Hiya,
On 16/04/2025 01:38, Blumenthal, Uri - 0553 - MITLL wrote:
Because our experts evaluated all the relevant risks, and concluded that while in theory indeed Crypto_Strength(Hybrid) = max(Crypto_Strength(ECC), Crypto_Strength(ML_KEM)), in practical deployments there are other factors to consider. And we worry about things other than theoretical stuff on paper. I prefer to conclude my argument on this point, rather than diving into gory details.
I do think gory details would be useful here. (By reference is just fine, doesn't have to be a looong email:-) Absent those, we seem to be left with taking action (or not) based on this all being a purely regulatory preference or whim, and as we've seen, attempting to follow those can cause us to expend effort badly. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
