[TLS] Re: WG Last Call: draft-ietf-tls-mlkem-07 (Ends 2026-02-27)

Tue, 24 Feb 2026 07:49:14 -0800 

Hi David,
Yes, my example is intentionally sillier so that my point is illustrated clearly: should the IETF be drafting documents because they facilitate lucrative corporate contracts at the expense of compositional security guarantees, or should it be drafting documents based purely on what is in the public interest? 


To me, it seems like this draft exists because it lets Cisco and Red Hat 
sell more things, at the expense of compositional security guarantees. 
My Triple-DES example would also similarly reduce security guarantees, 
even though it's more transparently a bad idea.


Nadim Kobeissi
Symbolic Software • https://symbolic.software

On 2/24/26 3:46 PM, David Adrian wrote:

Hi Nadim,


 > If Cisco or Red Hat or whoever has big customers, or if some 
government passes a regulation, that asks for TLS 1.3 to incorporate 
Triple-DES as its symmetric cipher, then should the IETF be passing 
drafts that accommodate this?


Luckily, what you're describing here is a completely different thing.






On Tue, Feb 24, 2026 at 7:18 AM Eric Rescorla <[email protected] 
<mailto:[email protected]>> wrote:




    On Mon, Feb 23, 2026 at 10:04 PM Nico Williams
    <[email protected] <mailto:[email protected]>> wrote:

        On Tue, Feb 24, 2026 at 06:48:54AM +0100, Nadim Kobeissi wrote:
         > If the code points already exist then why can’t we just
        follow Richard Barnes’ proposal:

        Because there was a concensus call on adoption, and the WG
        chairs called
        the consensus as being in favor of adoption.  There have been
        appeals,
        and the appeals did not succeed (I'm not inviting a sub-thread about
        that, just stating the current state of play).

        I argued against adoption.  But given that it was adopted,
        publication
        can't be held up by a desire for a different outcome to the adoption
        call.


    As a matter of process, this is simply untrue. WGs need consensus
    for the
    document at the time of publication, notwithstanding the outcome of the
    adoption call. The chairs have some power to structure the argument
    to rule out repeated discussion of questions that have been asked and
    answered, but at the end of the day, documents need consensus to
    proceed.

    -Ekr

    _______________________________________________
    TLS mailing list -- [email protected] <mailto:[email protected]>
    To unsubscribe send an email to [email protected] <mailto:tls-
    [email protected]>



_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]





























					Reply via email to