Thank you Markku for your message.

I stated my concerns building on the fact that there have been bad attacks to 
algorithms that were quite advanced in the NIST competition and that no one has 
a crystal ball for cryptanalysis. Even if ML-KEM has undergone more analysis, 
the long time needed in the cryptanalysis domain to ensure full confidence 
should be considered. I think this is common good sense.

Obviously the fact that migration is necessary and even urgent is not under 
discussion !
In light of this, considering that already huge and admirable efforts have been 
done by some on deploying hybrid ML-KEM, I think we should built on such 
efforts.

Also, while I obviously understand that this draft is not meant to 
replacing/removing the “hybrid” solution, as I said I do not think it is yet 
the moment to have this RFC.

Initiatives like HORIZON-CL3-2025-02-CS-ECCC-04 - and also 
HORIZON-CL3-2025-02-CS-ECCC-05 and others - are precisely meant to give 
resources and appropriate time to the community to increase confidence. I 
obviously expect those projects to deliver on their promises.

Thank you for your kind attention
Fabiana


Fabiana Da Pieve
Program Manager

[cid:[email protected]]

European Commission
DG Communications Networks, Content and Technology
Unit C4 – Emerging & Disruptive Technologies

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to