On Fri, May 16, 2025 at 11:25 AM Eric Rescorla <e...@rtfm.com> wrote:
> On Fri, May 16, 2025 at 8:19 AM Salz, Rich <rs...@akamai.com> wrote: > >> I am not thrilled about adoption, for the reasons that EKR and Panos >> said. Further, I am concerned about us going back to the old days of >> “register every algorithm” which took years to evolve away from. >> >> >> >> We can assign code points based on drafts and let the world experiment. >> >> >> >> Can the authors -- or anyone actually -- provide a specific example of >> where they WANT to use SLH-DSA? Not COULD as the draft currently says. >> > > This would be helpful to me as well. > It would also be useful to understand why an RFC adds value over just having an IANA code point. Since the registry is Specification Required and FIPS 205 exists, someone could send email to IANA today and get code points as soon as Yoav/Rich/Nick response to email. In general, the only value that algorithm registration RFCs add are (a) clarifying any technical points, and (b) setting the "Recommended" field to "Y". It doesn't look to me like the draft makes any technical points (just says "do what FIPS 205 says"). Is "Recommended = Y" important enough to merit the work? It seems like the algorithm proliferation points that others have mentioned militate against it. Perhaps the best path is to register code points with "Recommended = N" (no RFC needed), see if anyone actually uses it, and then revisit the question of upgraded to "Y" after a while. --Richard
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
