IETF Logo Mail Archive

Re: [Pqc] Mapping the state of PQC and IETF - ssh

Alexandre Petrescu <alexandre.petrescu@gmail.com> Fri, 10 March 2023 13:47 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708E5C17B359 for <pqc@ietfa.amsl.com>; Fri, 10 Mar 2023 05:47:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.632
X-Spam-Level:
X-Spam-Status: No, score=-1.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MkLAEpwW0DCk for <pqc@ietfa.amsl.com>; Fri, 10 Mar 2023 05:46:58 -0800 (PST)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DBE1C14F749 for <pqc@ietf.org>; Fri, 10 Mar 2023 05:46:57 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 32ADkt2i034318 for <pqc@ietf.org>; Fri, 10 Mar 2023 14:46:55 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 80BBA205C1A for <pqc@ietf.org>; Fri, 10 Mar 2023 14:46:55 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 76304205841 for <pqc@ietf.org>; Fri, 10 Mar 2023 14:46:55 +0100 (CET)
Received: from [10.8.32.70] (is156570.intra.cea.fr [10.8.32.70]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 32ADktsS019574 for <pqc@ietf.org>; Fri, 10 Mar 2023 14:46:55 +0100
Message-ID: <b086d1fb-c8a6-80df-320e-cd92e7ec2602@gmail.com>
Date: Fri, 10 Mar 2023 14:46:55 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0
Content-Language: fr
To: pqc@ietf.org
References: <20230303112532.1126239.qmail@cr.yp.to>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
In-Reply-To: <20230303112532.1126239.qmail@cr.yp.to>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/vnTwb0oqJPD8cWePRmIPhD_TnAM>
Subject: Re: [Pqc] Mapping the state of PQC and IETF - ssh
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 13:47:03 -0000


Le 03/03/2023 à 12:25, D. J. Bernstein a écrit :
[...]
> my recommendation is to proceed with immediate post-quantum
> deployment, obviously using open-source software!

But how about openssh saying "WE DO NOT RECOMMEND RELYING ON THIS FORK
IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA"? at
https://github.com/open-quantum-safe/openssl

Is that capitalized warning something like BSD's capitalized 'NO
WARRANTY' that one is used to?  Or is it more than that?

I am more and more facing oppinions saying that it [risks of not using
stronger crypto like NIST's or ssh's] is not a real problem, for reason
X and Y, where X and Y are that quantum computers are for later, quantum
networking is a just theory, quantum crypto is at risk more than
existing crypto facing traditional but increasingly more powerful
computers, that nobody broke 3DES anyways, that novel quantum-resistant
crypto algos are falling apart one after another, that lengthening the
keys of existing algos is sufficient for more robustness, that the RSA
conference said this or that, etc.

To me, I rather think that _everything_ is at risk until migration to
quantum-resistance is performed.  That includes quirky things like https
to more mundane concepts like simply SIM cards or simply ecommerce or
bank transactions or health record data management - everything.

It's like something that has started and can no longer be stopped.  The
migration, transition, that is.

I dont want to scare anyone, it is just an intermediary step.  It is not
my kind to be FUD or paranoid.

I am not really an expert on the crypto matters anyways.

Alex

v2.23.0 | Report a Bug | By Email