On 30.06.2026, at 04:10:41, [email protected] wrote:
> 
> I’m opposed to the publication of this document. We can’t trust ML-KEM to 
> stand on its own against classical attacks yet. The hybrid approach is more 
> secure and worth the 3% cost during key exchange.
> 
> After Q-Day, hybrids are still more secure for a while. Because if an actor 
> breaks the post quantum part, he may not have access to the quantum hardware 
> that breaks the classical part yet. We should drop ECDHE only when quantum 
> computers are ubiquitous.
> 
> Michael Gouin


Exactly my thoughts.
And even though Kevin Milner clarified:
>  "those supporting the draft are not ‘for solo ML-KEM.’ The draft is to 
> specify the method to do solo ML-KEM, in contrast to having unstandardised 
> third-party implementations. 
> A vote ‘for solo ML-KEM’ would be with respect to the IANA registry, not with 
> respect to a specification for how to do it.”

I’m afraid that people would mis-judge the publication as being “good enough” 
to be used.

So I do not support the publication.


Marc Stibane


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to