On Mon, Mar 23, 2026 at 8:03 AM John Mattsson <[email protected]> wrote:
> I don’t think that is a good answer. > - I think a reply from TLS should include the technical analysis of their > use of the TLS protocol. That is why they are writing TLS WG. The only > reason of not saying that psk_ke for external PSKs is a very bad choice > would be to save the face of RFC 8446. > I don't think that this is correct. The primary reason that psk_ke is unwise for external keys is that we expect those keys to have a long lifespan. If those keys are changed regularly, then this can be a reasonable choice. In the limit, if you were to establish a new key via some secure method for each TLS connection, then you would have similar key lifetime properties to many existing TLS connections. - I think the Pentagon paper I linked to is a better reference that NSA and > GCHQ. Pentagon is a user, not a SIGINT. Also, the contact for the Pentagon > paper is Brita Hale, which most of us know. > - If we refer to QIRC is should be to point out that quantum communication > is pure research. > I do not think this is correct. There are a number of QKD deployments which appear to be in production, including: https://www.idquantique.com/quantum-safe-security/quantum-key-distribution/#:~:text=ID%20Quantique%20and%20Singtel%20are,Pozna%C5%84%20Supercomputing%20and%20Networking%20Center https://quantumxc.com/blogs-podcasts/quantum-communications-real-world-applications/#:~:text=Quantum%20Xchange%20is%20currently%20leading,distances%20that%20is%20provably%20secure . While I think this is a bad idea, that doesn't mean it's pure research. -Ekr > John > > *From: *Scott Fluhrer (sfluhrer) <[email protected]> > *Date: *Monday, 23 March 2026 at 15:55 > *To: *Eric Rescorla <[email protected]>, Salz, Rich <rsalz= > [email protected]> > *Cc: *Andrei Popov <[email protected]>, > [email protected] <[email protected]> > *Subject: *[TLS] Re: [EXTERNAL] Re: LS on the work item related to QKD > and TLS integration framework in SG13 > > Minor correction: it's the QIRG (Quantum Internet Research Group), not the > QCRG. > > ------------------------------ > *From:* Eric Rescorla <[email protected]> > *Sent:* Monday, March 23, 2026 9:50 AM > *To:* Salz, Rich <[email protected]> > *Cc:* Andrei Popov <[email protected]>; > [email protected] <[email protected]> > *Subject:* [TLS] Re: [EXTERNAL] Re: LS on the work item related to QKD > and TLS integration framework in SG13 > > If we must say something, I think it should be more along the lines > of this statement. > > Ekr > > > On Mon, Mar 23, 2026 at 5:32 AM Salz, Rich <rsalz= > [email protected]> wrote: > > > > - I agree with this. It makes sense to respond, in simple technical > terms. Not with judgement, not with assumption of ill intent by any > parties. Just plain technical advice. > > > Totally agree! > > It can be as simple as > The TLS working group feels that QKD is still too premature to be a secure > solution to any problem. We note that other organizations also feel this > way [refs to UKNCSC, NSA if needed]. We are unlikely to do any work in this > area now. We suggest that you look at the QCRG, in our related organization > the IRTF, which has active QKD discussions. > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
