On Tue, Jul 07, 2026 at 06:48:59PM -0400, Soatok Dreamseeker wrote:
> > I don't know what you're arguing.  If your argument is "don't get this
> > wrong", then I agree 100%.  If your argument harkens back to what I was
> > originally responding to, namely that algorithm agility is bad, then I
> > disagree 100%.
> 
> If you wonder aloud why people are against algorithm agility and then are
> astonished when someone explains how poorly thought-out algorithm agility
> can introduce security footguns, I don't know what you expected. The
> concept of algorithm agility is very broad.

That's not really an answer to my question is it.  It comes off as a bit
of an attempt at a personal gotcha.

Past failures to get algorithm agility right do not and cannot mean that
we must not do algorithm agility because it is unavoidable due to
cryptographic algorithms aging out.  There is irreducible complexity
involved.

The debatable points are about how to do it, not whether to have it.  To
that point I expressed a clear preference for doing it in-band, _inside
TLS_ or whatever the protocol is rather than have to design new
protocols with negotiation _somewhere_ and downgrade resistance.  If
you're arguing for algorithm agility not-that-way, then say that.

Nico
-- 

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to