I'll be honest; I don't remotely understand how to interpret the English of this sentence:
" This all seems motivated by insuring against the ML-KEM patent license that limits for what ML-KEM can be used for, to allow the IETF to say "oh but TLS does not allow ephemeral key shared so we don't care about that use-case". " What "*limits*" on the ML-KEM patent license are you referring to? On Tue, Mar 24, 2026 at 12:43 PM Eric Rescorla <[email protected]> wrote: > > > On Tue, Mar 24, 2026 at 3:20 AM Simon Josefsson <simon= > [email protected]> wrote: > >> Viktor Dukhovni <[email protected]> writes: >> >> > On Mon, Mar 23, 2026 at 04:40:14PM -0400, Sean Turner wrote: >> > >> >> This message starts a two week consensus call on whether >> >> draft-ietf-tls-rfc8446bis should prohibit key share reuse between >> >> connections. ekr has already produced a PR; see [1]. Please let the >> >> list know whether you do or do not support this change by 6 April >> >> 2026. Please note that if you already replied in here:[2] there is no >> >> need to also reply to this thread unless you changed your mind. >> >> >> >> Note that as draft-ietf-tls-rfc8446bis in currently in AUTH48, this >> >> may add some delay to its publication. We believe that any delay would >> >> be small because we already know there are outstanding PRs that needed >> >> to be worked. >> > >> > FWIW, I still believe that the current SHOULD NOT (reuse ephemeral keys) >> > is better than the proposed MUST NOT, however that's not a battle worth >> > fighting. It seems that the prevailing wisdom is to make the change, >> > and no disaster will ensue if it is made. >> >> +1 >> >> I believe implementations and deployment that make reasonable use of key >> share reuse (which I believe the earlier discussion acknowledged) will >> happily continue to do so, violating the MUST NOT, and things will be >> fine. >> >> This all seems motivated by insuring against the ML-KEM patent license >> that limits for what ML-KEM can be used for, to allow the IETF to say >> "oh but TLS does not allow ephemeral key shared so we don't care about >> that use-case". >> > > No. That's not correct, at least not for me. > > Separately, I've noticed you have a tendency to attribute motives to > others that > aren't really accurate and often seem designed to reflect badly on them. > I would ask you to stop. > > -Ekr > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
