Thank you Markku for your message. I stated my concerns building on the fact that there have been bad attacks to algorithms that were quite advanced in the NIST competition and that no one has a crystal ball for cryptanalysis. Even if ML-KEM has undergone more analysis, the long time needed in the cryptanalysis domain to ensure full confidence should be considered. I think this is common good sense.
Obviously the fact that migration is necessary and even urgent is not under discussion ! In light of this, considering that already huge and admirable efforts have been done by some on deploying hybrid ML-KEM, I think we should built on such efforts. Also, while I obviously understand that this draft is not meant to replacing/removing the “hybrid” solution, as I said I do not think it is yet the moment to have this RFC. Initiatives like HORIZON-CL3-2025-02-CS-ECCC-04 - and also HORIZON-CL3-2025-02-CS-ECCC-05 and others - are precisely meant to give resources and appropriate time to the community to increase confidence. I obviously expect those projects to deliver on their promises. Thank you for your kind attention Fabiana Fabiana Da Pieve Program Manager [cid:[email protected]] European Commission DG Communications Networks, Content and Technology Unit C4 – Emerging & Disruptive Technologies
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
