| ▲ | some_furry 3 days ago | |
If you're reading this thread wondering why the IETF wants an informational (non-standards track), Recommended=N RFC that specifies how to use ML-KEM without ECDH, there's some important background reading. https://mailarchive.ietf.org/arch/msg/tls/SXo4iVmp0ng_vi57ce... https://keymaterial.net/2025/11/27/ml-kem-mythbusting/ Additionally, I wrote my own blog posts recently that toucbed on the subject. Signatures: https://soatok.blog/2026/04/13/hybrid-constructions-the-post... Threat modeling but also KEMs: https://soatok.blog/2026/06/30/soatoks-informal-guide-to-thr... The main industry that's hamstrung by an RFC being blocked are telecom companies (e.g., Verizon) who by policy need an RFC and also have other regulations. I prefer hybrid KEMs, but support publication because getting those companies onto PQ is harm reduction against Harvest Now, Decrypt Later (HNDL) attacks, and ECDH doesn't help if our confidence in the security of ML-KEM turned out to be wrong. | ||