On Fri, Apr 10, 2026 at 12:49:01PM -0700, Eric Rescorla wrote: > On Fri, Apr 10, 2026 at 12:31 PM Nico Williams <[email protected]> > wrote: > > Feel free to list all the RCE vulns I couldn't find. > > I don't know about "all the RCE vulns you couldn't find", but here are > a few you don't seem to have found: > > https://www.sentinelone.com/vulnerability-database/cve-2022-2274/ > https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143 > arguably: > https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731 (algorithm > specific)
Thanks. These meet the criteria. > At the risk of repeating myself endlessly, I agree that on balance > hybrids are a better choice, but that's a different assertion from the > one in the text we're discussing, which just says that hybrids are > simply more secure. I don't agree that that's true for the reasons > I've already stated. Then say what DJB and others really mean: that hybrids mitigate against as-yet-unknown weaknesses in ML-KEM and other PQCs. Surely that's why you think that "on balance hybrids are a better choice". Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
