On Wed, Mar 6, 2024, 10:48 AM Rob Sayre <say...@gmail.com> wrote: > > On Wed, Mar 6, 2024 at 9:22 AM Eric Rescorla <e...@rtfm.com> wrote: >> >> >> >> On Wed, Mar 6, 2024 at 8:49 AM Deirdre Connolly <durumcrustu...@gmail.com> >> wrote: >>> >>> > Can you say what the motivation is for being "fully post-quantum" rather >>> > than hybrid? >>> >>> Sure: in the broad scope, hybrid introduces complexity in the short-term >>> that we would like to move off of in the long-term - for TLS 1.3 key >>> agreement this is not the worst thing in the world and we can afford it, >>> but hybrid is by design a hedge, and theoretically a temporary one. >> >> >> My view is that this is likely to be the *very* long term. > > > Also, the ship has sailed somewhat, right? Like Google Chrome, Cloudflare, > and Apple iMessage already have hybrids shipping (I'm sure there many more, > those are just really popular examples). The installed base is already very > big, and it will be around for a while, whatever the IETF decides to do.
People can drop support in browsers fairly easily especially for an experimental codepoint. It's essential that this happen: if everything we (in the communal sense) tried had to be supported in perpetuity, it would be a recipe for trying nothing. > > thanks, > Rob > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls