Hi all,Not to go into an endless loop here, but just to mention: My technical objection is outstanding and has not been addressed to date. The broader IETF consensus is captured in [0], since it is in the publication queue. I have a formal proof for that for TLS. Please clarify what you see wrong in my proof. To overturn that broader IETF consensus captured in [0], proponents have to come up with strong technical arguments, because the burden of proof here is on the proponents, not the opponents.
Neither making meta arguments (like A-B; rechartering; "milk") nor presenting a one-sided story (like counting of proponents) seems to be helpful. Please address the technical objections technically, not by exhausting the opponents.
Also to say that I will respond only to technical arguments, and no longer to these meta points. That doesn't mean my objection is addressed.
It increasingly feels to me that if we had adopted Stephen's draft [1] and focused even a small fraction of the energy we have spent on debates on ML-DSA and ML-KEM, we would have been far better.
On 06.05.26 02:58, Blumenthal, Uri - 0553 - MITLL wrote:
Well, I’ve been participating in the IETF WGs only since ̴1992, so how would I know…
I am very naive in process things but I'm happy to know that I learnt in less than 34 years that "consensus" is not the same as "rough consensus." Chairs declared the former not the latter.
But there’s a difference between “declaring” a consensus (which you kindly attributed to me), and repeating what the Chairs already stated a while ago (especially when some people keep contesting their decision).
I don't see how repetition helps, especially without adding any technical argument and without addressing my technical objection.
IMHO, the only “key participant” remaining in this WG today is Eric Rescorla.
To the best of my understanding, Ekr has been swinging back and forth. Very recently he has been in /strong opposition/ of publishing such drafts: see [2]. I fail to understand what changed it suddenly to support the publication of this draft, since it seems to be in the same category as pointed out in [2].
In particular, I also haven't seen him refuting my proof of security of hybrids.
>> Considering the ratio of the “objectors” to the “supporters”,
the consensus seems to be there.
Sincerely, -Usama[0] https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-19.html#section-9.1
[1] https://datatracker.ietf.org/doc/draft-farrell-tls-pqg/ [2] https://mailarchive.ietf.org/arch/msg/tls/vIGryOB0TU_vD81HUUxXQUNdnN0/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
