I am in direct opposition to this proposal. ietf-tls-ecdhe-mlkem covers the
same problem space but does it better.

Proponents of solo-PQ have not met their obligation to show clear
advantages to this proposal over ietf-tls-ecdhe-mlkem

The "strongest" arguments for this proposal are either clear
misrepresentations of the cost difference to infrastructure operators, or
outright fallacious claims regarding the value of ECC+PQ vs solo-PQ, as
pointed out repeatedly by other reaspondants.

Defense in depth is a fundamental security principle that we should all be
aware of. There is no evidence to support the argument that weakening
standards - that is, publishing a standard with fewer security features,
namely solo-PQ - provides any value to TLS itself or operators implementing
these standards.

Therefore our default posture should be to provide additional defensive
layering wherever and whenever the costs of additional layers is negligible
compared to the overall costs of the standard, as is the case with ECC+PQ

Thank you
-Brian R
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to