Daniel J. Bernstein (of curve25519 fame) has lodged a complaint about the transparency of their process:
https://cr.yp.to/2025/20251006-transparency.pdf
Following an earlier complaint which he filed about their rejection of so-called "hybrid encryption" (combining post-quantum encryption with classical encryption so that it is conjectured to be safe against quantum computers, but also it uses classical encryption so it is clearly no less safe than plain classical algorithms. It is implied that the NSA could have a hand in resisting hybrid encryption because it would (self-evidently) be quite a bit more secure than an unproven "post-quantum" algo.
https://cr.yp.to/2025/20250812-non-hybrid.pdf
A funny thing about encryption is that there isn't really a way to *prove* it's secure, you believe it's secure when after 10 or 20 years, no mathematicians have found any tricks to break it...
So I think Bernstein's position, at least in favor of hybrid encryption, is a fair one. I would upgrade SSL to use some fancy schmancy quantum computer resistant encryption algorithm IF it was also going to encrypt with regular old encryption at the same time.
Regarding the complaint about the complaint, no idea who is in the wrong here, but I can easily imagine the IETF acting like a cabal ¯\_(ツ)_/¯
@cjd My understanding was the good old RSA was secure against quantum with sufficient key size. I.e. a 4096 bit key requires a 4096 qbit quantum computer to solve. 4095 qbits does not "mostly" solve it.
That's why bolting on an additional algo to your existing one makes sense, it's a little extra computation for future proofing...
But switching to a potentially insecure algo makes no sense at all...
@cjd @dcc @ned In an ideal world, the goal of the NSA is to prevent foreign adversaries from spying on US businesses (and individuals, but you know they only care about Big Business).
In the 80s, crypto was classified as a munition and export controlled. On the bright side, this meant US citizens had a 2nd amendment right to it. When PGP came out, there was a kerfluffle over export controls and open source. So the source code was published in a book, and the NSA gave up on that battle.
So now it is an arms race, and it is in the interest of even a corrupt NSA to foresee and warn US interests of potential external advances.
@thatguyoverthere @dcc @ned @cjd Hyperspace can - like the tech Dr Who and Mary Poppins use.
How can we know they don't read your mind, or have microphones in your walls, etc...
But we might as well take this the opposite direction... Why would the NSA publicly admit that quantum computers are even theoretically possible? Why not keep the entire field of research classified?
So while seeing-is-believing might be a "bad policy", the only other option is to believe in things you can't see - which is a worse policy.