"I don't feel like a CRQC will ever eventually exist" doesn't seem like a
position that would convince, in recent memory, any of e.g. U.S.
government, the French government, or - say - Google (maybe we should ask
people if they're connecting to the Internet broadly via Google Chrome,
which holds ~69% (nice) share of the global browser market by my napkin
math).

On Wed, Jul 8, 2026 at 11:12 PM Benjamin Kaduk <bkaduk=
[email protected]> wrote:

> On Wed, Jul 08, 2026 at 11:27:26PM +0000, Blumenthal, Uri - 0553 - MITLL
> wrote:
> >    Of course, that’s obvious. However, this has nothing to do with the
> point
> >    I’ve been making — and which, apparently, keeps falling on a deaf
> ear:
> >    If ML-KEM does fail — does not matter why (bad ML-KEM design, all
> lattices
> >    get broken, only Modules, etc.) — whatever sensitive data is
> protected by
> >    ML-KEM today or in the near future, will fail with ML-KEM.
> >    TL;DR: if your data needs to outlive CRQC, ECC does not help.
> >    > I have strong reasons to believe you are wrong . . .
> >    In what?
> >    Please explain which one(s) of the above statement(s) is(are) wrong.
>
> "whatever sensitive data is protected by ML-KEM today or in the near
> future,
> will fail with ML-KEM" is only true in a world when a CRQC ever exists,
> and is
> trivially wrong otherwise.  Your TL;DR includes that factor but the
> preceding
> statement does not.
>
> It's clear that you are confident that a CRQC will eventually exist, but
> based
> solely on public data that is not guaranteed.  And while what counts as
> "sensitive data" for you may need to remain confidential for decades, that
> is
> not true for everyone's sensitive data; if the relevant timeframe is just
> a few
> years after which loss of confidentiality is not a big deal, then the
> tradeoffs
> and cost/benefit analysis can easily reach a different conclusion.
>
> -Ben
>
> _______________________________________________
> TLS mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to