Hi Rich,
On 5/4/26 15:00, Salz, Rich wrote:
* I had sincerely proposed what I believe is a good middle ground to
move on. WG is free to trash my proposal.
Okay then. Your proposal is not a middle ground.
What are the sides from your perspective and what would be a middle
ground if not this?
> It says that hybrids are better.
When better is defined as "two hard problems are more secure than one
maybe hard problem" or "one new failure cannot result in a practical
break of the protocol" then it follows that hybrids are better.
If we're not talking about "better" in the context of security but byte
overhead or energy efficiency, then we'd need some other definitions for
the word better, I suppose.
I still maintain that a document that defines A is not the place for
an A compared-to B comparison.
Where should it go if not there?
If it should go somewhere else, would a reference to that other place
also be wrong?
From the mailing list traffic, several other long-timers agree with that.
This reads as an appeal to authority over a reasonable analysis that is
related to Usama's formal proof. I do not find it compelling and it
appears as dismissive to Usama's efforts. What's the constructive
counter proposal other than writing as if hybrids don't exist or that
PQC without a hybrid construction isn't a novel risk?
Long-timers can be wrong and given the Dual_EC history and various
related drafts, they might even be wrong twice for the concerns raised
by Usama and others.
Kind regards,
Jacob Appelbaum
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
