On Sun, Jul 5, 2026 at 11:18 AM Tim Bray <[email protected]> wrote:
> I assume that most participants in this discussion have read Sophie > Schmieg’s https://keymaterial.net/2025/11/27/ml-kem-mythbusting/ > Sure. > which among other things explains why intelligence agencies might like to > use ML-KEM; their reasons include a common existing policy of > double-encryption of highly-sensitive material. > Well, the problem is that another euphemism for "intelligence agency" is "wiretap enthusiast". And they might not be /your/ wiretap enthusiasts. But you can definitely try to push things through by calling people dumb. A pyrrhic victory. > Personally I’m a fan of hybrid encryption and apparently so are these > people, where one leg of the hybrid is ML-KEM and the other leg they’re not > going to tell us about. I can see why they’d want a stable spec. Tbh this > is the only convincing use-case I’ve heard for pure PQC, but it’s not a > terrible one. > Except that it has already happened that they screwed this up. I bet people within the NSA disagree on this matter. <https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg/> But look at this message: <https://mailarchive.ietf.org/arch/msg/tls/VMtr7zp0HrsN1IclONnVIvwiY28/> That intentionally (maybe? unclear who ncsc.gov.uk people are) misstates my message to make it seem like I want to park it as an I-D. "Because we're trying to figure out how best to make the world a peaceful place. There's an old saying in Tennessee, I know it's in Texas, probably in Tennessee, that says "Fool me once, shame on...shame on you. Fool me...you can't get fooled again. We've got to understand the nature of the regime we're dealing with." < https://www.gettyimages.com/detail/video/president-george-w-bush-delivers-his-famous-fool-me-once-news-footage/1271658781 > thanks, Rob
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
