I'm not particularly a fan of QKD, but I don't really understand why we have to weigh in on this LS.
>From the perspective of TLS, the integration proposed here is just an external PSK, and the security of the system depends entirely on how that PSK is established. It's possible (likely?) that it will be insecure in the fashion John suggests, but this design also seems compatible with stronger modes of operation, e.g., establishing a fresh key with each connection. ISTM that the security of the overall system depends primarily on the strength of the QKD and the key management practices used with it, both of which are largely outside of the scope of this WG. -Ekr -Ekr On Sat, Mar 21, 2026 at 1:00 PM Salz, Rich <rsalz= [email protected]> wrote: > > > - This thread is the only public discussion I am aware of. I believe > your assistance in formulating a reply in a more neutral tone, while still > very clearly conveying the key technical and security issues, would be > appreciated. > > > The IRTF has a quantum computing research group. A search at the email > archives[1] shows nearly 400 messages with “qkd” in them. > > [1] https://mailarchive.ietf.org/arch/browse/qirg/?q=qkd > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
