Hi Ekr,

I wholeheartedly agree with you and have a lot of respect for you. But I deeply apologize for not following your plea because the record needs a factual correction here. A WG participant has /repeatedly/ misrepresented my position. Despite my previous complaint to the chairs [2] and a reminder by the chairs [3], this is still not stopping. If someone has deep trouble with something I said, I once again kindly ask to please double-check it with me off-list first before attributing positions to me on list that I absolutely do not hold.

===

Hi all,

Without taking any position on any of the items in the appeal, I would like to correct the record since I have been misrepresented here as "an example."

I have to wrap up my drafts until the cutoff, so I don't have further time for back-and-forth on this matter.

On 03.07.26 21:09, Nathanael Ritz wrote:
On Tue, 30 Jun 2026 at 12:53, Andrew Lee <[email protected]> wrote:
> IV. A footnote does not constitute disruption
>

If you are curious if this uncertainty really truly manifests, an example is present here [0] where the participant goes out of their way to confirm with DJB that quoting him is permissible, stating in part: "Quoting below as per your permission in [1]." As I see it, the presence of that disclaimer appears unique to DJB's technical input, and represents a genuine, non-renewable (read: "disruptive") investment of time.

How much /genuine, non-renewable investment of time/ do folks think it took me to write my 7-word phrase that is quoted here? I did not time it when I wrote but I am pretty sure anything above a few seconds would be quite an exaggeration. And it was one-time permission, which I don't need to re-attest each and every time. I would expect D.J.Bernstein to inform me when something changes in his notices that invalidate the existing permission.

Now compare this honestly with how much time it takes me to correct the record that Nathanael keeps misrepresenting. Respectfully, much more than that. So ironically, contrary to what is represented in the above, Nathanael is the one who is consuming my "genuine, non-renewable investment of time" on the list.

Besides, in my understanding, the decision to declare "Including derivate work notices" as disruptive has been done by officers of the IESG [4]. As I am not on the IESG, I am not responsible for it and have absolutely nothing to do with this matter. I would appreciate not being drawn into this matter, as I had no involvement in that IESG decision. As I understand, chairs are just following [4] and keep reminding us (almost) every month [5]. It is also my understanding that if D. J. Bernstein will send an email without these notices, chairs would let his email go through.

While we are on this topic, let me also clarify my perspective. While I do have a strong difference of opinion with D. J. Bernstein in that I consider the formal proof for ML-KEM as sufficient and he does not, I acknowledge his contributions and have respect for his opinion. One of the things I have learnt from him during ML-DSA discussion is the SUF-CMA vs. EUF-CMA, which I think I have misunderstood for quite a long time. So FWIW, I do believe he is making technical contributions to the WG. I have also not been able to formally disprove any of his claimed technical arguments. So I have no reason to believe he is technically wrong. My only substantial technical concern with him regarding ML-KEM is that he does not show me a concrete attack.

My substantial procedural concern with him in [0] quoted here was not his notice at all but his tone toward John. I am not a lawyer and wasn't able to make sense of his notice as to whether it allows me to quote or not. That's the reason I asked for permission in the first place. Given his attestation, his notice does not bother me at all, as I choose not to read it.

===

Unless I have missed something in the bunch of emails:

 * nobody from the opponents have shown a concrete attack on standalone
   ML-KEM in TLS
 * nobody from the proponents have concrete evidence for me to see how
   many bits of X25519 CRQC is actually going to break.

Hence, I stay 'no opinion' on WGLC.

Given the heat the three codepoint drafts have produced, in IETF 126, I'll propose the idea to make a new WG CryptTLS for all such codepoint drafts to happen in that WG, so that we can focus our energy on TLS extensions. As I understand Sofia to be saying, a typical TLS participant is not a cryptographer and TLS is not a good place for such debates. We have many new members who seem to be interested in such debates, so forming a new WG may be good. We can offer the proposed WG the formal analysis services if they would need.


Time spent navigating procedural hurdles instead of focusing on the technical point.

Exactly. Correcting repeated misrepresentations of my position is itself time spent on procedural matters rather than technical discussion.

Sincerely,

-Usama

[0] https://mailarchive.ietf.org/arch/msg/tls/LvjJJGQIUER1k__G0Gorak8YfJQ/

[1] https://mailarchive.ietf.org/arch/msg/last-call/oKrCjFfDUYoePOVSyWQ-URQU9Fk/

[2] https://mailarchive.ietf.org/arch/msg/tls/jy1vb5EQvC2fItf5n8iTmahwotg/

[3] https://mailarchive.ietf.org/arch/msg/tls/r_pkryXALfFLtMccvE6Mnj4wrhQ/

[4] https://datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-derivative-works-rights/

[5] https://mailarchive.ietf.org/arch/msg/tls/cEUcbe27qZUBnapkDMExOmHC5I4/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to