On Tue, Mar 03, 2026 at 12:36:51PM +1100, Viktor Dukhovni wrote:
> !-------------------------------------------------------------------|
> This Message Is From an External Sender
> This message came from outside your organization.
> |-------------------------------------------------------------------!
>
> On Mon, Mar 02, 2026 at 01:46:20PM -0800, Benjamin Kaduk wrote:
>
> > I don't see any of that in this proposed text; my proposed text was
> > attempting
> > to achieve this goal by referencing the "sense of the security community
> > recorded in {{HYBRID}}" and linking back to the use-cases in {{motivation}}
> > that provide some justification to avoid hybrids for those use cases.
>
> I think that *motivating* (justifying) the use of non-hybrids in the
> draft would be a mistake. Even better than that is to NOT promote their
> use at all. Just specify the how, not the why, and in the security
> considerations enumerate and/or reference the various issues that make
> non-hybrids potentially risky.
I don't object to this approach, though I would want to have some text in the
document saying "we're publishing this in the TLS WG so that we can give our
expert position on what the security considerations of these mechanisms are".
That is, to explain why the TLS WG is spending time on this document even though
the mechanisms it contains do not align with what the WG actually recommends
for general-purplse usage.
-Ben
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
