> On Jun 4, 2026, at 1:21 PM, Salz, Rich <[email protected]> > wrote: > > we add a statement on preference of hybrids and refer to the paper in the > security considerations of draft-ietf-tls-mlkem. > We already do that by marking the hybrid as RECOMMENDED=Y and the pure-ML-KEM > as RECOMMENDED=N >
This happened after a significant amount of time and was deliberately steered toward the opposite of said result before fury from outside of the list (the greater internet) helped bring accountability to those who had hoped for ML-KEM standalone. Interestingly, despite the availability of scientific methods to identify the best path forward, as proven by Dr. Kobeissi in this thread, there was no interest in treading this path prior to making dangerous recommendations to the populace. While things turned out for the better in this case, thanks to Dr. Bernstein and Dr. Kobeissi, and several other members here [1] who were willing to speak up and go against the “false consensus,” [2] we cannot rely on a few heroes to protect the global populace in the future. It may seem like we achieved a “win” here and even feel at peace and wish to rest; this is not that time. Let’s not sweep this under the rug. Consensus is broken in a way that allows bad actors to push questionable security standards which makes every person in the world vulnerable. The IETF’s organization, and procedures therein, needs a serious refactor. Examples: 1) Consensus was declared by chairs although the overall group consensus was that consensus hadn’t yet been achieved. 2) IETF Chairs are participating in Lord of Flies style Piggy character assassination on social media while pretending to be “unbiased” and “mature." All of this said, the one thing that brings me solace is that it’s now customary procedure in the IETF to perform verifications on things of this nature, and any push for adoption, prior to, will absolutely be a signal for nefarious activity going forward. It would be a strong signal should the WG adopt this new custom as a standard, go forward, requiring formal/symbolic analysis prior to making any recommendations. [1] Thank you as well, Mr. Salz, sir, for all of your work foremost, and also for your vote toward hybrid. [2] There were most certainly bad actors [3] who voted for non-hybrid, while some were likely not paying enough attention or perhaps misinformed/under-briefed. [3] People (or paid agents of some kind and from some state) working to undermine global security.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
