Hi Ted, To quote the Paul Wouters acting as Security AD at the time, from [0], "No Working Group within the IETF requires formal verification proofs. Although we sometimes would like to see them, the IETF lacks the resources to mandate formal proofs. Drafts can and will move forward without such proofs or their independent verifications."
As it stands, Usama and I both evaluated the results of Nadim's reproducible evaluation and found that it aligned with expectations. == Absolutely in no way do we substitute for a security conference == , but I can affirm we are all working independently from each other and we didn't find any issue. Since the results align with what the I-D already suggests, I think citing an independent effort with reproducible tests is as fair as much of what the IETF produces under "rough consensus" without any such artifacts at all. Cheers, Nathanael [0] https://mailarchive.ietf.org/arch/msg/seat/zukouF3pkoln5qenAUYy4eIs3nE/ On Mon, 8 Jun 2026 at 10:03, Ted Lemon <[email protected]> wrote: > Andrew, I guess your point is that people who are not cryptography experts > but are academics and do understand how research is done should > nevertheless not concern themselves with whether such studies have been > replicated? We should just assume that individual experts are right and > have not made mistakes? > > Forgive me, but I don't think this is how science works. Rich's question > makes perfect sense to me. What doesn't make sense is anyone here engaging > in vituperative attacks in response to his question. > > On Mon, Jun 8, 2026, at 5:51 PM, Andrew Lee wrote: > > On Mon, Jun 8, 2026 at 8:18 AM Salz, Rich <rsalz= > [email protected]> wrote: > > > I am not qualified to review your work. Nor am I qualified to review most > of what Karthik or Cas writes about. > > > Mr. Salz, with all due respect, why are you making comments about the > qualifications of his work when you, yourself, admit that you are "not > qualified to review" his work? This seems, at the least, disingenuous. > > To be clear, I respect you and everyone here on this, and generally the > IETF lists, and sincerely hope we can all get back to the material and > factual research instead of attacking the messenger. > > Sincerely with all respect, > Andrew > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
