On Friday, 15 November 2024 18:33:27 CET, Stephen Farrell wrote:
Hiya,

On 15/11/2024 17:12, John Mattsson wrote:
WebPKI might want to wait but the many infrastructure use cases of
TLS, DTLS, and QUIC need to migrate very soon. US government new
requirement is that pure RSASSA, ECDSA, and EdDSA are forbidden from
after 2035. European countries have similar recommendations/
requirements.

Other than regulatory issues, what technical reasons are there
justifying a "need to migrate very soon"? I don't think we need
to answer that now, but it's something that needs to be considered
when developing guidance as to when these additional new algs might
best be ignored or deployed.

Deploying support in clients takes years, so even if we don't end up
using ML-DSA right away, having clients shipped that are compatible
with servers that do use ML-DSA is beneficial.

The big issue is that we don't know when we will _need_ PQC authentication,
so we want something that at least has a fighting chance against CRQC,
and this is it. Even if WebPKI ends up not using it.

--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to