I've been spending a couple of weeks going over xwing (MLKEM768+X25519) for a hybrid KEM and even for a hybrid solution that is enforcing both the DH and the ML side, I still see some potential risks[1] with ideas that may or not have caveats we simply don't know about yet. These are sitting in the optimizations they're doing.
So on the one hand we have massive, non-tangible FOMO and on the other, no immediate implementation path for serious encryption, and a standard-to-be that may weaken versus existing DH-based solutions. The risks coming with rushed decisions is high right now. If it's all a psyop... the risk is higher.
besides the issue that there is no good implementation path for either crypto.subtle or webauthn at the moment. ↩
I've been spending a couple of weeks going over xwing (
MLKEM768+X25519) for a hybrid KEM and even for a hybrid solution that is enforcing both the DH and the ML side, I still see some potential risks[1] with ideas that may or not have caveats we simply don't know about yet. These are sitting in the optimizations they're doing.So on the one hand we have massive, non-tangible FOMO and on the other, no immediate implementation path for serious encryption, and a standard-to-be that may weaken versus existing DH-based solutions. The risks coming with rushed decisions is high right now. If it's all a psyop... the risk is higher.
besides the issue that there is no good implementation path for either
crypto.subtleor webauthn at the moment. ↩