[Secdispatch] Some Experiments: TLS, PQ and Key Exchanges

"Dr. Pala" <madwolf@openca.org> Tue, 19 November 2019 03:55 UTC

Return-Path: <madwolf@openca.org>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8E494120013 for <secdispatch@ietfa.amsl.com>; Mon, 18 Nov 2019 19:55:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.137
X-Spam-Level: ****
X-Spam-Status: No, score=4.137 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id WaRezv__-a8C for <secdispatch@ietfa.amsl.com>; Mon, 18 Nov 2019 19:55:40 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4A59A12004C for <secdispatch@ietf.org>; Mon, 18 Nov 2019 19:55:40 -0800 (PST)
Received: from localhost (unknown []) by mail.katezarealty.com (Postfix) with ESMTP id 2167137413B5 for <secdispatch@ietf.org>; Tue, 19 Nov 2019 03:55:40 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([]) by localhost (mail.katezarealty.com []) (amavisd-new, port 10024) with LMTP id 4lO2Rb9mybc3 for <secdispatch@ietf.org>; Mon, 18 Nov 2019 22:55:39 -0500 (EST)
Received: from Maxs-MacBook-Pro-2.local (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id A9B293740808 for <secdispatch@ietf.org>; Mon, 18 Nov 2019 22:55:38 -0500 (EST)
To: secdispatch@ietf.org
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <de8f76fd-244a-8cd8-659e-36544a3df2bd@openca.org>
Date: Tue, 19 Nov 2019 11:55:36 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------B9D1E7E849BD0B28353ABFBA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/xrsG1u9xYybzHI08m4z7X0oUTMg>
Subject: [Secdispatch] Some Experiments: TLS, PQ and Key Exchanges
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 03:55:45 -0000

Hi SecDispatch,

I just wanted to share with you some interesting results for "large" 
keys vs. computational intense algos and TLS that was recently published 
in two different blog posts - one from Amazon and one from Cloudflare:

  * https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/
  * https://blog.cloudflare.com/the-tls-post-quantum-experiment/

definitely worth reading :D Maybe the situation for TLS and large keys 
in certificates might not be as bad of an issue as initially thought... 
:) ... ???

Does anybody has any comment ?


Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo