To begin with, the call for adoption has not ended yet as there are still a couple of hours left.
On Tue, Apr 15, 2025 at 08:57:47PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > “Consensus” is not about reaching no dissenters. It’s about the > “prevailing” opinion of majority, which in this case appears to be for > adoption of this draft. Despite objections risen by several people. Sure, but to declare dissenters in the rough requires at least a bit of hand waving -- at least recognition that there were dissenters. If there are reasoned objections, especially of the "that can't work" sort, then those must be addressed. Now here there are no objections of the "that can't work" sort, so perhaps the objections can be dismissed easily enough as being matters of opinion, but still an explanation would be appropriate. IMO the objections here are in fact easily dismissed because a) there were no objections with technical reasons that were fatal to the work in question, b) given (a) the real question (though I'm not sure that was answered) is whether there are enough participants willing to review the work. The objections were all about policy: should TLS support non-hybrid, pure-PQ options? And the answer to that will be a matter of opinion, which is why if the objections were only about that then in a way they are easily dismissed. But the policy question did need to be addressed independently of the question of whether to adopt this work. The policy question should be addressed first. As to the policy question [that was not -but should have been- the subject of this thread] IMO it's much easier to be confident that a hybrid indeed is as secure as the most secure of its pre-PQ and post-PQ components than it is to be confident that either alone is as strong as the hybrid. Sure, the hybrid's construction can be itself be broken, but I think it's easier to reason about the hybrid's construction than it is to reason about the cryptosystems being combined. The policy question, if called, could in principle lead to the IETF asking the ISE not to publish this work. Ignoring the policy question, the adoption question is really a question about whether the proposed KEM is fatally flawed (not quite, not yet) or whether the WG has enough bandwidth to review the work (apparently yes). My position is that the policy question needed to be called first, before the adoption question. Nico -- _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
