On Sat, Apr 04, 2026 at 05:41:57PM +0100, Stephen Farrell wrote:
> > A realist, who wants to see hybrid ML-KEM used in preference to pure
> > ML-KEM would I think publish the RFC with stern warnings in the security
> > considerations about why choosing hybrid is the prudent choice.
>
> My position is that the IETF (SEC area) should produce general guidance,
> as a BCP, on the general topic of use of hybrid vs. pure PQ, rather than
> leave it to each RFC to contain more or less the same controversial
> text. That text would also be likely to need changing relatively soon.
> If there are protocol-specific issues, those of course ought be in
> protocol-specific RFCs.
>
> If that were done, then I'd see far less reason to oppose an RFC on
> pure ML-KEM for TLS, (or other protocols), given it'd likely have a
> reference to that putative SEC area BCP.
I have no objections to pursuing an area-wide position, but I do think
that the order in which you're tackling these is suboptimal. The
sensible think it seems is to first reach consensus on the desired
language in the context of the current TLS WG draft, and only **then**
look to generalise it to an area-wide position.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
