Background
NSA's SIGINT Enabling Project includes sabotaging cryptographic standards. NSA is now overtly paying for standardization of "ietf-tls-mlkem", a weakening of the much more sensible "ietf-tls-ecdhe-mlkem".
After objections started appearing, NSA's minions started switching from honest arguments along the lines of "NSA demands this so we should standardize it" to fake technical arguments. I have a chart of the debate. I also have a shorter guide to recent talking points from proponents.
NSA lost the most recent mlkem vote in the IETF TLS working group. However, they called another vote on 24 June 2026 and started packing the room. For example, a positive vote appeared on 25 June 2026 from NSA's Mike Jenkins, who has never shown up on the working-group mailing list before. This is allowed under IETF rules, which say that "There is no membership in the IETF" and that "Anyone can participate by signing up to a working group mailing list".
Action
You can have your voice heard too. All you have to do is join the IETF TLS mailing list and send a message to the mailing list by 7 July 2026 under the subject line "Re: [TLS] WG Last Call: draft-ietf-tls-mlkem-08 (Ends 2026-07-08)" saying that you do not support the publication of this document.
Please use your real name. I know this is bad from a privacy perspective, but the reality is that proponents will seize upon occasional pseudonyms as an excuse to ignore the entire opposition.
Examples
There have been more than 30 opposition statements as of 1 July 2026. Here are links to some examples of different lengths: Christian Grothoff. Orr Dunkelman. Simon Josefsson. Yaakov Stein. Peter Gutmann. David Stainton. Stephan Neuhaus. Tanja Lange. Bertrand Jacquin.