Dear all

I do not support the publication of this document.

I already expressed my points in the past but allow me to say that some 
specific concerns I have on security (successful classical attacks on PQ 
algorithms) cannot be addressed in some few months, in any possible manner. I 
understand certain people are becoming increasingly worried by an accelerated 
arrival of a CRQC, but I am also worried of things that can happen (and has 
already happened) in the meantime.

Given the considerable and excellent work already done to deploy hybrid ML-KEM, 
I think taking advantage of such work at maximum is a reasonable thing to do.

Moreover, to be honest even the mere publication of an RFC actually saying that 
something else is preferred seems a weak strategy in this critical moment of 
the cryptographic transition where many are still preparing, and even more 
importantly it might well also raise questions in the head of several people 
out there, given the relevance of the transition to PQC to many different 
actors, different vendors and others.

I do not think it is yet the time to have RFCs with specifications that one 
should not use by default.

Thank you for your kind attention
Fabiana
Team Leader Post-Quantum Cryptography

European Commission
DG Communications Networks, Content and Technology
Unit C4 – Emerging & Disruptive Technologies

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to