From: Salz, Rich <[email protected]> Sent: Monday, March 23, 2026 2:31 PM To: Andrei Popov <[email protected]> Cc: [email protected] Subject: [TLS] Re: LS on the work item related to QKD and TLS integration framework in SG13
It can be as simple as The TLS working group feels that QKD is still too premature to be a secure solution to any problem. We note that other organizations also feel this way [refs to UKNCSC, NSA if needed]. We are unlikely to do any work in this area now. We suggest that you look at the QCRG, in our related organization the IRTF, which has active QKD discussions. WHAT???? QKD is a much more mature technology than PQC, dating back to 1984. (I used QKD in the 1990s). There are multiple vendors with significant sales – the market size exceeded $600M in 2025 with a CAGR of 30%. It also, unlike PQC algorithms, has a (physical) proof that if it succeeds then the information exchanged is indeed private. Sure, QKD can be expensive, may be limited in range, doesn’t presently do DSA, and (despite the proof) there are implementation and timing attacks, but saying that it is “premature” may be “simple”, but is certainly incorrect. Y(J)S This message is intended only for the designated recipient(s). It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
