NSA lost IETF's February 2026 vote on this NSA-driven document. See https://blog.cr.yp.to/20260405-votes.html for tallies. Do they admit what happened? No. They call another vote and try hard to pack the room with new pro-NSA voters. But if we show up and object, all they can do is whimper.
@djb note this exact strategy was attempted by the vendors who didn’t want TLS 1.3 to happen because ephemeral key exchanges were made mandatory in TLS 1.3 ruining their network monitoring capabilities. They sent lots of people to try and block TLS 1.3, but the attempts didn’t work.
The IETF has experience with people sending sockpuppets. It is sad to see you attempt a similar strategy.
@letoams "There is no formal membership in the IETF. Participation is open to all. This participation may be by on-line contribution, attendance at face-to-face sessions, or both. Anyone from the Internet community who has the time and interest is urged to participate in IETF meetings and any of its on-line working group discussions."
You're trying to disenfranchise real people by calling them "sockpuppets". You hype a few pseudonymous objections, ignoring pseudonymous _support_ statements.
@djb sure like last round where people copy pasted your template and then later apologized and confirmed they didn’t know what they were talking about and had been mislead by your social media postings to act. *slow clap*
@letoams
Let's imagine you push this through. Then there will be push, for efficiency of course, to drop hybrid approach everywhere. Eventually, likes of Signal will be using only new pq algos, without adding proven encryption.
Would you make an official statement that you personally will appologize, if/when new algos and emplementation(s) found to have a bug.
Would you also pay appropriate ensurance.
As IETF you push this.
But I, as CSO will be responsible, when bugs are found.
@rsalz
Are you suggesting, that
(1) as a chair in IETF WG,
(2) given @letoams mentioning that IETF position is to recommend hybrid crypto approach,
(3) now being aware that RECOMMENDED=N will be overlooked, almost certainly, espesially with parallel recomendations/mandates from government(s),
(4) you want to shift any responsibility, and future blame, on unsuspecting CSO's and developers? Knowing that they will be squizeed by your IETF stuff, and aforementioned requirements.
@mikalai @letoams @djb @eff @pluralistic you presented no math.
@rsalz @letoams
Physics and math.
It is you okay-ing something pq-only, while there are no quantum computers. We only ask you not do it, and to apply some conservative approach IETF has, i.e. hybrid crypto systems, to RECOMENDED=N items.
You are expected to show a physical real quantum computer with enough qubits, 256 * error correction all in superposition operatable over long enough time, before we can start pq-only standards publications.