The two independent layers is all about implementation, not cryptography. If you look at the more detailed solutions that implement two layers you'll see separate boxes with firewalls, intrusion detection, etc. placed between them. That concept is orthogonal to a discussion of multiple algorithms.
Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Ken Kubota <[email protected]> Sent: Tuesday, July 7, 2026 5:47:51 PM To: William Layton (GOV) <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [TLS] WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08) Why the apparent change of position? In this PDF document, the NSA consistently requires the exact opposite: a hybrid approach (two tunnels/layers). "The security against a passive attack targeting Data in Transit (DiT) across Public Black networks is provided by the layered encryption of two independent tunnels (Inner and Outer) using a specific selection of security protocols as instructed in each CP. The two independent Encryption Components provide confidentiality and high-level assurance for the solution, because the adversary should never be able to exploit a single cryptographic implementation to compromise both tunnels. Two layers of Data at Rest (DAR) Commercial National Security Algorithm (CNSA) encryption are employed to provide confidentiality and mitigate passive attacks of stored data. The DAR components are independent in a number of ways to mitigate the ability of an adversary to exploit a single cryptographic implementation to compromise both layers." This document is available at: https://web.archive.org/web/20260425180701/https://www.nsa.gov/portals/75/documents/resources/everyone/csfc/threat-prevention.pdf It is also still available on the NSA website. Originally referenced in: https://mailarchive.ietf.org/arch/msg/spasm/ytjNpbERE-YgKw-7c_w-ZRUA1Fw/ The questions raised there remained unanswered: https://mailarchive.ietf.org/arch/msg/spasm/WJMl6inph8t8m898kcBzhpWZC0o/ Kind regards, Ken Kubota ____________________________________________________ Ken Kubota https://doi.org/10.4444/100 Am 07.07.2026 um 22:08 schrieb [email protected] <[email protected]>: I support publication. Implementors will make their own decisions. This algorithm choice looks likely to be implemented in multiple places, so having clear documentation of both security considerations and technical details (as provided by the draft) is worthwhile for those who might choose to use it. -Bill _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
