| ▲ | teravor 2 hours ago | |||||||||||||
no one argues we shouldn't. you made the argument that we should abandon ECC by not doing hybrid, in my opinion it's an extremely weak argument because it assumes Q-Day will arrive. don't change goalposts.the article you linked supports my position.
in fact, it makes the argument (if not directly) for a concatenation of multiple schemes. I'm all for it, hybrid++. | ||||||||||||||
| ▲ | some_furry 2 hours ago | parent [-] | |||||||||||||
> you made the argument that we should abandon ECC by not doing hybrid, Where did I ever make that argument? In both TFA and my previous blog post, I've made it abundantly clear that I'm pro-hybrid. My argument is simply: 1. The claimed benefits of ECDH hybridization evaporate immediately the moment Q-Day happens. No one disputes this. 2. Harvest Now, Decrypt Later (HNDL) is the primary threat we face today during the uncertain times where we don't know if Q-Day will ever happen. Advocating for PQ+ECC hybrids over PQ is fine. But fear-mongering about PQ in this threat model is self-defeating: Once Q-Day happens, your only source of security is PQ anyway, so if we're going to do hybrids with today's threat model in mind, PQ+PQ is the way you really want to go (and PQ+PQ+EC if you really want EC). The blog post you're commenting on says this explicitly. I'm not anti-hybrid. I'm anti "this is an NSA ploy" bullshit. And the IETF mailing list thread I'm mentioning is stuffed with this kind of irritating conspiracy theory rhetoric. I even link to, and quote, two examples of this. | ||||||||||||||
| ||||||||||||||