“Needlessly” - well, I guess in getting tired and irritated by the incessant attempts of a cheat minority to override the choice the overwhelming majority (which is what I call 75%-25% split) made.
This group has been trying to reach consensus on “comparative riskiness” for considerable time - and failed, so far. I see no reason to expect such consensus miraculously appearing out of <where?>. Do you? If so, please enlighten me. One reason hybrids add risks is the practical implementation/deployment/processes/management/maintenance part, as opposed to treating the issue as a pure mathematical formula - which deployed software apparently is not (some might argue that it should be, I let the reality speak for itself). Since It looks like 3/4 of the audience holds position similar to mine - frankly, I don’t see why 3/4 must convince 1/4 that their position is valid (usually, it’s the other way around). — Regards, Uri Secure Resilient Systems and Technologies MIT Lincoln Laboratory > On Apr 17, 2025, at 13:35, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > >> On 17/04/2025 18:23, Blumenthal, Uri - 0553 - MITLL wrote: >> Don’t try to stuff your perception of risks and correctness into >> everybody else’s throat. > > Aside from the needlessly accusatory phrasing above, seeking to > reach consensus on the comparative riskiness of these seems like > a good plan to me, and entirely doable, so I disagree with you. > > I also note that you earlier declined to get into the gory > detail of why you consider hybrids more risky. Arguing for > inclusion of text reflecting the details (gory or otherwise) > that have been aired in public seems entirely reasonable to > me, so if people who prefer one position over another aren't > willing to say why, they should IMO expect their positions > to be less well reflected in draft/RFC text. > > Cheers, > S. > > <OpenPGP_signature.asc>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
