This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-resolver-tf@ripe.net/
[dns-resolver-tf] Post-quantum crypto?
- Previous message (by thread): [dns-resolver-tf] Post-quantum crypto?
- Next message (by thread): [dns-resolver-tf] Two new PR for the recommendation document
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed Oct 25 09:18:15 CEST 2023
Marco, [ I missed this e-mail, sorry! ] On 11/10/2023 11.08, Marco Davids (SIDN) via dns-resolver-tf wrote: > > In our resolver testbed (https://dns4all.eu), we experimented a bit with > PQC algo's: > > https://www.sidnlabs.nl/en/news-and-blogs/adding-experimental-support-for-x25519kyber768-to-dns4all-eu > > And that made me wonder; would this be a topic to consider for the DNS > Resolver Best Common Practice document? I immediately thought of work improving the DNSSEC to be quantum resistant, so the issues around TLS were an interesting twist that I had not considered! I think in the case of TLS layers (DoT, DoH, and DoQ), I think we should not focus on quantum computing. There are lots of things that change in the cryptography world and everyone operating basically any service needs to keep their systems updated to deal with algorithm changes, key size changes, simple software bugs, new attacks developed by cryptographers, and so on. For sure quantum computing will be a new area to worry about, and slightly different from the other types of problems because we can see it coming, sort of (this used to be true for raw increases in computing power, but that has slowed, at least relative to our ability to increase key length). One aspect mentioned in the blog is protecting traffic from decryption where traffic is collected now and then saved for future decryption using improved methods (quantum computing in this case). This is the area that is probably the most unique about quantum computing, so maybe it merits discussion in our recommendations? I still kind of think it is slightly out of scope, but I am willing to be convinced. 😉 Cheers, -- Shane -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x3732979CF967B306.asc Type: application/pgp-keys Size: 11519 bytes Desc: OpenPGP public key URL: </ripe/mail/archives/dns-resolver-tf/attachments/20231025/b323d5d9/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/dns-resolver-tf/attachments/20231025/b323d5d9/attachment.sig>
- Previous message (by thread): [dns-resolver-tf] Post-quantum crypto?
- Next message (by thread): [dns-resolver-tf] Two new PR for the recommendation document
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]