Dear all I do not support the publication of this document.
I already expressed my points in the past but allow me to say that some specific concerns I have on security (successful classical attacks on PQ algorithms) cannot be addressed in some few months, in any possible manner. I understand certain people are becoming increasingly worried by an accelerated arrival of a CRQC, but I am also worried of things that can happen (and has already happened) in the meantime. Given the considerable and excellent work already done to deploy hybrid ML-KEM, I think taking advantage of such work at maximum is a reasonable thing to do. Moreover, to be honest even the mere publication of an RFC actually saying that something else is preferred seems a weak strategy in this critical moment of the cryptographic transition where many are still preparing, and even more importantly it might well also raise questions in the head of several people out there, given the relevance of the transition to PQC to many different actors, different vendors and others. I do not think it is yet the time to have RFCs with specifications that one should not use by default. Thank you for your kind attention Fabiana Team Leader Post-Quantum Cryptography European Commission DG Communications Networks, Content and Technology Unit C4 – Emerging & Disruptive Technologies
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
