Sorry, I need rephrase that, the attack doesn't rely on a CRQC could break a digital signature in live communication
-----Original Message----- From: Jun Hu (Nokia) Sent: Wednesday, July 30, 2025 11:08 AM To: Michael Richardson <[email protected]> Cc: Valery Smyslov <[email protected]>; 'Christopher Patton' <[email protected]>; 'Scott Fluhrer (sfluhrer)' <[email protected]>; 'ipsec' <[email protected]> Subject: RE: [IPsec] Re: draft-smyslov-ipsecme-ikev2-downgrade-prevention [HJ] sure, but my understanding is the attack we are discussing here doesn't rely on a CRQC Jun Hu \(Nokia\) <[email protected]> wrote: > So if A just passthrough Y's certificate payload to X in the IKE_AUTH > response A sent to X, how could A signs the AUTH payload without having > Y's private key that corresponds to Y's certificate? The CRQC was able to break the quantum-unsafe algorithm, turning a public key into a private key. (That's the point of the CRQC) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
