Hi Uri,
At 10:23 AM 17-04-2025, Blumenthal, Uri - 0553 - MITLL wrote:
You consider pure-PQ risks then don't usee it.
I consider risks associated with hybrids, so my
deployment will not use them. To each his own.
According to a draft authored by Reddy and
Tschofenig, "Pure PQC Key Exchange may be
required for specific deployments with regulatory
or compliance mandates". The authors then go on
to list "high-security environments" as an
example of where Pure PQC Key Exchange is
required. An assessment of risks would be different in such environments.
The web browser vendors decide which algorithm(s)
to deploy at my location. That's usually how it
works for everyday use. I doubt that the
everyday user would be asking for compliance with
the (U.S.) FIPS 203 standard (please see Section
1.1 of
draft-connolly-tls-mlkem-key-agreement-05); It's
unlikely that the user would have heard of
"FIPS". It could be different in other parts of the world.
Don't try to stuff your perception of risks and
correctness into everybody else's throat.
The above sentence seems a bit strong.
Regards,
S. Moonesamy
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
