Christian Huitema
@huitema@social.secret-wg.org
mastodon
4.5.9
Working on that Internet thing...
0
Followers
0
Following
Joined April 27, 2022
Posts
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@djb @pedromj @paulehoffman @rsalz Easier to sell is pretty much the same as "Endorsement by the IETF". At that point, the technical arguments boil down to the risk that ML-KEM is found broken. Dan, you argue that that risk is very high because the promotion efforts are orchestrated by the government. But if people were to discard your argument, we are left with a generic discussion of risk. That discussion could result in having a recommendation=Y for hybrids versus no for naked. Maybe.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@djb @pedromj @paulehoffman @rsalz In fact, there are many WG members arguing that we do not need an ML-KEM RFC since the NIST specification can just be deployed today. The counter to that argument is that publication as an RFC provides a stable reference, which helps interoperability, plus provides the IETF with a modicum of control.
The counter to that counter argument is that RFC publication is mostly a marketing attempt, to make the algorithm easier to "sell".
View full thread on social.secret-wg.org
0
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@djb @pedromj @paulehoffman @rsalz We are discussing TLS specifically. Deployments are done by programming a list of supported key exchange algorithms, and negotiating one used by both sides. If you look at the IANA table, there are a lot of key exchanges already registered, including hybrids ECC+ML-KEM and the naked ML-KEM algorithm. All those can be deployed today, regardless of what the TLS WG does with ML-KEM draft. The discussion is about levels of endorsement and stability.
View full thread on social.secret-wg.org
0
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@rsalz@ioc.exchange @pedromj@mastodon.social As for the security considerations, I think it will take some iterations before converging. And yes, the exact content is best discussed on the TLS mailing list.
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@rsalz@ioc.exchange @pedromj@mastodon.social At that point, I am commenting on the IETF process, much as I would be commenting on the weather. If Pedro wants to influence the result, he should definitely work in the WG -- waiting on the sideline and publishing a "considered harmful" draft will be much less effective.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@rsalz@ioc.exchange Not that I specially want to, but yes I assume that after a couple more months of discussion the naked ML-KEM draft will be published. This is not certain, but that's the most likely outcome. This is not like the visibility draft, for which there was a plurality of "strongly oppose". This kind of debate typically ends with a compromise, such as OK to publish if the opponents get a strongly enough wording in the security section, or maybe in the intro.
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@pedromj@mastodon.social @djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange After publication of naked ML-KEM, we could try to sway opinion by publishing Internet drafts such a "naked ML-KEM considered harmful". We could lobby browser vendors to not implement that. We could publish in news papers, rally suppport from the EFF, etc. All that may help getting people to deploy hybryd ML-KEM instead. But it would help more if there is an warning in the naked ML-KEM draft itself.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
3d ago
@pedromj@mastodon.social @djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange We are heading towards a situation where the ML-KEM key exchange draft will be published, probably in about a year. I would much prefer to see a warning in the text itself, and I think that can be achieved. After that, the IETF will have published 2 documents, hybrid ML-KEM and naked ML-KEM. If we follow Dan's reasoning, we can expect the US Gov to encourage "naked", which they might be able to break. We will be in the domain of opinions, not standards.
View full thread on social.secret-wg.org
0
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@pedromj@mastodon.social @djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange Actually, working groups can pressure for changes in a draft. Once a draft is accepted by a working group, the status of the authors change. They are not the only one in charge of the text anymore. What they write must reflect the consensus of the WG, and if that consensus includes adding a warning, they have to do that.
View full thread on social.secret-wg.org
0
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange I don't understand what you mean by "removing". The hybrid key exchanges are defined in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ which went through IETF last call and is in the final stage of approval by the IESG. I don't know that anybody is proposing to remove that.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@pedromj@mastodon.social @djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange I am really not sure that publishing more words would help counter propaganda by the bad faith actors that Dan fears. If the WG does decide to publish the ML-KEM TLS draft, strong warnig would help somewhat. Changing the registration option of the hybrid key exchange algorithms to recommended=Y would also help. But propaganda is countered by public speech, not so much by standard actions.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange By promoting, I meant "publication as an RFC would help the marketing (or promotion) of the PQ-only approach by actors linked to the US government." As in, "of course you can do that, the IETF published it as an RFC, do not look at the fine print."
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange The IETF has a strong bent towards "publishing rather than censoring", unless the technical flaws are obvious. That bent drives strongly towards "publishing with some proper warning in the text", while not publishing at all would be pretty extraordinary, especially in presence of a constituency that really want to sell products to the US government. So at that stage of the debate, the issue is really about how strong the warning should be.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange So the question for the PQ-only algorithms is not whether the IETF can prevent deployment (it cannot), but whether publishing these algorithms as RFCs is necessary or harmful. There is consensus that it is not necessary, since the IANA registrations do not require it. What we see is mostly a debate on whether it is harmful, because it would help promoting an unproven algorithm that might be compromised. This is where opinions vary.
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
4d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange The political problem is complex. First, there is a wide consensus in the IETF for not standing in the way of deployments, and in particular not using IETF processes to block IANA registration except in some very specific registers -- because blockades generate various kinds of smuggling that end up very counter-productive in general.
