On 8/21/23 11:52 PM, Falko Strenzke wrote:
Hi John,
that is great to hear. Our two interests are PQC algorithms for TLS in
Firefox and S/MIME in Thunderbird. As I understand it you are working
on the former. Hash-based signatures are also interesting for us,
mainly stateless ones. Are you going to support SPHINCS+ certificates
for TLS, too?
I don't know of anyone that's talking about hash-based signatures in any
of the on-line protocols (TLS, SSH, IKE). The stateful ones have
deployment issues and signature limitations, the stateless ones are have
too big of keys.
The use case for hash-based appears to be mostly code-signing. It's also
one of the few signing operations that have long lived signatures that
could create real problems for a signature made today and a quantum
computer 10 years in the future.
We'll probably have SPHINCS+ support in NSS. We'll recognize the OIDS so
if you have them in your certs, we'll validate them, but I'm pretty sure
TLS will not define SPHINCS+ authentication, and I wouldn't bet that you
could fit a change of SPHINCS+ signed certificates in an SSL Certificate
Chain message. That's not exactly a next 12 months statement, though.
You best indicator on what will be supportable is what the actual
standards bodies define.
Will there also be a publicly available version of Firefox with PQC
support?
As we add support for PQC, they will be publicly available. NSS and
Firefox are open source and developed out of publicly available
repositories.
And do you already have a decision or idea about the (temporary)
certificate standard you are going to follow? If we could agree on a
set of algorithms and the preliminary certificate format, that would
be ideal.
Temporary standards, if used, are likely to be marked experimental
because they are transient standards and can change (so we worry about
interoperability). Even the X25519+Kyber768 is experimental.
The two areas of most work (In the entire cyrpto industry, not just
firefox or NSS) is getting standardize hybrid into our streaming
protocols which are subject to 'record now/decrypt later' attacks and
firmware/code signing. These are the two main areas where the useful
life of the encrypted/signed objects may outstrip the potential advent
of a crypto relevant quantum computer. I expect that will be where most
of the work occurs in 2024. Remember: the only standardized PQ
algorithms right now is LMS/HSS and XMSS,XMSS/MT. That will change by
early 2024 (NIST now has drafts for Kyber, Dilithium, and SPHINCS).
- Falko
Am Mi., 16. Aug. 2023 um 17:55 Uhr schrieb John Schanck
<jscha...@mozilla.com>:
Hi Falko, we are adding support for the X25519+Kyber768 TLS key
exchange to NSS. There's work-in-progress attached to Bug 1775046,
although we are waiting for the (draft) NIST standard version of
Kyber.
We will also be adding support for some hash-based signatures to
NSS. I don't expect that we will do much experimentation with
non-hash-based PQ signatures in the near-term, although if there
are specific systems that you're interested in evaluating I'd be
happy to discuss further.
John
On Tue, Aug 15, 2023 at 4:38 AM Falko Strenzke
<ek.stren...@gmail.com> wrote:
Hi,
I am interested to learn whether there are any short term or
medium term plans to already add experimental support for post
quantum cryptography to Firefox for TLS and to Thunderbird for
S/MIME. We are ourselves working on integrations of PQC into
our PKI products and would be interested to be compatible with
these clients in order to have a small compatible ecosystem
for evaluation and demonstration of PQC readiness. Maybe some
kind of cooperation is possible in this field?
- Falko
--
*MTG AG*
Dr. Falko Strenzke
Executive System Architect
Phone: +49 6151 8000 24
E-Mail: falko.stren...@mtg.de
Web: mtg.de <https://www.mtg.de>
*MTG Exhibitions – See you in 2023*
------------------------------------------------------------------------
<https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg>
<https://www.itsa365.de/de-de/companies/m/mtg-ag>
MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde
This email may contain confidential and/or privileged
information. If you are not the correct recipient or have
received this email in error,
please inform the sender immediately and delete this email.
Unauthorised copying or distribution of this email is not
permitted.
Data protection information: Privacy policy
<https://www.mtg.de/en/privacy-policy>
--
You received this message because you are subscribed to the
Google Groups "dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/773bc910-3107-4969-adc5-f28abd79b1b2%40gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/773bc910-3107-4969-adc5-f28abd79b1b2%40gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAFgAd7HfM4RRisPC0m1JThFVtKdzVCYQD8NGu8%2BG0EXwuMtfsw%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAFgAd7HfM4RRisPC0m1JThFVtKdzVCYQD8NGu8%2BG0EXwuMtfsw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAJoiKZgdwtQ%2BRd6Qi%3DwqRqbwkKRzBkyrSFUQrOuL%3DwxdnBh-0A%40mail.gmail.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/CAJoiKZgdwtQ%2BRd6Qi%3DwqRqbwkKRzBkyrSFUQrOuL%3DwxdnBh-0A%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"dev-tech-crypto@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to dev-tech-crypto+unsubscr...@mozilla.org.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/3a68610b-5fea-cb1a-ed74-11d6b2f7c796%40redhat.com.
