logoalt Hacker News

tptacektoday at 2:54 AM3 repliesview on HN

These are arguments, but I don't really understand what they're arguments for. At issue here is whether or not the IETF should document usage of pure-MLKEM TLS. There are environments where people are going to use pure-MLKEM TLS, whether Bernstein likes it or not. His argument is that the IETF should pretend that isn't happening, and throw up weird procedural obstacles to it.


Replies

chrismorgantoday at 3:32 AM

I know approximately nothing about the specific case here, and don’t believe I have any skin in the game. I intended my comment purely abstractly: I’m not commenting on anything technical, merely mentioning a procedural concern: that the line I quoted can sound reasonable, but that I don’t think it’s actually a reasonable argument by itself, because of the likely consequences of such actions. (That is: if that happened to be the only argument—though I doubt it is—there’s a compelling case for rejecting it.)

rasengantoday at 7:10 AM

As I thought you were aware [1], RFCs are treated as a green light by industries. In the last call itself, the Canadian Cyber Centre said they would use this RFC in particular to justify recommending solo ML-KEM across their nation, proving this point.

[1] Sadly, I know you are aware.

g-b-rtoday at 3:02 AM

If it's documented it will be implemented by many more libraries and applications, that's the argument

show 1 reply