[TLS] Re: RFCs on weakened crypto are not fixed by warnings
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 08 April 2026 20:09 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 79C05D851570 for <tls@mail2.ietf.org>; Wed, 8 Apr 2026 13:09:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775678996; bh=BEQoXJNjm59yXrchuxqfBOxlmIdufxz8s5sA65tM5vo=; h=Date:From:To:Subject:Reply-To:References:In-Reply-To; b=cQWUSKq3xKc6rj0eYqtAQo6VE5N/DY1bFH8mh97GvAnWdTTDqkJFwapeeg1O4bXyl Lyh87qYjoIMSfwJLrnjYrR9cJp12kunyhAx8iHPXyBOX9l2hfEqoc4/EYAlaATjfgO XTeggPzKFA15R8rVAV2JavziM6jRt9+G+cwpMn/U=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VzHjLNFWQiq5 for <tls@mail2.ietf.org>; Wed, 8 Apr 2026 13:09:55 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7FAEED8514E2 for <tls@ietf.org>; Wed, 8 Apr 2026 13:09:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1775678981; h=date : from : to : subject : message-id : reply-to : references : mime-version : content-type : in-reply-to : content-transfer-encoding : from; bh=BEQoXJNjm59yXrchuxqfBOxlmIdufxz8s5sA65tM5vo=; b=EU6hJQbftnwBWDao1qvb13M78+uO75HiiFizrUy4Y2WxBth50oPC2I4br3Dj8545ZuEtp 3TEZ+gXkKF1wR/pGqOyE44O7h7vUjsYJ3LfIwukOIDxFh3vmKYWAJ2tk7dvQcsZwyZzIOLZ Xa1maQtMm9J9ScyA1MBfJrM9rX6yAZc=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id E64D6937704; Thu, 09 Apr 2026 06:09:41 +1000 (AEST)
Date: Thu, 09 Apr 2026 06:09:41 +1000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <ada2BSdJ5MwIWDWs@chardros.imrryr.org>
References: <20260408194014.928705.qmail@cr.yp.to>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <20260408194014.928705.qmail@cr.yp.to>
Mail-Followup-To: <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: TW4LFI74NX7L53QF25UPKA6GSXHISY2J
X-Message-ID-Hash: TW4LFI74NX7L53QF25UPKA6GSXHISY2J
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: tls@ietf.org
Subject: [TLS] Re: RFCs on weakened crypto are not fixed by warnings
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Koy0lRaXd7-q4I6YYoBcsM_MGpc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Wed, Apr 08, 2026 at 07:40:14PM -0000, D. J. Bernstein wrote:
> Viktor Dukhovni writes:
> > I haven't seen any objections to publishing with caveats
I wasn't clear enough about the context, I meant to say any objections
**by those who support publication** to publishing with caveats (if
that's what it takes to publish). Which is course quite different.
> The statements of opposition are much more commonly asking for the
> document to be stopped (at least at this time). Stopping the document is
> a much safer result than issuing the document with a caveat.
Well, now I briefly have your attention, I feel obligated to say that
while I agree that use of hybrids are a safer bet, I don't agree that
not publisheing is "safer" or accomplishes anything worthwhile. All
that not publishing will do is to move the action elsewhere, where the
caveats are more likely to be neglected. Some delay in deployment may
perhaps result, but non-hybrid (ML-KEM) is being used and will be used
more widely over time. At least that's the way I see it, choosing to
be pragmatic despite some natural proclivity to at times be dogmatic.
--
Viktor. 🇺🇦 Слава Україні!
- [TLS] RFCs on weakened crypto are not fixed by wa… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… D. J. Bernstein
- [TLS] Re: RFCs on weakened crypto are not fixed b… Viktor Dukhovni
- [TLS] Re: RFCs on weakened crypto are not fixed b… Muhammad Usama Sardar
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann
- [TLS] Re: RFCs on weakened crypto are not fixed b… Bas Westerbaan
- [TLS] Re: RFCs on weakened crypto are not fixed b… Peter Gutmann