, Carrick Bartle wrote: > > I'm brand new to the IETF, so please forgive me if I'm totally off base > > here, but my understanding is that Informational RFCs are explicitly > > not recommendations (let alone mandates)? > > This would of course be information, but my comment was about phrasing. This > document comes off as being quite prescriptive, where it doesn't really need > to be. Absent actual algorithms, it's just a set of guidelines. That's > reflected in its Informational status, but it would be better if the verbiage > also reflected that more clearly. > > To address Stephen's comment at the same time: I think that we can publish an > RFC on this before the competition completes if it is just a framework. That > might in fact make standardizing the one true composite scheme easier.
What's the point of composite schemes after the NIST competition finishes? The reason imho to have composite schemes now is to be able to do deployment experiments where the security of the postquantum scheme doesn't negatively impact the confidentiality of the transmitted data. Obviously after a scheme has significant cryptanalysis thrown at it, the value of a composite decreases because the scheme is considered much more secure, and so the composite adds much less security and still has costs. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
