To the chairs and members of the TLS WG, yesterday's TLS session included a brief update on draft-ietf-tls-mlkem, in which a PR of mine [1] (it is a quick read, please go ahead) was grossly misrepresented [0] and subsequently closed.
Here is a transcript of the notes on the slide (excluding only a link to [1]): > - Changes Recommended = N to Recommended = D > - Does not align with `-ecdhe-mlkem` > - Would require IETF Standards Action with Expert Review or IESG Approval > - Would group ML-KEM with NULL ciphers, RC4, DES, EXPORT ciphers, MD5, etc No justification why that is done, and no mention of the very explicit main goal of the PR. The reader would be forgiven to think this is a three-line PR. The actual PR adds closer to 50 lines [2] and addresses some of the very valid concerns raised during the adoption call, specifically that for the average application a hybrid is to be preferred. It is very specific about only changing N to D as a means to communicate the risks involved with non-hybrids. I ask that the PR be reopened and discussed on factual terms, preferably on list where people can participate in the discussion. -- TBB PS: The technical issue here is not new and many on the list took issue with it during the WG adoption call. After the call I said that (unlike other participants) I will not appeal the adoption decision based on the possibility to participate in the document's text as part of normal WG activities. In fact, Paul Wouters brought additional security considerations up last weekend as part of his evaluation following an appeal [3]. Waking up one morning and discovering that not only have any changes been rejected with little to no factual discussion of their merits, but also hearing the speaker talk about "the only open issue before we do (maybe) a WGLC" feels like a straight up slap in the face, if you please excuse the language there. [0] https://youtu.be/zTAuEx9Otys?si=5hllRBXbjkkG1E8o&t=1909 [1] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6 [2] https://github.com/tlswg/draft-ietf-tls-mlkem/pull/6/files [3] https://mailarchive.ietf.org/arch/msg/tls/dzPT8KQe4S-_pZROLUJMvS9pM0M/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
