I do not support the publication of this document.I am from semi-government as an IT professional. Other than a founded interest in cybersecurity and encryption I have no background in the topics at hand. However I am dependent on them for providing me a reference framework on how to incorporate security measures into my IT solutions.
For my work I need to have a baseline or other guidelines on what the "smart persons in this world" advise me on these topics. I consider this advice normative, irrespective of the (in-)formal role of the IETF. I also consider this advise as the reference baseline. So if I've made my decision on a certain security solution I will not check again for the next 5 years (I do have work to do).
From where I stand the whole MLKEM discussion is an academic one. And the reasons for this are simple. And unfortunately only cynical in nature: (1) The scammers out there are there to get us. (2) The intelligence agencies of governments are out there to get us. So I need you to tell me what I need to do to keep my shop more secure for the next 5 years than it was in the past 5 years.
For me, the intense discussion here is a mere confirmation that this draft should not be implemented. If it had the best outcome, you (collectively) wouldn't have brought to this level of intensity. It's simply not ready. I see no benefits as I can already can do the things as advised in its current form. I don't need more of the same as a published reference.
Regards, Koos Pol
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
