> You are characteristically cherry-picking quotes from other venues, drawing > false comparisons, and then demanding explanations. In a better-moderated > forum, this behavior would be sanctioned as disruptive.
I would like to discourage the use of these cheap rhetorical tactics. Opening an email like this serves to bias the reader against the person you’re debating by immediately implicating their character. Everyone always is cherry-picking to some degree. Nobody on this list is going through every single email point by point. God knows that if we were to do that to Dr. Bernstein’s thousand-page emails, we’d never be done! And yet, if it were you answering the email and someone accused you of “cherry-picking”, you could likely just as easily say something like “I don’t owe anyone the labor of going through point by point” or any other such flourish. These rhetorical flourishes are a dime a dozen. You can always pick the one that suits you best. It reminds me of those scenes in the Spielberg film on Lincoln when the state representatives are debating on the House floor. It’s just rhetorics. Dr. Bernstein’s debate style is absolutely exhausting, he writes very long emails and nitpicks on details that you may not care about, but he hasn’t dished out anything close to the amount of insults (most recently from Soatok, not from you), as well as this sort of underhanded attempts at discrediting his character which I think are not being employed in good faith. In the interest of being constructive, I’d like to point out that your own previous email today was in my opinion an excellent way to retort to Dr. Bernstein, especially the Sage script at the end (but the whole email is great anyway): https://mailarchive.ietf.org/arch/msg/tls/iDPFnBDE-mA6Ojii6xI9ODzerr4/ Why not stick to this style? It serves you better, and you annoy less people. Nadim Kobeissi Symbolic Software • https://symbolic.software > On 3 Jun 2026, at 7:08 PM, Filippo Valsorda <[email protected]> wrote: > > 2026-06-03 14:50 GMT+02:00 D. J. Bernstein <[email protected] > <mailto:[email protected]>>: >> Filippo Valsorda writes: >> > all easy to find >> >> Sorry, I still don't understand what you meant in claiming that there >> will be "exceedingly few bugs" in ML-DSA software. How many bugs and how >> many severe vulnerabilities are you estimating? Where are you getting >> these numbers from? >> >> Since your posting said that "a single broken key per month can be >> catastrophic" and that a disaster chance above 1% is unacceptable since >> "you are betting with your users' lives", I _think_ you're claiming that >> there's a >99% chance that there are zero severe vulnerabilities in the >> entire ML-DSA software ecosystem. But I'd appreciate a clear statement >> so that I'm sure I'm not misunderstanding something. > > You are characteristically cherry-picking quotes from other venues, drawing > false comparisons, and then demanding explanations. In a better-moderated > forum, this behavior would be sanctioned as disruptive. > > In particular, you are taking my statement that there is now a > 1% chance of > Ed25519/ECDSA/RSA being broken by a QC before 2030, and demanding I defend a > different statement about ML-DSA I did not make. If you're confused about > that, it's not my responsibility. I do stand by my assessment that the risk > of ML-DSA forgeries (due to bugs or cryptanalysis) is smaller than that of > Ed25519/ECDSA/RSA forgeries (due to bugs or quantum computers) or composites > forgeries (due to bugs or due to their rollout being slower than quantum > computers). > > You are also not engaging with the parts of the conversation that don't suit > your narrative, so this is not helping anyone, and this will be my last > reply. I do have one final question: are you going to publish a retraction of > your statements on the applicability and availability of Project Wycheproof > test vectors, now that they were shown to be factually inaccurate? > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
