[Cryptography] NSA up to their old tricks - stuffing the IETF WGs with their supporters for weakened standards
iang
iang at iang.org
Tue Oct 14 03:26:51 EDT 2025
On 13/10/2025 16:35, Salz, Rich via cryptography wrote:
> - The problem in a nutshell. Surveillance agency NSA and its partner GCHQ
> - are trying to have standards-development organizations endorse weakening
> - ECC+PQ down to just PQ.
>
> Maybe that’s what they want, but the IETF is not doing that, no matter what Dan writes. While there is a non-hybrid MLKEM draft in the TLS working group, it has seen zero uptake. Compared to the hybrid key exchange draft, which is widely deployed on the Web. Signatures are another matter, as some argumentative folks delayed progress on the hybrid signature format for so long that industry might just have stopped waiting (cf ANSI X9 PKI).
There's uptake, *and* there's standards. With an IETF standard in the back pocket, NSA can then trick various less educated players into using it. And then make hay until their sun goes down. This is more or less what happened with Dual_EC, or so the rumour goes.
iang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251014/bdf65a94/attachment.htm>
More information about the cryptography
mailing list