On Thu, Jul 2, 2026 at 2:39 PM Orr Dunkelman <orrd=
[email protected]> wrote:

> Well, you are right - RFC 9189 should not have been standardized.
>

It was not. It's Informational and It's an Independent Submission/


I would guess that once there is an RFC that says this is the Kuznyechik
> block cipher (namely, RFC 7801),
>

Another Independent Submission.



> it is a bit harder to say to people - hey, this cipher, which appears in
> an RFC, cannot be used in TLS, because we found problems in the cipher.
> This is why whatever was in ISO _before_ the issues were discovered, was
> left and not removed, whereas the new stuff was not accepted.
>

As a matter of policy, the TLS WG has a very permissive policy towards code
point registrations, essentially only requiring that you have a document.
The
rationale behind this policy is that forbidding people from having code
points
for algorithms is not an effective way of restricting their use. In certain
cases,
once the WG has decided that an algorithm is insecure we will forbid their
use (e.g., RC4) and mark them as "Recommended=D", but we don't do that
as a matter of course for algorithms that are not widely used.

I know I'm repeating myself, but this is also the situation for MLKEM; there
is already a code point registration. All that is being discussed here is
whether
we will publish an Informational IETF RFC specifying it.

-Ekr
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to