[Cryptography] NSA voting on TLS encryption at the IETF TLS WG
Andrew Lee
andrew at joseon.com
Thu Jul 2 20:49:28 EDT 2026
Dear Mr. Salz,
First and foremost, my deepest respect and appreciation for being you and what you’ve contributed to the Internet community.
On Jul 2, 2026, at 2:59 PM, Salz, Rich via cryptography <cryptography at metzdowd.com> wrote:
>
> The draft does not “bury” anything in the IANA considerations. That section appears near the end of the RFC, just as all such sections do. In this case it appears on page six of a 10-page document of which three pages are references and at least another two are boilerplate (copyright, table of contents, etc.)
If appearing near the end of an RFC is not “buried,” then I apologize. I think others can decide if I described that accurately.
>
> The list of “arguments” is a biased subset. For example, the cost of switching from hybrid to pure-PQ is ignored.
I included several arguments in the “For” list. As for the cost of switching from hybrid to pure PQ, nobody is asking anyone to switch other than the NSA, GCHQ, and, perhaps, Canadian and Dutch governments from what I can see.
>
> Dan’s moderation — the third, I think — is because he will not participate in the rules of engagement for IETF email lists[1]. He repeatedly refuses. I sent email to Andrew about this days ago. Dan is not being gagged, any more than a kid on the playground who bullies can expect to always get away with it.
>
Silencing someone in the middle of a vote is questionable at best, extreme censorship of one of the finest professors and inventors in cryptography at worst. Further, the chairs already made clear it was over a footnote, not anything argued.
> The phrase “this is actually the third vote” is incorrect. The IETF works on “rough consensus and running code” and has for more than 30 years. It’s not a vote. If dozens of people join in July and post that they are opposed, the Working Group chairs, who determine consensus, are free to ignore their messages as they have not been WG participants.
>
I don’t see any indication that adding a stratified hierarchy to participants in an “open to all” forum is included in IETF policy.
> Andrew’s appeal was filed, and he received notice that it was received, not that it was accepted. I expect that the IESG, when they consider the moderation circumstances, will reject it.
>
To be clear, Roman’s exact words were “the IESG has received and accepted your appeal."
> Finally, I’ve known Mike Jenkins for many years. He comes to the IETF meetings. We chat. I think he’s spoken at the mic line, but I’m not positive. The fact that he wrote his first email to support a draft should be taken more as an indication that Dan and his acolytes have poisoned the debate.
I believe Mike is quite a person. To get into the NSA, you absolutely need to be a standup guy and as a person, a net benefit to one’s community and society. And I bet he is. Still, somehow, the NSA seems to convince the finest to spy on their neighbors. Unfortunately, that doesn’t change NSA’s mandates as it relates to SIGINT and, further, doesn’t change the fact that an NSA employee posted to the list for the first time to support solo KEM.
Further, calling the opposition “acolytes” who “have poisoned the debate” is a dangerous precedent as we’ve learned in history, time and time again.
Best,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20260702/e3b25a02/attachment.htm>
More information about the cryptography
mailing list