frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

NSA and IETF: Fairness

https://blog.cr.yp.to/20260706-fairness.html
36•WatchDog•2h ago

Comments

lprimeisafk•39m ago
Disappointed that there is not more discussion about this as this looks to be a slow march to the government getting its way with a technology that will affect so many.
anonym29•33m ago
Highly recommended reading for effectively understanding the behavior patterns of bad-faith participants in such exchanges: https://www.scribd.com/document/345154863/Guide-to-Forum-Spi...

If the link goes down, the content is available in many other places across the web under the title "The Gentleman's Guide To Forum Spies (spooks, feds, etc.)"

eqvinox•13m ago
From the other direction, the ITU-T has a highly regarded presentation on how to actually work with consensus procedures & establish said consensus:

https://www.itu.int/en/ITU-T/tutorials/202203/Documents/Rein...

eqvinox•33m ago
DJB keeps calling the IETF consensus process "voting". That's detrimental to his own case; when there is a vote, the vote can be manipulated. It makes much more sense to argue there is no consensus, which should be quite obvious at this point, and which can be argued even in a "60:40" situation regardless of direction. It also avoids alienating "true IETF believers".

Apart from that, the crux of this is the codepoint allocation in the named group registry. [https://www.iana.org/assignments/tls-parameters/tls-paramete...] The requirement for that allocation (with "recommended=N" - which is what this draft has) is "Specification Required", not "IETF consensus". "Specification" for IANA registries doesn't mean IETF documents, it means:

  […] must be documented in a permanent and readily
  available public specification, in sufficient detail so that
  interoperability between independent implementations is possible.
[https://datatracker.ietf.org/doc/html/rfc8126#section-4.6]

As such I don't understand why the authors are so intent at ramming this through the IETF process when they could just put the same document whereever. The process has been sufficiently and publicly fraught enough to destroy any "reputation" that might (or might not) come associated with it being published as IETF RFC.

[ed.: referenced wrong registry, it's named groups, not cipher suites. Makes no difference, same registration procedure.]

FTR, the only [preliminary] entry with recommended=Y for PQ crypto is:

  4588  X25519MLKEM768  Combining X25519 ECDH with ML-KEM-768  https://datatracker.ietf.org/doc/html/draft-ietf-tls-ecdhe-mlkem-05
ekr____•1m ago
Adding a little color here... There are already code points registered for pure ML-KEM on the basis of the draft.

The hybrid code point you reference is "preliminary" in the sense that when the RFC for hybrid ECC/ML-KEM is published (it's already been approved, https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/), it will replace the reference in the registry. However, it will have the same code point and the same semantics. If, for some reason, the IETF were to change the semantics, a new code point would have to be assigned for interop reasons.

avidiax•30m ago
This post was pretty technical. Let's explain a couple of terms:

ML-KEM -- Module-Lattice-Based Key-Encapsulation Mechanism

ML-DSA -- Module-Lattice-Based Digital Signature Algorithm

solo PQ -- Using post-quantum crypto on its own

ECC+PQ -- Using post-quantum crypto as a layer on top of traditional elliptical curve cryptography (ECC)

So what's at stake here, is that the PQ crypto is not proven yet, and had recent implementation vulnerabilities (Kyberslash 1 & 2).

In the NSA's defense, combining cryptosystems also creates attack surfaces, timing problems, additional complexity, etc. Perhaps they know something we don't. They have sometimes acted to strengthen public cryptography, as with the DES S-boxes and differential cryptanalysis. Of course, they also weakened the key-space...

JumpCrisscross•27m ago
> Secret NSA documents showed that NSA pushed DES in the 1970s to "drive out competitors" while knowing that DES was "weak enough" to break; meanwhile NSA publicly claimed that it would use DES

Is this true? The NSA pushed for weaker cryptography it could break versus stronger cryptography our adversaries couldn't?

tptacek•20m ago
It's complicated. The federal government pushed for a smaller DES key size, but also fixed the DES s-boxes to resist differential cryptanalysis.
tptacek•17m ago
The two most important things to understand about this kerfuffle:

(1) MLKEM wasn't designed by NSA, but rather by a team of highly-regarded European academic cryptographers, including Bernstein's former collaborator Peter Schwabe; their submission, Kyber, was selected in an open competition in which Bernstein himself submitted a closely-related algorithm (and then contested the result, suing NIST for documents to clarify the selection.)

(2) The RFC at issue documents the possibility of running TLS with pure MLKEM rather than in a hybrid configuration with ECDH. Hybrid TLS is already the mainstream, documented, standardized method for using PQC in a TLS connection. Bernstein is canvassing opposition to any documentation of the possibility of pure MLKEM in TLS.

Every time Bernstein talks about NSA's sordid history, remember: nothing that's happening here has really anything to do with NSA. It would make more sense for Bernstein to be canvassing against SHA2, which NSA actually did design. But he can't do that, because normal people know enough about cryptography to understand how crazy a claim that is. Unfortunately, we can't yet say that about lattice cryptography, despite it being approximately as well-studied as ECC.

ekr____•8m ago
> (2) The RFC at issue documents the possibility of running TLS with pure MLKEM rather than in a hybrid configuration with ECDH. Hybrid TLS is already the mainstream, documented, standardized method for using PQC in a TLS connection. Bernstein is canvassing opposition to any documentation of the possibility of pure MLKEM in TLS.

