> rather than a safer hybrid As a coauthor on hybrid publications and I-Ds, I do not agree that hybrids are categorically safer. The -tls-hybrid-design for hybrids is pretty great... if you use secure component algorithms.
On Wed, Apr 2, 2025, 12:24 PM Bellebaum, Thomas < thomas.belleb...@aisec.fraunhofer.de> wrote: > > I believe that adopting the draft will allow those who > > wish to use pure PQC (for whatever reasons they may > > have) to do so while at the same time not in any way > > impacting anybody else who doesn't want to do that. > > Those who wish to use pure PQC do not need permission. This is about IETF > _endorsement_. > > Even with Recommended=N, I can imagine many managers reacting to a > presentation on "YOU NEED TO USE PQC LIKE ML-KEM BECAUSE ELSE..." by > googling "deploy ML-KEM now" and being recommended this rather than a safer > hybrid[1]. I am not convinced that such a person, if given more knowledge, > "doesn't want to do that". > > Not everyone using TLS is a cryptographer knowing the implications of > their algorithm choices by heart. > > -- TBB > > [1] After all, the manager was told to deploy MLKEM, not this suspicious > X25519MLKEM, whatever scam that must surely be. > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
