I’m surprised to see that there isn’t much (isn’t any?) discussion of the AuthKEM draft.
It seems pretty obvious that with the advent of PQ algorithms, the sheer sizes
of signatures and public keys would make {cDm}TLS existing authentication and
key exchange impractical in bandwidth-constrained environments, especially when
higher security-level algorithms (like, what’s demanded by CNSA-2.0) are
required.
Thus, implicit authentication (think – MQV, Hugo Krawczyk’s HMQV, etc.) seems
to be a-must for making the PQ impact on bandwidth somewhat manageable.
I would like this WG to resurrect the AuthKEM draft.
I can’t be in Yokohama, and am not fanatical enough to spend nights on XMPP or
such. But hopefully, we can discuss AuthKEM approach here on the list.
Thank you!
--
V/R,
Uri Blumenthal Voice: (781) 981-1638
Secure Resilient Systems and Technologies Cell: (339) 223-5363
MIT Lincoln Laboratory
244 Wood Street, Lexington, MA 02420-9108
Web: https://www.ll.mit.edu/biographies/uri-blumenthal
Root CA: https://www.ll.mit.edu/llrca2.pem
There are two ways to design a system. One is to make it so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
