Comment by ysleepy

12 hours ago

Still, why endorse and practically make everyone implement an algorithm that only the NSA wants, while there is a superset already standardised.

This is about the known bad actor NSA forcing through their own special version of a crypto building block they might downgrade-attack me to.

I pay like 1% overhead to also do ecc, and the renegotiation to the non-hybrid costs 2x and a round-trip extra. This makes no sense apart from downgrade attacks.

If it turns out ecc is completely broken, we can add the PQ only suite then.

1 comment

ysleepy

tptacek 5 hours ago

Nobody has to implement the algorithm only NSA wants! That's not how RFCs work.