| There can be arguments about the life expectancy of hybrids - from zero to CRQC appearance - but can be no objection to the point that once CRQC is here, only pure PQ will make sense.
Thus, arguing against pure PQ makes no sense in my opinion: you may be able to delay long enough to avoid hybrids, but there’s no way you’d avoid pure PQ. — Regards, Uri
Secure Resilient Systems and Technologies MIT Lincoln Laboratory
Hi Rich, thanks for your clarification, indeed my phrasing was not ideal. I’ll take your comment as a chance to clarify my stance. Code point assignment and deployment support are distinct considerations. In practice, non-experimental production
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside the Laboratory.
ZjQcmQRYFpfptBannerEnd
Hi Rich, thanks for your clarification, indeed my phrasing was not ideal. I’ll take your comment as a chance to clarify my stance.
Code point assignment and deployment support are distinct considerations. In practice, non-experimental production deployments generally rely on both assigned code points and a published standard.
Concerns about the proliferation of standards introducing support for additional code points are not uncommon on this list. I note a similar concern here in support of delaying this draft.
At present, the process risks creating the impression of a “first-to-standard” outcome, where publication effectively determines the direction of deployment before the trade-offs have been fully examined, possibly even stalling the progress of other drafts. In particular, the argument that introducing additional options increases complexity has been raised repeatedly on this list, but it does not seem sufficient on its own to guide decisions in a security area WG. It would be preferable to more explicitly evaluate the security properties of hybrid and non-hybrid approaches and reach a position that can inform what should-and should not-be advanced to standard.
Best regards,
Nicola Tuveri
Code points are assigned when a stable reference is available, as you might recall from the long threads on the pure ML-KEM draft. So I don’t think your stated rationale makes sense.
|
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
