On Jul 1, 2026, at 2:22 PM, Kevin Milner <[email protected]> wrote:
> 
> several very widely deployed libraries and applications are already 
> implementing pure ML-KEM (I believe several have been cited previously in the 
> discussion of this draft, by both sides), and I suspect more will over time.

Do you happen to have a few examples or a link to this so-called wall of shame? 
People have rolled their own libraries since the beginning. Just because people 
are releasing things doesn't mean the IETF has to put their name on everything 
with a meaningless RECOMMENDED=N.

> 
> It’s important to separate opposition to the rollout of non-hybrid PQC from 
> opposition to this draft.
> 

Someone from the Canadian Centre for Cyber Security (Canadian Government) 
literally wrote on list they are relying on this document to be published so 
they can recommend solo ML-KEM [0][1], and an expert PQ cryptographer [2] 
pointed this out in addition to their opposition.

In RFCs, nobody reads the part where it’s recommended or not. If they open the 
document, it’s because they’re looking for the implementation / protocol 
details. An RFC signals adoption by the IETF outside the IETF, whether the word 
“adopted” means _adopted_ here or not.


[0] Not surprising given the new C-22 spy bill.
[1] https://mailarchive.ietf.org/arch/msg/tls/uOeM5IRcYYjpNFlRyxEfo91q29c/
[2] https://mailarchive.ietf.org/arch/msg/tls/oxuqWPQ08itms6NxEPCiFVzVgtY/


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to