Sean Turner writes:
> Scott is not an author of this draft
The draft author claimed at the outset that hybrids were currently a
"big 'maybe' at best" under "FIPS / CNSA 2.0 compliance guidelines" and
would be prohibited by 2033. Scott's message was simply explicit about
the money flow ("more importantly for my employer, that's what they're
willing to buy. Hence, Cisco will implement it").
There have been many similar claims about what NSA supposedly requires.
I think the overall discussion can reasonably be summarized as follows:
* Pro-hybrid: Non-hybrid PQ is frivolously incurring security risks.
* Anti-hybrid: NSA is throwing a lot of money at non-hybrid PQ.
Should we be letting NSA buy IETF endorsement of specs that violate
normal common-sense security practices? This sounds crazy to me: it's
contrary to BCP 188, and contrary to any notion that IETF is making
decisions based on objective technology evaluation. But it seems that
the WG chairs are allowing the do-what-NSA-wants position.
What I find really amazing here is that we don't have evidence showing
that NSA is in fact insisting on non-hybrids. It seems that _rumors_ of
money are good enough to drive IETF action.
---D. J. Bernstein
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
