On Sun, 19 Oct 2025 at 01:43, Simo Sorce <[email protected]> wrote:
> On Sat, 2025-10-18 at 06:20 +0000, Wang Guilin wrote: > > The point is: Customers (and also professionals, like experts here) do > not exactly know when CRQC will be available. So, there is a long period up > to years for such uncertainty. For example, if this uncertain period is > 2030-2035, what customers should do in 2030 or 2031? > > The fact is that with signature as used in JOSE there is generally no > problem until a CRQC is available, and even then it needs to be fast > for it to be a problem for authentication schemes. So there is no need > to rush to deploy QC until the threat is imminent. > > My answer would be: wait a couple of years until you are confident your > PQ algorithm of choice is solid and then migrate to that. > While the availability of CRQCs may still be uncertain, large ecosystems cannot wait for clearer signs of when CRQCs will arrive. For enterprises, operators, and standards bodies such as 3GPP, the process of adopting new cryptographic mechanisms, from IETF standardization to 3GPP alignment, network vendor/CA implementation, HSM support, validation, and large-scale deployment typically spans many years. Beginning this work early within the IETF ensures that by the time the cryptographic urgency becomes real, the supporting standards, profiles, and operational experience are already mature and deployable. -Tiru > > Encryption is an entirely different thing, you need to move a lot > earlier because of "harvest now, decrypt later" therefore hybrid KEMs > are very important and should be deployed asap. > > Different threats require different answers and different timing. > > Simo. > > -- > Simo Sorce > Distinguished Engineer > RHEL Crypto Team > Red Hat, Inc > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
