I do not support publication of this document. I started publishing cryptographic software, with full source code, during the First Crypto War [1], and actively continue to publish both software and other resources [2][3]. I mention my tenure because I believe that cryptographers need to have long memories; all too often history has a funny way of repeating itself.
History has shown the long-term danger of narrowing security margins to satisfy immediate external pressures. Of course, the most famous example is when the key size of IBM's original design was gutted down to 56 bits for the final DES standard, artificially reducing its structural strength to the point that it could be broken. [4] My technical argument is that, from a first-principles cryptographic standpoint, the security architecture of a hybrid key exchange is superior to a standalone deployment, by removing a Single Point of Failure (SPOF). A hybrid key exchange is defined precisely by its ability to combine multiple algorithms to "provide security as long as at least one of the component algorithms remains secure." [5] The WG should not repeat the mistake of establishing a weaker cryptographic specification for the global internet. Respectfully submitted, Tony Patti [1] https://cryptosystemsjournal.com/ [2] https://www.linkedin.com/groups/3901854/ (in 2011 I founded the LinkedIn group "Cryptographers and Cryptanalysts", has grown to 17,000+ members) [3] https://cryptosystemsjournal.com/curated-cryptology-compendium.html [4] https://en.wikipedia.org/wiki/EFF_DES_cracker [5] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
