I just realized that I have yet to reply to this thread. As mentioned elsewhere, I oppose publication of this draft mainly due to too broad advocacy.
While I see the need for a stable reference for e.g. CNSA 2.0, this is no reason for an RFC, only for a stable reference, which is being discussed on another thread. We should only publish this once we are collectively convinced that ML-KEM, when implemented, provides adequate security. This is not the case. Until that point, we should push for hybrids. What we need is a clear warning against non-hybrids, with clearly delineated exceptions. I still support Stephen's idea of a BCP regarding hybrids. -- TBB
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
