I do not support publication of this document.

I started publishing cryptographic software, with full source code, during the 
First Crypto War [1], and actively continue to publish both software and other 
resources [2][3]. 
I mention my tenure because I believe that cryptographers need to have long 
memories; all too often history has a funny way of repeating itself.

History has shown the long-term danger of narrowing security margins to satisfy 
immediate external pressures. 
Of course, the most famous example is when the key size of IBM's original 
design was gutted down to 56 bits for the final DES standard, artificially 
reducing its structural strength to the point that it could be broken. [4]

My technical argument is that, from a first-principles cryptographic 
standpoint, the security architecture of a hybrid key exchange is superior to a 
standalone deployment, by removing a Single Point of Failure (SPOF). 
A hybrid key exchange is defined precisely by its ability to combine multiple 
algorithms to "provide security as long as at least one of the component 
algorithms remains secure." [5]

The WG should not repeat the mistake of establishing a weaker cryptographic 
specification for the global internet.

Respectfully submitted,
Tony Patti

[1] https://cryptosystemsjournal.com/ 
[2] https://www.linkedin.com/groups/3901854/
(in 2011 I founded the LinkedIn group "Cryptographers and Cryptanalysts", has 
grown to 17,000+ members)
[3] https://cryptosystemsjournal.com/curated-cryptology-compendium.html 
[4] https://en.wikipedia.org/wiki/EFF_DES_cracker 
[5] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to