I do not support the publication of this document.
One of the practically relevant advantages of TLS 1.3 relative to TLS
1.2 (and below) is its use of more secure defaults. Experience shows
that unnecessarily weakened variants such as the
TLS_AES_128_CCM_8_SHA256 cipher suite in TLS 1.3 will frequently show up
in web server configurations. This cipher suite is almost always not
intentionally enabled by the web server admins. IANA marking this cipher
suite as "not recommended" doesn't really help in practice. I'd expect
very similar problems with draft-ietf-tls-mlkem-08.
Best regards
Andreas Bartelt
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]