On Mon, Feb 23, 2026 at 7:41 AM Dennis Jackson <ietf=
[email protected]> wrote:
> On 23/02/2026 15:21, Kurt Roeckx wrote:
>
> 2. Bit harder: do we discourage ("D") or stay neutral ("N") on quantum
> vulnerable algorithms? Recall that "N" is defined as
>
> Do you expect implementations to actually follow this soon? That is, remove
> it from their default? At least D implies to me that it should be disabled by
> default. And I don't think we're ready for that.
>
>
> Getting endpoints to support (and prefer) hybrid key exchange is a big win
> for practical security and there's no reason not to do it as soon as
> possible.
>
> Getting endpoints to remove their non-PQ support barely moves the needle
> for security and will take a very long time.
>
Not to mention would cause a huge amount of breakage.
-Ekr
Tying the two together in one draft might give non-experts the incorrect
> idea that they do need to do both with equal urgency.
>
> I'd actually prefer to keep this simple for now: just mark the
> algorithms in draft-ietf-ecdhe-mlkem Y and leave the other questions
> for later.
>
> I agree with Ekr.
>
> _______________________________________________
> TLS mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
