I oppose to the publication of this draft. The motivation isn’t substantial enough, the risks of abandoning hybrids are clear and substantiated by evidence, the gains in shedding a smaller amount of bytes/cycles quantifiably irrelevant.
Adding options at this point further increases complexity, rather than reducing it. In general supporting this draft at this point in time significantly reduces the security margins of adopters, contrary to the goals of this WG. The long term goal of abandoning hybrid solutions to transition to “pure” solutions is also questionable: there is consistent evidence to state that this is not going to be the last transition, and that retaining working hybrids will reduce the cost of the next transition and the ever-present risks of ossification. I’d also support Stephen’s proposal of a BCP addressing hybrid vs pure, to have a dedicated place to address this topic across protocols and WGs to avoid rehashing the same discussion points all over the place. Cheers, Nicola Tuveri
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
