Mastodawn

The IETF TLS chairs have now issued a "last call" for objections to non-hybrid signatures in TLS. Do they admit that their previous "last call" re non-hybrid KEMs ended up with a _majority_ in opposition, and that many opposition statements obviously also apply to signatures? No.

Show thread

ARGVMI~1.PIF 22h ago

@djb

Why do they want non-hybrid KEMs and signatures, anyway? Seems like a bad idea to protect all of everything with nothing but unproven crypto.

Show thread

Daniel J. Bernstein 22h ago

@argv_minus_one I have an introductory chart https://blog.cr.yp.to/20260221-structure.html showing the arguments and counterarguments.

Most common argument from proponents: NSA is asking for non-hybrids, ergo support non-hybrids. This argument works for (1) companies chasing NSA money, (2) companies that take any excuse for extra options as a barrier to entry for competitors, and (3) people who think that "NSA Cybersecurity" isn't a conduit for https://www.eff.org/files/2014/04/09/20130905-guard-sigint_enabling.pdf but rather an independent pro-security agency.

Show thread

rsalz 21h ago

@darkuncle Sorry to see you promoting this. He's done great work, but this whole thread is crazy conspiracy thinking.

Show thread

Scott Francis 21h ago

@rsalz DJB sees a conspiracy where one may not exist ... but has a history of seeing one where it did very much in fact exist.

I think cryptographers erring on the side of extreme caution is a net benefit (and his points about unjustified and unexplained foot-dragging and resistance on Classic McEliece adoption have been well documented)

Show thread

rsalz 21h ago

@darkuncle Yes, erring on the side of extreme caution is right. But you completely discount Bas Westerban, Sophie Schmeig, etc?

Show thread

Scott Francis

@rsalz not at all! Bas and Sophie in particular are awesome cryptographers and good people; I'm just saying that proceeding with the assumption that cryptographic proposals from NSA require greater-than-average skepticism seems wise based on the history.