Conversation

Notices

1. Embed this notice
   Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Tuesday, 25-Nov-2025 12:14:23 JST Erin 💽✨

   in reply to

   • Filippo Valsorda :go:
   • kasperd
   • Özgür Kesim

   @filippo @oec @kasperd I have seen this incorrect belief from multiple people at this point and i’m deeply curious who introduced it because I don’t think even Bernstein’s screens said it (but I must confess I only lightly skimmed them, having more important things to do with my time…)

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Filippo Valsorda :go: (filippo@abyssdomain.expert)'s status on Tuesday, 25-Nov-2025 12:14:24 JST Filippo Valsorda :go:

     in reply to

     • kasperd
     • Özgür Kesim

     @oec @kasperd

     The IETF is literally publishing multiple hybrid KEM documents, and is publishing hybrids for TLS with RECOMMENDED=Y while pure ML-KEM is being published RECOMMENDED=N.

     What are you even talking about.

   • Embed this notice
     Özgür Kesim (oec@infosec.exchange)'s status on Tuesday, 25-Nov-2025 12:14:26 JST Özgür Kesim

     in reply to

     • Filippo Valsorda :go:
     • kasperd

     @filippo @kasperd
     I guess the key question - ignoring arguments about the historical evidence of foul-play by the NSA - is precisely that: Why is the IETF not pushing hybrids? That, in your own words, makes no sense, no?

   • Embed this notice
     Filippo Valsorda :go: (filippo@abyssdomain.expert)'s status on Tuesday, 25-Nov-2025 12:14:27 JST Filippo Valsorda :go:

     • kasperd

     @kasperd I am also more comfortable with hybrids for now, but Bernstein is openly arguing that the NSA is pushing pure PQ as a way to undermine encryption.