On Fri, May 16, 2025 at 10:39 AM Simon Josefsson <si...@josefsson.org> wrote:
> Eric Rescorla <e...@rtfm.com> writes: > > >> but getting RFCs published helps and some may > >> have processes in place that would need to be changed to allow use of > >> this if there is no RFC available. > >> > > > > I agree that this is generally true, but again it would be helpful to > hear > > specifically from people for whom RFC publication would make a > difference. > > Didn't my statement count? What kind of entity are you thinking of here? > Your statement was: > I intend to work on both of the above for GnuTLS and would like to see > RFCs for these. I hope people will deploy these extensions even if IETF > block RFC publication, but getting RFCs published helps and some may > have processes in place that would need to be changed to allow use of > this if there is no RFC available. I read this as "I intend to work on this either way, but perhaps some people won't deploy unless there is an RFC". I'm asking to hear from said people. > In my experience, the kind of entitites that have a preference to only > use widely standardized and implemented protocols are the entitites that > passively follow others, and they aren't likely to chime in and voice > their opinion at earlier phases. Unless I misunderstand what kind of > entity you are looking for, I think a request to hear from such > entitites is not reasonable at earlier phases of standardization, and > cannot be expected. We routinely ask for statements of interest in technologies and whether people intend to deploy them. It's one the most relevant questions for whether the IETF should standardize a technology. I agree that the question of "does it matter if there an RFC" is somewhat different, but I think it's a reasonable one at this stage given the known deficiencies of SL-DSA. > As a parallel, the crypto community standardized Rijndael so that others > can refer to it as AES today. I don't think many entities that demand > AES today would have cared to voice any opinion for or against Rijndael > back in the days. I agree that many people didn't care whether it was Rijndael and were happy to leave that question to NIST, but there was plainly a lot of demand for a standardized successor to DES. In this case, we *just* adopted a PQ digital signature algorithm, so the question is whether there is demand for a second standardized one. -Ekr
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
