On Tue, Jul 07, 2026 at 11:22:37AM -0700, Eric Rescorla wrote:
> On Tue, Jul 7, 2026 at 11:05 AM Jan Zerebecki <[email protected]> wrote:
> > I think we should have learned from history of TLS and other protocols
> > that having multiple possible algorithms is a security problem.
> 
> I don't think we've learned that. Quite the contrary, the ability to have
> multiple algorithms is what is allowing a smooth transition to
> hybrids.

100%.

I don't quite understand the hate for algorithm agility.  Suppose we had
no algorithm agility, then what?  We'd occasionally have to retire
entire protocols and switch to new ones that differ mainly only as to
algorithms, easy, right?  But wait! we'd have to support negotiation and
deal with downgrade attacks, so it'd be back to algorithm agility, only
with extra steps.  No thanks.

See also RFC 7696, section 3.3.

Is there a standard answer to this reply, one that works?  I don't think
there is.

Nico
-- 

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to