Comment by sweis
4 days ago
The NSA is not trying to weaken ML-KEM. The IETF TLS working group is simply trying to publish a pure ML-KEM specification. It does not impact the hybrid ietf-tls-ecdhe-mlkem specification at all.
The context of this is that D.J Bernstein has been moderated 7 times from the mailing list for repeated unprofessional and disruptive behavior: https://mailarchive.ietf.org/arch/msg/tls/lON9lKptnJ6ccq2-I1...
I've read the emails on that list in which DJB is accused of unprofessional behavior. Dave's concerns are not only relevant and well considered, he's taken an extraordinary amount of time to outline them and the discussion around them (both pros and cons) which you can see here: https://blog.cr.yp.to/20260221-structure.html
He's also responded directly to criticisms: https://nsa.2026.action.cr.yp.to/guide.html
By comparison the so-called "unprofessional behavior" cited is the sort of subjective abject procedural bureaucratic bullpucky often used to shut down inconveniently correct criticism.
Like, who is "Dave"?
Sorry, Daniel. I know better, but the fingers typed what they typed. I seem to be sick this morning so perhaps I was already coming down with something. :-/
Reminds me of the time when Joseph Touch (I think his name was) proposed the NULL cipher in TLS. "It's just a proposal."