Hiya,
Without going into the details, I'm generally sympathetic to djb's argument here, but also do recognise ekr's "we allow anyone to get a RECOMMENDED=N code point" as valid. That said, if the WG adopt *anything* with RECOMMENDED=Y in this space (incl. for KEMs) then I think the onus is on the WG to write down guidance for the entire space, especially as there will be codepoints for non-hybrids. In summary: I don't think we should go back to previous policies where we'd try prevent registration of non-hybrids, but I do think we really need to try reach consensus on guidance text for the whole slew of PQ possibilities for TLS. (And IMO that guidance would be along the lines of djb's argument.) Cheers, S. PS: It seems pretty ironic to me that ambiguities in NIST and NSA text are turning out such a barrier to getting PQ stuff done when at the same time they're some of the entities trying to (again IMO) rush a pile of things here. (To be clear: for me, everything PQ except hybrid KEMs is a thing for which we ought hasten much more slowly.)
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
