| ▲ | chrismorgan a day ago |
| > there are already ML-KEM-only implementations in various libraries, so if we want interoperability then it's best to have a standard document “People are already doing it, so we might as well rubber-stamp it even if it’s not great” introduces problems of its own: people will perceive that rubber-stamping as validating it, and now they’ll use it even more, where perhaps if you held back, they wouldn’t. (There are counter-arguments as well, of course. A couple of relevant cases that spring to mind where a body has not aligned with usage or expectations: W3C lost control of HTML, and it was probably for the best, but they remain a relevant body in closely-related areas; and OSI licence approval is a horribly broken political process which is almost universally misunderstood and close to frozen in time, yet they haven’t suffered like they should have for their misdeeds, they pretty much got away with it. There was also that thing somewhat recently about FedRAMP rubber-stamping Microsoft Cloud despite it failing dismally, because US government agencies had already started using it too much; and I wonder what that does to their credibility.) This is also a concern with informational/independent submissions through IETF. They are frequently perceived as having IETF/standards weight. |
|
| ▲ | tptacek a day ago | parent | next [-] |
| These are arguments, but I don't really understand what they're arguments for. At issue here is whether or not the IETF should document usage of pure-MLKEM TLS. There are environments where people are going to use pure-MLKEM TLS, whether Bernstein likes it or not. His argument is that the IETF should pretend that isn't happening, and throw up weird procedural obstacles to it. |
| |
| ▲ | chrismorgan a day ago | parent | next [-] | | I know approximately nothing about the specific case here, and don’t believe I have any skin in the game. I intended my comment purely abstractly: I’m not commenting on anything technical, merely mentioning a procedural concern: that the line I quoted can sound reasonable, but that I don’t think it’s actually a reasonable argument by itself, because of the likely consequences of such actions. (That is: if that happened to be the only argument—though I doubt it is—there’s a compelling case for rejecting it.) | |
| ▲ | g-b-r a day ago | parent | prev | next [-] | | If it's documented it will be implemented by many more libraries and applications, that's the argument | | |
| ▲ | tptacek a day ago | parent [-] | | It already exists. In fact, there are environments where it has to exist. So the argument he's making is that the IETF should pretend it doesn't exist. | | |
| ▲ | g-b-r a day ago | parent [-] | | Can you (or someone else) please give some example of those environments? | | |
|
| |
| ▲ | rasengan a day ago | parent | prev [-] | | [flagged] |
|
|
| ▲ | throw0101d a day ago | parent | prev [-] |
| > “People are already doing it, so we might as well rubber-stamp it even if it’s not great” introduces problems of its own: people will perceive that rubber-stamping as validating it, and now they’ll use it even more, where perhaps if you held back, they wouldn’t. The GOST cipher, which is Russia's AES equivalent, is also in an RFC: * https://datatracker.ietf.org/doc/html/rfc9189 * https://en.wikipedia.org/wiki/GOST_(block_cipher) Is the IETF validating its use? The GOST document is categorized in the same way as the one currently being debated/discussed: Informational. It also has "N" under the "Recommended" column (like ML-KEM-only will have): * https://www.iana.org/assignments/tls-parameters/tls-paramete... |
| |
| ▲ | ekr____ 19 hours ago | parent [-] | | In fairness, I do think that this situation is somewhat different. As I noted above (https://news.ycombinator.com/item?id=48812792), there are two main routes to an Informational RFC of this kind. * Through the IETF * Through the Independent Stream The GOST documents went through the Independent Stream and therefore do not have IETF imprimateur. These documents are proposed for the IETF Stream and therefore require IETF Consensus to publish. I know this is all super confusing. The basic problem is that the vast majority of RFCs come out of the IETF and so people often act as if all RFCs do. This is of course in part why people pursue Independent Stream publication rather than just publishing things on their own.. | | |
| ▲ | throw0101d 17 hours ago | parent [-] | | I have gotten flack for giving ULA+NPTv6 as a possible solution to an IPv6 multi-homing issue because the RFC that describes it was 'only' "Experimental": * https://datatracker.ietf.org/doc/html/rfc6296 When I pointed out that the NAT(44) RFC (1631/3022) was 'only' "Informational" I got radio silence: * https://datatracker.ietf.org/doc/html/rfc1631 | | |
| ▲ | ekr____ 17 hours ago | parent [-] | | I have no opinion on ULA+NPTv6, other than Experimental doesn't mean you shouldn't use it. How else would people experiment. It does mean that the level of vetting by the IETF is potentially lower. WRT IPv4 NAT, I'm not sure how much we can infer from the status. Many people at IETF were (and some still are) very anti-NAT, in part because they felt that IPv6 was the right solution. As a result, the IETF really avoided doing anything that looked like it was endorsing NAT, even though it's obviously just a fact of the Internet. | | |
| ▲ | throw0101d 9 hours ago | parent [-] | | My general point is that the category or track of an RFC may mean different things to different people (assuming they're even aware of them at all). |
|
|
|
|