On Tue, Feb 24, 2026 at 09:22:30PM +0100, Toerless Eckert wrote:
> I think it's a +1 if i recommend to not explicitly mention the ISE
> track option, because the ISE is really VERY independent, and i don't
> think that the random crypto algo/use-case would suit the ISE track.
> So it's NOT a generic fallback option IMHO that we should enlist in
> the doc if it should go forward.
Nevertheless, the ISE published RFC8998. If for some reason, we
collectively decide that non-hybrid MLKEM is so unpalatable that
even standards-track + Recommended=N is unacceptable, then I see
no reason why the ISE route would not be an option.
It seems to me that punting the specification to the ISE would have
little practical effect on deployment of ML-KEM key exchange groups
in TLS. The consequences of the ISE route that come to mind are:
- The working group and IESG lose an opportunity to fine-tune the
text to ensure that desired caveats are present in the security
considerations section.
- It becomes a DOWNREF for any hypothetical future standards-track
RFCs that might want to normatively cite it.
- Our collective conscience is not stained by the act of agreeing
to publish the document as a sufficient basis for interoperable
implementation.
If we can't agree to publish roughly what we have now, my preference
would be that the chairs send the document back to the WG to address
two issues:
- Stronger caveats in the security considerations section, that
specifically call out the novelty of the construction and the
risk of catastrophic failure in the should it fall to a novel
attack.
- Otherwise, the text should focus on just the technical details
of the specification. No claims of advantage for a particular
market segment or audience. Such claims are controversial and
unnecessary. All that's needed is clarity in combination with
an an adequate security considerations section.
Given the multiple caveats around non-hybrid designs that many would
like to see recorded, a WG document seems to be a more effective way
to get that done.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
