New blog post: "Bugs happen: The easy way to compare solo PQ to ECC+PQ." https://blog.cr.yp.to/20260704-bugs.html #pqcrypto #bugs #vulnerabilities #hybrids
Daniel J. Bernstein
@djb@mastodon.cr.yp.to
Designing cryptography (deployed now: X25519, Ed25519, ChaCha20, sntrup, Classic McEliece) to proactively reduce risks. Coined phrase "post-quantum" in 2003.
- Microblog (including tweet archive)
- https://microblog.cr.yp.to
@cazabon After the WG chairs non-consensually ram a document through the WG, the decision to issue an RFC is made by "IESG", a committee of a dozen or so people where the majority are employees of defense contractors (plus one NSA lifer, Deb Cooley): https://archive.cr.yp.to/2026-06-25/07:39:46/T1FKlGNI1p875U2wBe-_XpptOkDGXM7sKvKMgtJVVO0/https/mailarchive.ietf.org/arch/msg/last-call/MwSAqD8nZGEHCeCefH82zE4AYBE/
IETF's rules force IESG to solicit community input, but not to pay attention to the input. The only real shot to stop this is the "51%" rule: the WG chairs can't proceed with only 51% or less of the WG.
Mike StJohns (not mentioning his DoD employment): "We tend to be able to differentiate between an individual's considered opinion and an unconsidered solicited 'vote' " ... Were the chairs already planning this when in https://archive.cr.yp.to/2026-07-04/09:42:09/4tKUIl5FSz3AqWJndmdORIE1aRf1SV5-8DoiAV-z0A8/https/mailarchive.ietf.org/arch/msg/tls/7l8RfNfdCABM0HYpGrbx-Eja5p0/ they asked voters to say just yes/no?
50 people have filed objections now! See https://nsa.2026.action.cr.yp.to to catch up and add your own voice. Some proponents are trying to discourage inputs by claiming disenfranchisement powers, but IETF's "51%" rule (https://web.archive.org/web/20251217213247/https://www.rfc-editor.org/rfc/rfc2418.html) says they _cannot_ proceed with 51% or less.
GCHQ's "Peter C" pushing RFC for draft-ietf-tls-mlkem: "An Internet Draft ... is not sufficient as most SDOs (including the IETF) won't allow their standards to cite I-Ds normatively." Same Peter C yelling at opponent: "While ... is standards track, draft-ietf-tls-mlkem is not."
@letoams "There is no formal membership in the IETF. Participation is open to all. This participation may be by on-line contribution, attendance at face-to-face sessions, or both. Anyone from the Internet community who has the time and interest is urged to participate in IETF meetings and any of its on-line working group discussions."
You're trying to disenfranchise real people by calling them "sockpuppets". You hype a few pseudonymous objections, ignoring pseudonymous _support_ statements.
NSA lost IETF's February 2026 vote on this NSA-driven document. See https://blog.cr.yp.to/20260405-votes.html for tallies. Do they admit what happened? No. They call another vote and try hard to pack the room with new pro-NSA voters. But if we show up and object, all they can do is whimper.