I am in direct opposition to this proposal. ietf-tls-ecdhe-mlkem covers the same problem space but does it better.
Proponents of solo-PQ have not met their obligation to show clear advantages to this proposal over ietf-tls-ecdhe-mlkem The "strongest" arguments for this proposal are either clear misrepresentations of the cost difference to infrastructure operators, or outright fallacious claims regarding the value of ECC+PQ vs solo-PQ, as pointed out repeatedly by other reaspondants. Defense in depth is a fundamental security principle that we should all be aware of. There is no evidence to support the argument that weakening standards - that is, publishing a standard with fewer security features, namely solo-PQ - provides any value to TLS itself or operators implementing these standards. Therefore our default posture should be to provide additional defensive layering wherever and whenever the costs of additional layers is negligible compared to the overall costs of the standard, as is the case with ECC+PQ Thank you -Brian R
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
