Replying to an earlier post

@djb note this exact strategy was attempted by the vendors who didn’t want TLS 1.3 to happen because ephemeral key exchanges were made mandatory in TLS 1.3 ruining their network monitoring capabilities. They sent lots of people to try and block TLS 1.3, but the attempts didn’t work.

The IETF has experience with people sending sockpuppets. It is sad to see you attempt a similar strategy.

Replying to an earlier post

@letoams "There is no formal membership in the IETF. Participation is open to all. This participation may be by on-line contribution, attendance at face-to-face sessions, or both. Anyone from the Internet community who has the time and interest is urged to participate in IETF meetings and any of its on-line working group discussions."

You're trying to disenfranchise real people by calling them "sockpuppets". You hype a few pseudonymous objections, ignoring pseudonymous _support_ statements.

Replying to an earlier post

@letoams
Let's imagine you push this through. Then there will be push, for efficiency of course, to drop hybrid approach everywhere. Eventually, likes of Signal will be using only new pq algos, without adding proven encryption.

Would you make an official statement that you personally will appologize, if/when new algos and emplementation(s) found to have a bug.
Would you also pay appropriate ensurance.

As IETF you push this.
But I, as CSO will be responsible, when bugs are found.

@djb

Replying to an earlier post

@rsalz
Are you suggesting, that
(1) as a chair in IETF WG,
(2) given @letoams mentioning that IETF position is to recommend hybrid crypto approach,
(3) now being aware that RECOMMENDED=N will be overlooked, almost certainly, espesially with parallel recomendations/mandates from government(s),
(4) you want to shift any responsibility, and future blame, on unsuspecting CSO's and developers? Knowing that they will be squizeed by your IETF stuff, and aforementioned requirements.

@djb

Jul 5, 2026, 00:52 UTCen

Replying to an earlier post

@rsalz @letoams
Physics and math.
It is you okay-ing something pq-only, while there are no quantum computers. We only ask you not do it, and to apply some conservative approach IETF has, i.e. hybrid crypto systems, to RECOMENDED=N items.
You are expected to show a physical real quantum computer with enough qubits, 256 * error correction all in superposition operatable over long enough time, before we can start pq-only standards publications.

@djb @eff @pluralistic