Dear all,

As a cryptographer,

I do not support the publication of the draft.

Like several people before me, I view this as a security management
problem. The extra costs of using established ECC crypto amount to a mere
fraction of the requirements of ML-KEM and seem acceptable even on low-end
devices.

Opting for a hybrid solution is the more conservative and, in my opinion,
the more responsible approach.

Some comments:
It seems condescending to call people "crypto wannabes". [1]
Likewise, it does not seem to help an open environment to "wish people
would gain some IETF experience before speaking up." [2], while referencing
some people as
"first-rate cryptographers" [1] or "credible cryptographers" [3] without an
objective category.
Should we regard (skilled) cryptographers who work for a government agency,
which is known for attempts to subvert crypto standards, as "credible
cryptographers"?

"There is some disagreement, but the credible cryptographers - except one -
do support the publication." [3]
This is not true, misleading, and quite frankly, disrespectful, looking at
who has opted to reject the draft already.

Many greetings,
Sven Schäge


[1] https://mailarchive.ietf.org/arch/msg/tls/GQx88kTOHI_mR35-7AxDWkbzvVI/
[2] https://mailarchive.ietf.org/arch/msg/tls/EqhBS9lVvOSgOzl5Csc9aGgRsoY/
[3] https://mailarchive.ietf.org/arch/msg/tls/c_U097NIib1JrjeLbXqzXJ7Rscg/


>
>
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to