Is it reasonable to expect all organizations to upgrade all this infrastructure in a few years to a Server OS that supports TLS 1.3 when the new pqc algorithms can just be added to TLS 1.2?
David Benjamin [1] and Eric Rescorla [2] have posted why they believe adding PQ to 1.2 is not as easy as you think it is, and still leaves significant security issues. If you want to change IETF consensus, this is probably the working group to start with. Another option is to find a TLS vendor (or multiple) and see if they’ll use the same codepoints and add PQ to their stack, or give an estimate of how hard it is. Then find vendors who will be willing to install such a bespoke TLS implementation. In other words, prove the experts quoted above that they’re wrong. [1] https://mailarchive.ietf.org/arch/msg/tls/rLe7XfUMgBGosD0SZtsk-Kdjc94/ [2] https://mailarchive.ietf.org/arch/msg/tls/UVTLEYl8RDknH3w5kP64GqSOiM0/
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
