I would also be against a temporarily ban at this point, but hopefully the warning will help reduce unprofessional commentary and personal attacks in the future. Commentaries on other participants' motivations should not be forbidden in general, and I don't think they are according to any IETF policy.
- If someone wants to argue that participants paid by company X are defending the use of weak crypto for business reasons just because they have massive deployments of that weak cryptography, I think they should be allowed to. - If someone wants to argue that professor Y is promoting his/hers/their algorithm for personal fame, I think they should be allowed to. - If someone wants to argue that participants paid by SIGINT agency Z are intentionally weakening security, I think they should be allowed to. One of my regrets from the Snowden discussions is not speaking up against the demands to remove Kevin Igoe as CFRG chair just because he represented NSA. While me and Kevin did not always get along, I did not see him doing anything in his role as CFRG chair that motivated the demands to remove him from the position. I think we should encourage that participants clearly show who they are representing. The idea that people are representing themselves in the IETF has nothing to do with reality and would never ever hold in court. Instead of continuing this thread. Could we please just start adoption calls for both draft-connolly-tls-mlkem-key-agreement and draft-kwiatkowski-tls-ecdhe-mlkem. I cannot speak for other companies, but for Ericsson, migration to PQC is a top priority and we would very much want RFCs for quantum-resistant key exchange in TLS 1.3, DTLS 1.3, QUIC, EAP-TLS 1.3, DTLS-SRTP, etc. as soon as possible. Cheers, John On 2024-12-14, 08:59, "Viktor Dukhovni" <ietf-d...@dukhovni.org> wrote: On Fri, Dec 13, 2024 at 08:24:24PM -0800, Joseph Salowey wrote: > You continue to violate list policy with unprofessional commentary on other > participants' motivations and repeatedly raising points that are out of > scope. Please stop this behavior. This is the last warning before we will > take action and temporarily ban you from the list; see BCP 94 [0]. > > [0] https://datatracker.ietf.org/doc/html/rfc3934 I personally find this threat excessive under the circumstances, however forceful, or insistent on being heard, Dan may be at times, history has shown that he is often enough ultimately proved right, years or decades later. However "inconvenient", IMHO his voice should not be suppressed. If his strong view is that pure PQ KEMs (probably not just ML-KEM/Kyber), are too novel to be responsibly relied on without a classical fallback, then he should IMHO able to forcefully make that case. If there is nevertheless a demonstrable plurality of reputable cryptographers on record as saying that *pure* PQ KEMs are (despite initial implementation bugs) strong enough to move towards deployment, then Dan's view may not prevail, but I do not find his posts to be beyond the pale. There were also (with IIRC Dan instrumental in bringing these to light) some early side-channel issues in AES, that AFAIK still apply to some reference pure software AES implementations, and when used securely, AES is hardware assisted, or slower if counter-measures are implemented. The AES issues were unfortunate, and ideally would have been identified prior to standardisation, but proved "fixable". If we're in luck that'll also be true with Kyber, but arguments for some caution don't come across as unfounded. -- Viktor.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
