I do not support the publication of this document.

One of the practically relevant advantages of TLS 1.3 relative to TLS 1.2 (and below) is its use of more secure defaults. Experience shows that unnecessarily weakened variants such as the TLS_AES_128_CCM_8_SHA256 cipher suite in TLS 1.3 will frequently show up in web server configurations. This cipher suite is almost always not intentionally enabled by the web server admins. IANA marking this cipher suite as "not recommended" doesn't really help in practice. I'd expect very similar problems with draft-ietf-tls-mlkem-08.

Best regards
Andreas Bartelt

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to