I'm opposed to publishing this document through the TLS WG as-is. At this time, I believe that non-hybrid PQ KEMs are a security risk.
Having Informational/Experimental documentation of deployed protocols is reasonable. However, there should be no urgency to publish this document. Thus I suggest to not publish it now. We are having trouble getting safe hybrid PQ solutions published. Until we have a couple of widely deployed hybrid PQ KEMs published, implemented and deployed, I don't think we should fragment the already thin resources we have to reach that goal by spending further cycles on, and then publish a fragile solutions like this. Please prioritize a non-NIST/MLKEM hybrid PQ KEM for TLS. FrodoKEM? Streamlined NTRU Prime? We need more hybrid PQ options. /Simon
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
