> Just to clarify my position a little, based on what some others > have said: I'd prefer this not be published at all for a few years > at least. > > I'd also prefer we develop a security area BCP that covers the > hybrid vs. pure KEMs topic and make that a normative reference > for all RFCs documenting pure PQ KEMs. > > Much worse than either of the above would be to add specific text > to this document saying we prefer hybrids. But at the very least > that has to be done. If that's done soon and there's another WGLC > for this document, I'll still oppose publication on the basis of > the 1st two reasons above.
+1, especially to the first two paragraphs. I might be convinced to agree to publication for the sole purpose of early experimentation with designated code points. That is, IF we find a method (or combination of multiple thereof) to make absolutely sure that everyone using this is aware of the risks, which I currently doubt is possible. -- TBB
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
