I believe the final paragraph of the email below breaches the IETF code of 
conduct, specifically:

"Regardless of these individual differences, participants treat their 
colleagues with respect as persons especially when it is difficult to agree 
with them: treat other participants as you would like to be treated."

"IETF participants have impersonal discussions.        We dispute ideas by 
using reasoned argument rather than through intimidation or personal attack."

Use of an ad hominem attack undermines rational discussion and fails to provide 
logical reasoning.


Andrew

On 7 Jul 2026, at 05:52, Ken Kubota <[email protected]> wrote:

I object to the proposal to publish draft-ietf-tls-mlkem-*.

Replacing a hybrid (double-encryption) mechanism with a non-hybrid 
(single-encryption) mechanism introduces significant and obvious risks without 
providing any corresponding benefits.

Given that, during the recent NIST PQC standardization process, even one of the 
finalists dropped out, removing a safety belt and relying exclusively on a 
relatively new algorithm not only jeopardizes cryptographic security but also 
appears irresponsible.
OpenSSH reached the appropriate conclusion by adopting a hybrid approach [1].

With regard to the process itself, genuine consensus (including a "rough 
consensus") cannot be achieved under conditions of censorship [2].

I find it astonishing that Daniel J. Bernstein, a cryptographer, whose 
algorithms run half of the internet or more and who has an outstanding track 
record of pushing back against attempts to weaken cryptography, has received no 
response for nearly two months (14 Jun 2025 to 13 Aug 2025), even after 
providing, as requested, a permanent link [3].

By contrast, when two NSA employees openly support an approach [4] that clearly 
reduces or potentially compromises cryptographic security, the obvious conflict 
of interest raises the broader question of whether IETF procedures should be 
reviewed.

Kind regards,

Ken Kubota

____________________________________________________

Ken Kubota
https://doi.org/10.4444/100



[1] "New features
------------

* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
  exchange method by default ("[email protected]").
  The NTRU algorithm is believed to resist attacks enabled by future
  quantum computers and is paired with the X25519 ECDH key exchange
  (the previous default) as a backstop against any weaknesses in
  NTRU Prime that may be discovered in the future. The combination
  ensures that the hybrid exchange offers at least as good security
  as the status quo.

  We are making this change now (i.e. ahead of cryptographically-
  relevant quantum computers) to prevent "capture now, decrypt
  later" attacks where an adversary who can record and store SSH
  session ciphertext would be able to decrypt it once a sufficiently
  advanced quantum computer is available."
   https://www.openssh.org/txt/release-9.0

[2] "Consensus decision making
The general rule on how Working Groups make decisions is that the Working Group 
has to come to "rough consensus", meaning that a very large majority of those 
who care must agree, and that those in the minority have had a chance to 
explain why and their points have been addressed, even if they were not agreed 
with."
   https://www.ietf.org/process/wgs/#consensus

[3] https://mailarchive.ietf.org/arch/msg/tls/X8-3pmioGxFZX3T0tRsdxPWKx3I/

[4] https://mailarchive.ietf.org/arch/msg/tls/XIckyKVIEgKNus-koXOLooFpU54/ and 
https://mailarchive.ietf.org/arch/msg/tls/ZX2lWkx4FApNZ8q787wIEpn7USg/
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to