Hi,
There are some concerns about the use of PFS in CT network, although PFS adds
some security in theory, it may not be appropriate for actual deployment.
Since this is closely related to 3GPP, what are their comments?
Best,
Meiling
From: Karl Norrman
Date: 2023-02-27 19:23
To: chenmeil...@chin
Hi,
Since the differences are in PQC problem.
I suggest adding a description in Section 7.5: the security and availability of
PFS need to be further evaluated when PQC is used.
Best,
Meiling
From: Meiling Chen
Date: 2023-03-13 15:16
To: karl.norrman; jari.arkko; vesa.torvinen; John Mattsson
CC
Hi!
Section 7.5 currently states:
“… introduction of a powerful enough quantum computer would disable this
protocol extension's ability to provide the forward security
capability. This would make it necessary to update the current ECC
algorithms in this specification to PQC algor
Hi,
It seems not accurate enough, one of PQCs which has built-in DH algorithm has
been cracked.
The sentence "the security and availability of PFS need to be further evaluated
when PQC is used" should be more accurate.
Best,
Meiling
From: Karl Norrman
Date: 2023-03-15 17:18
To: chenmeil...@chi
Hi!
Maybe I misunderstand you. What I propose is that if the draft is at any point
in the future extended with PQ-secure algorithms, those algorithms must be
evaluated for performance and security. If there is a broken PQ algorithm, like
the one you mention, that would not be added after such
Hi,
Currently, the only PQC related to DH is SIDH, which is the cracked one we have
mentioned.
In addition, other PQC algorithms are independent of DH, so PFS cannot be
applied I think.
So I think the sentence "the security and availability of PFS need to be
further evaluated when PQC is used" s
Hi!
If I understand correctly, you mean that current PQ-secure key establishment
schemes are either broken or do not provide PFS.
Because of this, if one were to add a PQ-secure algorithm to EAP-AKA’-FS, then
one need to evaluate whether that algorithm is secure and whether it provides
PFS.
Hi Meiling,
As stated in the document
”EAP-AKA' FS is
currently only specified for use with ECDHE key exchange algorithms,
but use of any Key Encapsulation Method (KEM), including Post-Quantum
Cryptography (PQC) KEMs, can be specified in the future. While the
key exchange is speci
On Fri, 24 Mar 2023 at 20:42, Alexander Clouter
wrote:
> That said, in practice other than doing EAP-TLS (EMSK) followed by
> EAP-MSCHAPv2 (also EMSK), I think any incompatibilities probably would have
> never been triggered.
>
Microsoft's [MS-CHAP] - v20210625 that covers EAP-MSCHAPv2 does not
On Sat, 25 Mar 2023 at 10:53, Alexander Clouter
wrote:
> Conjuring up a scenario so it can be picked apart and discussed...
>
> Is it possible to build an implementation of something like EAP-TLS backed
> by an external system (ie. TPM/hardward-offload) and the EMSK material are
> not avaliable?
10 matches
Mail list logo
