Dear Stephen, Thank you for your note. I appreciate your shared reservations regarding the publication of this document.
I agree entirely with both you and Rich that a single participant does not possess a unilateral veto, and that assessing consensus requires judgement calls by the chairs. IETF procedures do not allow one person to hold a document hostage based merely on contention or preference. However, there is a fundamental difference between a generic complaint and a substantive, detailed technical objection. As outlined in RFC 7282, the essence of rough consensus is that all legitimate technical concerns must be addressed—not necessarily accommodated, but technically resolved or refuted. If a severe technical flaw is demonstrated, or if prerequisites—such as FATT review—aren’t met, and the Working Group's only response is to state that they "still want to move forward" without engaging with the realities of the flaw, then the technical issue remains unaddressed. Proceeding under such circumstances is not rough consensus; it is the administrative dismissal of an unresolved technical reality. My objective is simply to ensure that the cryptographic standards we produce are sound. I remain fully prepared to engage with any rigorous technical refutation of the vulnerabilities I have detailed. Until the substance of those concerns is actually met, my objection stands on its technical merits. Nadim Kobeissi Symbolic Software • https://symbolic.software > On 25 Feb 2026, at 11:38 PM, Stephen Farrell <[email protected]> > wrote: > > > >> On 25/02/2026 21:50, Salz, Rich wrote: >> You misunderstand what “addressed” means here. A perfectly >> reasonable response is “the issue has been discussed by the WG and >> they still want to move forward.” As another recent example, the >> LAMPS WG went ahead even though one participant (repeatedly:) raised >> patent concerns. > > Despite me not wanting to see this document published, Rich is correct > here. There are always judgement calls required and one participant > being convinced there's a fatal flaw in something is not sufficient > in itself to block that thing. If a participant convinces others of > the fatality of the flaw, that may be different, but if something is > generally contentious, (as in this case), a claim of a fatal flaw > by itself blocks nothing. > > Cheers, > S. > <OpenPGP_signature.asc> _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
