On Tue, Jul 07, 2026 at 11:22:37AM -0700, Eric Rescorla wrote: > On Tue, Jul 7, 2026 at 11:05 AM Jan Zerebecki <[email protected]> wrote: > > I think we should have learned from history of TLS and other protocols > > that having multiple possible algorithms is a security problem. > > I don't think we've learned that. Quite the contrary, the ability to have > multiple algorithms is what is allowing a smooth transition to > hybrids.
100%. I don't quite understand the hate for algorithm agility. Suppose we had no algorithm agility, then what? We'd occasionally have to retire entire protocols and switch to new ones that differ mainly only as to algorithms, easy, right? But wait! we'd have to support negotiation and deal with downgrade attacks, so it'd be back to algorithm agility, only with extra steps. No thanks. See also RFC 7696, section 3.3. Is there a standard answer to this reply, one that works? I don't think there is. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
