Hi John, This is a good experiment to conduct. It might not be obvious, but in addition to the cryptography being pretty complex, getting the deployment of something like this right is surprisingly tricky. Experiments should help us understand where the deployment problems lie.
How do you intend to roll out the experiment? Nightly and early Beta for some time before some experiments in Release, or do you have other plans? I'm also curious about the QUIC status. It doesn't look like Cloudflare's demo site supports HTTP/3. Are we planning to experiment with QUIC as well? --Martin On Tue, Feb 13, 2024 at 4:58 AM John Schanck <jscha...@mozilla.com> wrote: > *Summary:* Experiment with the X25519Kyber768 post-quantum key agreement > mechanism for TLS. > > I intend to evaluate the performance characteristics and deployability of > a next-generation cryptosystem called Kyber. Unlike currently deployed > systems, Kyber is believed to be secure against attackers with large > quantum computers. While cryptanalytic-scale quantum computers do not yet > exist, the immediate deployment of a post-quantum key agreement mechanism > will protect our users against "store now, decrypt later" attacks. For the > initial experimentation period, all uses of Kyber will be paired with > X25519 as a risk-minimizing measure. > > *Bug:* https://bugzilla.mozilla.org/show_bug.cgi?id=1874959 > *Specification:* > https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-03.html > *Standards Body:* IETF, TLS WG > *Platform coverage:* All, after an initial period of desktop-only > evaluation. > *Preference:* security.tls.enable_kyber > *Link to standards-positions discussion: * > https://github.com/mozilla/standards-positions/issues/874 > *Other browsers:* > *Blink: *in developer trial > https://groups.google.com/a/chromium.org/g/blink-dev/c/mniZUff1syc/m/tM5tSne9AwAJ > . > *WebKit:* not implemented. > *Demo: *https://pq.cloudflareresearch.com/ > > -- John > > -- > You received this message because you are subscribed to the Google Groups " > dev-platform@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-platform+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFgAd7EXV5GNB_%2B6%2BAexRqGQOgtvSJwL-%2Bu37Xd1P2Rv%3DK%2Bx9Q%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFgAd7EXV5GNB_%2B6%2BAexRqGQOgtvSJwL-%2Bu37Xd1P2Rv%3DK%2Bx9Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "dev-platform@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAPLxc%3DVAJzCh0t5%3DvxwGEhw5iqF%3DS6dAy%3DtUyDhO%3DjEvkERAQg%40mail.gmail.com.
