On Mon, Mar 7, 2016 at 8:34 AM, Scott Fluhrer (sfluhrer) <sfluh...@cisco.com > wrote:
> Defenses against the first type of attack (passive evesdropping by someone > who will build a QC sometime in the future) are something that this WG > should address; even if the PKI people don't have an answer, we would at > least be secure from someone recording the traffic and decrypting it later I think it would make sense to wait for the CFRG to weigh in on post-quantum crypto. Moving to a poorly studied post-quantum key exchange algorithm exclusively runs the risk that when it does receive wider scrutiny new attacks will be found. I think we need to define hybrid pre/post-quantum key exchange algorithms (e.g. ECC+Ring-LWE+HKDF), and that sounds like work better suited for the CFRG than the TLS WG. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
