On 19.02.26 20:03, Salz, Rich wrote:
I honestly want to know your technical reasons, but patience is finite
If someone's patience is short, please take the time to address my concern which I hope is technical enough :)
Is breaking formal analysis (as pointed in [0]) not a "technical reason" for the WG? Please show me a proof that ML-KEM is more secure than hybrid.
For RFC8773bis, when a constant "zero" was replaced by a secret (external PSK), FATT was very worried about it and demanded me to do a formal proof.
Now when a secret (EC)DHE is replaced by a completely new secret "shared_secret" coming from fancy new crypto, FATT will not be worried about it? How could it possibly be the case? I can't believe it. What am I missing? For transparency, please share the FATT report with the WG.
Also, kindly share the name of the FATT point person for this draft and please give me permission to talk to him/her directly to avoid any misunderstandings by relaying via list/chairs.
-Usama [0] https://mailarchive.ietf.org/arch/msg/tls/M-dTIUXdG_x7OtweBcOCp0bFcZQ/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