View full thread on social.secret-wg.org
0
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
5d ago
@djb@mastodon.cr.yp.to @paulehoffman@infosec.exchange @rsalz@ioc.exchange I don't know for 2012, but from 2013 on a large number of IETF participants were absolutely convinced of being under attack. It was fairly obvious that some IETF participants were either willing enablers of these attacks, or "useful idiots". But we don't know which ones, and we quickly realized that launching a witch-hunt would be very destructive, and that the safest path was to keep discussions strictly technical.
View full thread on social.secret-wg.org
0
1
1
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Apr 10, 2026
@W6KME@mastodon.radio @ai6yr@m.ai6yr.org @darkuncle@infosec.exchange @nazokiyoubinbou@urusai.social You make me nostalgic. I should get a wheelbarrow like the one we had when I was a kid. All wood, except for the axle, and a strip of iron to circle the wooden wheel. Worked great. Ideal for carrying a load of manure...
View full thread on social.secret-wg.org
1
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Apr 03, 2026
@abhayakara@mastodon.nl The practical policing works by rigorous enforcement of MUST and SHOULD rules in RFC. This is sometimes very explicit, as in "Senders MUST NOT set the X bit to 1 if the Y bit is zero. Receivers MAY nuke the connection if they see this error." These clauses are vetted as part of the IETF process, and allow the protocol police to take harder actions than humming and frowning...
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Mar 25, 2026
@mnot@techpolicy.social Chatting with a notebook about standards seems cool, and there are many reasons why geopriv was doomed, but what about the cheeses? I see camembert, sainte maure, some kind of époisse or similar, a Brillat-Savarin or its cousin, 3 kinds of gruyere, emmenthal or comté, a bleu that looks good, and then, a yellow cheese with a black crust? What is that? No idea! Please tell!
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Mar 09, 2026
@dangoodin I understand the feeling. The problem is that people are blocking ads for safety and privacy reasons, not just because they are stingy. The only alternative then is paying a subscription, which does not scale very well. I do that for several publishers, including yours, but I don't want to manage more than maybe 10. I wish there was some kind of syndication. Or maybe ads that don't carry scripts and trackers.
View full thread on social.secret-wg.org
2
2
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Mar 09, 2026
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Feb 26, 2026
@Drbruced@aus.social That's exactly my experience with Microsoft's "copilot" when writing documentation. You start a sentence, and it "helpfully" propose a completion, which is its best guess of what I would like to write. Except it would also be the readers' best guess, and it would not bring them any new information. And thus the copilot guess would only be right if I was lazy and predictable and did not care for the reader.
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Feb 12, 2026
@Ratoncita@mastodon.social @mister_shade02X2@mastodon.social @SeanCasten@mastodon.social The second part is the change in the climate. Yes, it is a law of physics thing, burning fuel create gases that eventually change the climate. But people are not convinced yet, and will only get convinced once the catastrophes happen. The only real pressure I see now is the cost of disaster insurance, which is going way up. But people in general have not accepted it, and assign insurance cost increase to greed!
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Feb 12, 2026
@Ratoncita@mastodon.social @mister_shade02X2@mastodon.social @SeanCasten@mastodon.social There are two parallel things going on. First, there is the competition between solar, wind, fuel, natural gas and coal. Solar and wind and batteries are cheaper, and that's already impacting the worldwide revenues of oil and gas producers. The Trump administration is trying to preserve these profits by blocking solar and wind as much as it can, as in "ensure that energy production is profitable so energy is plentiful". Tell that to China...
View full thread on social.secret-wg.org
0
1
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Feb 10, 2026
@dave_andersen@hachyderm.io @SystemsAppr@discuss.systems Very true. I have seen "text book" examples of implementing Dijkstra's shortest path that were actually O(N^2)... And, no, I was not trying to dis math. That paper is definitely interesting, even if they did not do the best job about modestly acknowledging limitations. Which student does that?
View full thread on social.secret-wg.org
2
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Feb 09, 2026
@woody@pleroma.pch.net Makes one think of Lamborghini...
View full thread on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Jan 30, 2026
When we look at the performance of QUIC, we often find that the limiting factor is CPU consumption of socket calls and crypto processing. It is, but congestion control also matters quite a big. In this blog (https://www.privateoctopus.com/2026/01/30/cpu_bound.html) I explain how fixing the "max RTT" measurement and the pacing algorithm for the C4 algorithm improved tests of picoquic on loopback from "worse than BBR" to "better than Cubic".
View on social.secret-wg.org
0
0
0
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
Christian Huitema
@huitema@social.secret-wg.org
Working on that Internet thing... https://www. privateoctopus.com/about.html
social.secret-wg.org
@huitema@social.secret-wg.org
·
Jan 28, 2026
@woody@pleroma.pch.net "Laser" is one way to say it -- no light involved We are looking here at phased arrays of small speakers, all sending the same sound wave, each applying a delay so that the sound waves superpose and add at one exact point in space. I remember a demo of that tech at a Microsoft Research fair years ago. The effect is weird. The target hears the sound, nearby people just hear low level noise. By the way, the same principle also works for sound capture.
View on social.secret-wg.org
0
0
1