Hiya,
On 21/02/2026 01:51, Izzy Grosof wrote:
As a compromise, the clarifying line that I'm suggesting could say something like: "Non-hybrid ML-KEM should not be deployed prior to the public demonstration of a security break of the classical component of hybrid ML-KEM via a quantum computer. However, this is not a reason to prefer classical pre-quantum cryptosystems over non-hybrid ML- KEM: hybrid ML-KEM should be used instead."
I note that that above text makes no reference to TLS and is more generic. My belief is that we should aim to document consensus on something like the above as an IETF position that applies to most IETF protocols. That'd avoid a lot of the controversy we're seeing with this draft, and will likely see with others. Cheers, S.
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
