On 9/22/23 7:42 AM, Kai Engert wrote:
Hi Falko,
On 22.08.23 08:52, Falko Strenzke wrote:
Our two interests are PQC algorithms for TLS in Firefox and S/MIME in
Thunderbird. As I understand it you are working on the former.
does the experimental code in bug 1775046, which John mentioned, help
you in any way for your request?
The relevant algorithms standards are still in Draft (no one is going to
use stateful hashes to sign email). TLS key exchange is the current low
hanging fruit (hybrid gives you resistance to record and playback in the
PQ case, and resistance to potential classic attacks against our very
new PQ algorithms).
S/MIME is another matter. You do care about keeping your email free from
decryption in the future, so key exchange is a priority. But you then
need to decide do you want hybrid key exchange, or pure PQ. You need
X509 to define which type of key exchange certs you want. If your
message has multiple users, you are vulnerable to the weakest (so if one
recipient is using a classical algorithm, the attacker can decrypt the
message with a quantum computer in the future even if you are using a
hybrid or PQ key yourself. if one recipient is using pure PQ and that
algorithm develops a classical attack, you become vulnerable).
Would you be able to build Firefox yourself with that experimnental
code, and perform interoperability tests?
Regarding S/MIME, I'm not aware of anyone working on PQC support for
the CMS code in the NSS library yet, and I personally haven't seen any
plans for that yet either.
Are there already specifications/RFCs that describe how to use PQC
algorithms with CMS for S/MIME?
Kai is absolutely right. I think people are at the 'talking about it'
stage for CMS and S/MIME. I know that they've fed comments back to NIST
before the drafts. The fact the Classic McCliese is not one of the
original standards sort of tells me that CMS and S/MIME are not as
advanced in their pre-standards work as TLS (since these are the one
protocol that would likely benefit from a large, expensive, but highly
secure KEA).
If yes, do those specifications use the same algorithms as TLS?
If yes, a project to add PQC support to the CMS module of the NSS
library could use the NSS algorithm implementations.
As of today, I haven't seen any plans to work on that. Unless Firefox
has a need for CMS, then this kind of enhancement would likely have to
be driven by the Thunderbird Project, or by contributors who would
like to see this functionality added to Thunderbird.
I don't have answers for your other questions.
Regards
Kai
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/e5c02fec-3fd6-6c56-8784-692292d85ad9%40redhat.com.
