Thanks Rich - this would address my review comments
Geoff > On 27 Feb 2025, at 2:05 am, Salz, Rich <rs...@akamai.com> wrote: > > I’ve been following the thread (mainly Geoff and EKR), and I think I have it > narrowed down to the following. > > Now the assertion in the draft that: "Cryptographically-relevant quantum > computers, once available, will have a huge impact on TLS traffic." is true, > for what its worth, but its reasonable to predict that this will not be the > case for the coming couple of years, or even the coming five years. see > https://www.potaroo.net/ispcol/2024-11/pqc-fig1.png taken from a NANOG 92 > presentation from October 2024. > > We “know” that harvest-now decrypt-later is happening. There are entities > capturing lots of traffic assuming they can decode it later and still get > benefit from that. This feeds into another quote from Geoff: > > So the two sentences in section 3 of this draft gloss over a larger set of > considerations. The first sentence is true, but without some associated > estimate of WHEN such cryopto-relevant quantum computers will tools will be > available its a very anodyne observation. Your own need to use PQC is based > on a) your estimate as to when such tools wil be available and b) how long > you want to maintain the integrity of privacy. > > So I propose this set of minor edits to Section 3: > Cryptographically-relevant quantum computers (CRQC), once available, will > have a huge impact on TLS traffic. To mitigate this, TLS applications will > need to migrate to post-quantum cryptography (PQC) [PQC > <file:///Users/rsalz/git/draft-use-tls13/draft-ietf-uta-require-tls13.html#PQC>]. > Detailed consideration of when any application requires PQC, or when a CRQC > is a threat they need to protect against, is beyond the scope of this > document. > > For TLS it is important to note that the focus of these efforts is TLS 1.3 or > later, and that TLS 1.2 will not be supported (see [TLS12FROZEN > <file:///Users/rsalz/git/draft-use-tls13/draft-ietf-uta-require-tls13.html#TLS12FROZEN>]). > This is one more reason for new protocols to default to TLS 1.3, where PQC > is actively being standardized, as this gives new applications the option to > use PQC. > > Which can be found at https://github.com/richsalz/draft-use-tls13/pull/5
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