Two more pieces of context here: 1. The IETF allows code point registrations based purely on the existence of a specification, and the pure ML-KEM code points have already been assigned (https://www.iana.org/assignments/tls-parameters/tls-paramete...). The question at hand is whether the IETF will publish an RFC documenting the ML-KEM.

2. It is also possible to publish an RFC via what's called "Independent Submission" (https://www.rfc-editor.org/authors/rfc-independent-submissio...), which is not subject to the IETF Consensus process. This is, for instance, how the GOST RFC (https://datatracker.ietf.org/doc/rfc9367/) was published. If the IETF opts not to publish this draft, the authors can still submit it to the Independent Submissions Editor.

Fable turned reMarkable into Tom Riddle's diary from Harry Potter

https://github.com/MaximeRivest/Riddle
141•modinfo•2h ago•91 comments

How to sequence your own DNA at home

https://bradleywoolf.com/links-1/sequencing-my-own-dna-at-home
49•bilsbie•1h ago•14 comments

OpenWrt One – Open Hardware Router

https://openwrt.org/toh/openwrt/one
443•peter_d_sherman•7h ago•173 comments

CoMaps – FOSS Offline Maps

https://www.comaps.app/
317•basilikum•7h ago•61 comments

GLM 5.2 and the coming AI margin collapse

https://martinalderson.com/posts/the-upcoming-ai-margin-collapse-part-1-glm-5-2/
163•martinald•5h ago•108 comments

Ternlight – 7 MB embedding model that runs in browser (WASM)

https://ternlight-demo.vercel.app/
69•soycaporal•2h ago•21 comments

NSA and IETF: Fairness

https://blog.cr.yp.to/20260706-fairness.html
37•WatchDog•2h ago•10 comments

A global workspace in language models

https://www.anthropic.com/research/global-workspace
267•in-silico•8h ago•97 comments

Pruning RAG context down to what the answer actually needs

https://www.kapa.ai/blog/how-we-prune-rag-context
54•emil_sorensen•6h ago•5 comments

Small AI Models Gain Traction In places with unreliable networks

https://spectrum.ieee.org/small-language-models-ai-pharmaceuticals
14•sscaryterry•2h ago•2 comments

A 2048-spin bulk acoustic wave Ising machine for number partitioning and Sudoku

https://arxiv.org/abs/2607.02112
23•Jimmc414•2d ago•1 comments

Strata – An app that talks me out of dying outdoors

https://strata.highloop.co/
9•cloocher•1h ago•17 comments

Linux on the Atari Jaguar

https://cakehonolulu.github.io/linux-for-jaguar/
107•cakehonolulu•7h ago•19 comments

Resetting Xbox

https://news.xbox.com/en-us/2026/07/06/resetting-xbox/
479•dijksterhuis•11h ago•466 comments

Stealth robotics startup (YC S26) is hiring principal engineers (Palo Alto)

1•david-venegas•9h ago

Full Writeup of the Windows GDID

https://github.com/SmtimesIWndr/gdid-reversal
37•typeofhuman•3h ago•20 comments

AMD Ryzen AI Halo – $4k AI Dev Kit

https://www.lttlabs.com/articles/2026/07/06/amd-ryzen-ai-halo
276•LabsLucas•10h ago•200 comments

Craig Mod built his own Good Reads

https://craigmod.com/roden/115/
6•natbennett•3d ago•2 comments

OpenSSH 10.4/10.4p1 Released

https://www.openssh.org/txt/release-10.4
25•throw0101a•3h ago•6 comments

Acronym Fatigue Series Introduction: why I'm wary of acronyms

https://devz.cl/posts/acryonym-fatigue-series-why-i-m-wary-of-engineering-acronyms/
18•DanielVZ•3h ago•7 comments

OfficeCLI: Office suite for AI agents to read and edit Microsoft Office files

https://github.com/iOfficeAI/OfficeCLI
126•maxloh•9h ago•35 comments

Learning to code is still worthwhile

https://stevekrouse.com/learn-to-code
104•stevekrouse•5h ago•104 comments

Evaluation order and nontermination in query languages

https://www.rntz.net/post/2026-06-11-datalog-nontermination.html
22•luu•4d ago•2 comments

Aluminum foil (2021)

https://dernocua.github.io/notes/aluminum-foil.html
238•firephox•12h ago•103 comments

AI: The ROI Runway Could Be Long Outside the Tech Sector

https://www.apollo.com/wealth/insights-news/insights/daily-spark/ai-the-roi-runway-could-be-long-...
55•u1hcw9nx•4h ago•48 comments

The LLVM Compiler Infrastructure

https://cacm.acm.org/federal-funding-of-academic-research/the-llvm-compiler-infrastructure/
43•tosh•2d ago•5 comments

Poly/ML – A Standard ML Implementation

https://github.com/polyml/polyml
23•Lyngbakr•3h ago•2 comments

The Music of Destruction

https://thebaffler.com/latest/the-music-of-destruction-fuelling
10•lermontov•4d ago•2 comments

Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]

https://github.com/V4bel/Januscape
79•Imustaskforhelp•8h ago•26 comments

LLMs Are Not a Default Execution Engine

https://unmeshed.io/blog/using-ai-wisely-starts-before-the-first-prompt
4•jusonchan81•53m ago•1 comments