On Sat, Mar 21, 2026 at 09:22:56AM +0000, John Mattsson wrote:
> Viktor Dukhovni wrote:
> >or some other less inflammatory formulation.
>
> It is a sad world if a straightforward fact is considered
> inflammatory. SIGINT agencies have sold "unbreakable" hardware in the
> past and will do so again.
> https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
It isn't the SIGINT agencies I am trying to shield here from being
offended. Rather, I think those being sold the QKD snake-oil might
take offense at the original text. Just overcoming the misleading
marketing should be the focus, regardless of who may or may not be
behind it.
> People building, standardizing, and using QKD seem to have little to
> no knowledge of cryptography and security. The ITU-T Y.QKD-TL system
> would allow a dishonest QKD hardware manufacturer not only to
> passively eavesdrop on all communication, but also to impersonate
> endpoints and inject traffic. I think the IETF has a moral
> responsibility to inform ITU-T about these risks.
I'd replace "moral" with "professional". And yes, it is correct to fend
off (especially stand-alone) QKD, and even as an additional input one
can make a solid case that it is rarely if ever worth the cost, if one
really wants to bust the myth.
Bottom line, something that is less of knee-jerk reaction would I think
be more effective.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
