On 2026-07-07 20.22, Eric Rescorla wrote:
On Tue, Jul 7, 2026 at 11:05 AM Jan Zerebecki <[email protected] <mailto:[email protected]>> wrote:

    I think we should have learned from history of TLS and other protocols
that having multiple possible algorithms is a security problem.

I don't think we've learned that. Quite the contrary, the ability to have
multiple algorithms is what is allowing a smooth transition to
hybrids.

Right, I should have phrased that more carefully. I at least missed to add the word potentially before security problem. Version n and version n+1 being compatible and being used for transition from one cipher to the next generation is good if there is no easier way. Both the transition mechanism itself and each transition are a source of potential security problems. But not initiating a transition when it is needed is worse and then not having a properly prepared mechanism in TLS would be even worse.


--
Best regards,
Jan Zerebecki

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to