November 28, 2025
Consensus or cover-up?
NSA and IETF, Part 2
Crypto standards soap opera: claims of rigging, cries of censorship, and eye-rolls galore
TLDR: A blogger says the NSA is gaming internet security standards to push a new crypto plan, while IETF leaders insist there’s “rough consensus” and set a fast “last call” ending Nov 26. Comments split between “this is nonsense” and “this is censorship,” raising big trust questions about who shapes our online safety.
With a Wednesday deadline looming, the blogosphere lit up: the author accuses the NSA (America’s spy agency) and IETF (the group that shapes internet rules) of pushing a post‑quantum‑only crypto plan while steamrolling dissent. He says the TLS working group chairs declared “rough consensus” without actually resolving objections, and then rushed a “last call” that forces critics to repeat themselves. An IETF security leader posted a 200‑line defense agreeing with the chairs, and that just poured gasoline on the comment section.
The community mood? Pure split‑screen drama. Security engineer FiloSottile slams the whole premise as a “conspiracy theory,” arguing it “makes absolutely no sense” because the NSA itself requires the same ML‑KEM algorithm for top‑secret data (CNSA 2.0). Others ask, “what about the other spy agencies?” turning it into a global trust showdown. tptacek rolls his eyes—“we just did this four days ago”—and zdw drops receipts with links to parts 3 and 4. Jokes fly about “rough consensus” meaning “voting by vibes,” plus memes about chairs being “just secretaries” wielding the delete key. Beneath the snark is a bigger fear: if standards get decided by process judo and inbox fatigue, who’s guarding the internet’s locks?
Key Points
- •The author alleges NSA and GCHQ are pushing standards bodies to favor PQ-only over ECC+PQ cryptography.
- •In the IETF TLS Working Group adoption call, tallies reported were 20 unequivocal supports, 2 conditional supports, and 7 unequivocal oppositions; chairs still claimed consensus.
- •On Nov 1, 2025, the IESG directed an area director to assess whether rough consensus was appropriately called; the director affirmed rough consensus the same day.
- •On Nov 5, 2025, TLS chairs issued a last call for objections to publish the ML-KEM key agreement draft, with a deadline of Nov 26, 2025.
- •The author criticizes the last call process as implying prior objections were resolved and requiring objectors to repeat concerns, despite IETF’s stance that decisions are not made by voting.