[TLS] Re: WG Adoption Call for Post-Quantum Hybrid ECDHE-MLKEM Key Agreement for TLSv1.3

["D. J. Bernstein" <djb@cr.yp.to>]

Sean Turner writes:
> BCP 79 makes this important point:
>   (b) The IETF, following normal processes, can decide to use
>     technology for which IPR disclosures have been made if it decides
>     that such a use is warranted.

https://cr.yp.to/2025/bcp-79-issues.html covers that argument (giving
the same quote), and also covers the following counterargument: "this is
overridden by BCP 79’s subsequent text (quoted above) imposing a more
specific requirement upon mandatory-to-implement security technology and
imposing a higher bar for exceptions".

The page also distinguishes the two separate BCP 79 requirements at
issue. What matters at adoption time is BCP 79's change-control
requirement; that requirement doesn't have the same exceptions. The
other requirement can be met after adoption, as I explained before, so I
think the TLS discussion of that can and should be deferred, especially
if people are confusing it with the change-control requirement.

Note that this differs from the situation in LAMPS, where a spec is on
the same patented algorithm but is at a different WG stage (last call),
forcing consideration of both of the BCP 79 issues (if that spec can
reach consensus otherwise, which hasn't been established at this point).

Anyway, https://cr.yp.to/2025/bcp-79-issues.html includes links for all
of these arguments and counterarguments. I believe the page covers every
point that has been raised, structured in a way that shows when point B
is in response to point A. I'd appreciate it if anyone who sees anything
missing can let me know, of course on list for transparency.

---D. J. Bernstein