Hi Bas, Thank you for the feedback. We agree with your point and will update the draft text to highlight the risks of explicit configuration overriding PQC support (see the updated "Data Confidentiality" section in https://github.com/tireddy2/pqc_uta/pull/25/files).
Cheers, -Tiru On Mon, 1 Sept 2025 at 19:52, Bas Westerbaan <bas= [email protected]> wrote: > I support adoption. > > Understandably the document tries to be helpful listing the various ways > PQ can be configured, how PQ is different; what can go wrong; etc. This > also gives the consumer of the document a lot to read and a lot of choices > to make. I think it would be better if the document first focuses on what > makes good defaults, and what to do when the default is not good enough. > > Let me give a concrete example of a failure we should ponder. Today, many > users care about secure configuration. Say, we have an nginx user that's > worried about the default SSLLabs rating. They Google how to configure > NGINX better, and fine [1], which (among many other lines of gibberish for > that users) sets the curve list to P-384. With the release of 3.5.0 > OpenSSL enables X25519MLKEM768 by default, unless curves are specified > manually. This means that this proactive user doesn't get PQ, whereas a > less caring user does get PQ. > > Best, > > Bas > > [1] > https://ourcodeworld.com/articles/read/2088/how-to-configure-nginx-to-get-an-a-plus-ssl-labs-rating-using-lets-encrypt-certificates > > > On Mon, Sep 1, 2025 at 7:21 AM tirumal reddy <[email protected]> wrote: > >> Hi Bas, >> >> Please review the draft >> https://datatracker.ietf.org/doc/draft-reddy-uta-pqc-app/ and consider >> responding to the WG adoption call. >> >> Cheers, >> -Tiru >> >> ---------- Forwarded message --------- >> From: Alan DeKok <[email protected]> >> Date: Thu, 28 Aug 2025 at 17:57 >> Subject: [Uta] Call for adoption of draft-reddy-uta-pqc-app >> To: <[email protected]> >> >> >> Hi, this is a two week adoption call for draft-reddy-uta-pqc-app. The >> call for adoption will end on September 12. >> >> Please indicate either support or objections to the list. >> >> https://datatracker.ietf.org/doc/draft-reddy-uta-pqc-app/ >> _______________________________________________ >> Uta mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > Uta mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Uta mailing list -- [email protected] To unsubscribe send an email to [email protected]
