Hello Nico, > I don't believe that using Kerberos helps on the _entropy_ side as much > as on the PQ side.
Ah; I meant to (be terse and) say that it adds an independent source of entropy that leaves no traces in the TLS flow subject to, indeed, Quantum Computer cracking. > Now, the biggest problem with Kerberos is that with manually-keyed > cross-realm trusts doesn't scale to Internet scale. But there's a way > to fix that too: use PQ PK with PKINIT as a form of "PKCROSS", and now > Kerberos can function as a way of amortizing PQ PK costs. Indeed :- though I'd have mentioned KXOVER or Kerberos Realm Crossover, https://gitlab.com/arpa2/kxover This is founded on DNSSEC, DANE and TLS. Thanks, -Rick _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
