Dear all, As a cryptographer,
I do not support the publication of the draft. Like several people before me, I view this as a security management problem. The extra costs of using established ECC crypto amount to a mere fraction of the requirements of ML-KEM and seem acceptable even on low-end devices. Opting for a hybrid solution is the more conservative and, in my opinion, the more responsible approach. Some comments: It seems condescending to call people "crypto wannabes". [1] Likewise, it does not seem to help an open environment to "wish people would gain some IETF experience before speaking up." [2], while referencing some people as "first-rate cryptographers" [1] or "credible cryptographers" [3] without an objective category. Should we regard (skilled) cryptographers who work for a government agency, which is known for attempts to subvert crypto standards, as "credible cryptographers"? "There is some disagreement, but the credible cryptographers - except one - do support the publication." [3] This is not true, misleading, and quite frankly, disrespectful, looking at who has opted to reject the draft already. Many greetings, Sven Schäge [1] https://mailarchive.ietf.org/arch/msg/tls/GQx88kTOHI_mR35-7AxDWkbzvVI/ [2] https://mailarchive.ietf.org/arch/msg/tls/EqhBS9lVvOSgOzl5Csc9aGgRsoY/ [3] https://mailarchive.ietf.org/arch/msg/tls/c_U097NIib1JrjeLbXqzXJ7Rscg/ > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
