Hybrid and Pure have different risk profiles and trade-offs. It makes sense to let the user pick what suits best. That has been the traditional approach at IETF (being around for 20+ years, you should know), until some individual(s) with “holier than thou” attitude started insisting on “only my way is good enough - forbid everything else”.
Thus, while I agree that the two original statements can sound confusing - they do make sense (to me, at least). — Regards, Uri Secure Resilient Systems and Technologies MIT Lincoln Laboratory > On Jun 30, 2026, at 05:09, Yaakov Stein <[email protected]> wrote: > > > This Message Is From an External Sender > This message came from outside the Laboratory. > Uri, > > I think you missed my point. > > The statement made was > hybrid is LESS secure (so pure ML-KEM should be used) > he doesn’t support publishing pure ML-KEM (so hybrid should be used). > > I was just a bit confused about how these two statements are to be reconciled. > > Y(J)S > > From: Blumenthal, Uri - 0553 - MITLL <[email protected]> > Sent: Monday, June 29, 2026 6:52 PM > To: Yaakov Stein <[email protected]>; [email protected] > Subject: Re: [TLS] Re: WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08) > > >> * For the time being, hybrid cryptography appears clearly less secure than > >> solo post-quantum cryptography > >> I do not support the publication of this document. > > > > Less secure but should be used ? > > Hybrid will always be less secure, if (a) you agree that CRQC is coming, and > (b) your data will remain sensitive through that time. > > Therefore, IMHO it should not be used — but unlike some others on this list, > I want those who have reasons to use Hybrid, to be able to do so, without > having to convince me that they truly really want/need it. > This message is intended only for the designated recipient(s). It may contain > confidential or proprietary information. If you are not the designated > recipient, you may not review, copy or distribute this message. If you have > mistakenly received this message, please notify the sender by a reply e-mail > and delete this message. Thank you.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
