On Tue, Jul 07, 2026 at 06:48:59PM -0400, Soatok Dreamseeker wrote: > > I don't know what you're arguing. If your argument is "don't get this > > wrong", then I agree 100%. If your argument harkens back to what I was > > originally responding to, namely that algorithm agility is bad, then I > > disagree 100%. > > If you wonder aloud why people are against algorithm agility and then are > astonished when someone explains how poorly thought-out algorithm agility > can introduce security footguns, I don't know what you expected. The > concept of algorithm agility is very broad.
That's not really an answer to my question is it. It comes off as a bit of an attempt at a personal gotcha. Past failures to get algorithm agility right do not and cannot mean that we must not do algorithm agility because it is unavoidable due to cryptographic algorithms aging out. There is irreducible complexity involved. The debatable points are about how to do it, not whether to have it. To that point I expressed a clear preference for doing it in-band, _inside TLS_ or whatever the protocol is rather than have to design new protocols with negotiation _somewhere_ and downgrade resistance. If you're arguing for algorithm agility not-that-way, then say that. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
