I'm also opposing this. There is no reason for this workgroup to get involved. We should only publish it if we think it's actually a good idea, and I've not seen anybody arguing that.
If the document is to get code points, I see no reason for us to publish such a document, there are alternatives. Kurt On November 24, 2025 4:11:42 PM GMT+01:00, Simon Josefsson <[email protected]> wrote: >I'm opposed to publishing this document through the TLS WG as-is. > >At this time, I believe that non-hybrid PQ KEMs are a security risk. > >Having Informational/Experimental documentation of deployed protocols is >reasonable. However, there should be no urgency to publish this >document. Thus I suggest to not publish it now. > >We are having trouble getting safe hybrid PQ solutions published. Until >we have a couple of widely deployed hybrid PQ KEMs published, >implemented and deployed, I don't think we should fragment the already >thin resources we have to reach that goal by spending further cycles on, >and then publish a fragile solutions like this. Please prioritize a >non-NIST/MLKEM hybrid PQ KEM for TLS. FrodoKEM? Streamlined NTRU >Prime? We need more hybrid PQ options. > >/Simon
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
