Joseph Salowey <[email protected]> wrote:
> This is a working group adoption call for
> draft-westerbaan-tls-keyshare-recommendations-02 that we noted in [1]. The
> purpose of this draft is solely to mark X25519MLKEM768 as recommended "Y"
> in the registry.
I'm having trouble parsing this text:
"A future cryptographically relevant quantum computer
(CRQC) {{RFC9794}} can decrypt TLS handshakes recorded
today that do not use post-quantum algorithms for
their key shares: algorithms designed to be resistant
against quantum attack. "
There seems to be missing a sentence fragment after
the colon.
Is it intended to be s "...for their 'key shares:
algorithms' designed to be..." ?
Seems awkward phrasing. Perhaps
"...may be able to decrypt TLS handshakes recorded
today that do not use post-quantum key exchange
algorithms designed to be resistant against quantum
attacks."
Although the "resistant against..." seems to me to be
implied in any "post-quantum algorithm".
(I also favor "CRQCs _may be able to_" rather than
_can_, since they don't yet exist.)
This sentence is also awkward, IMO:
"a TLS connection that negotiated a non-post quantum
key share can be recorded decrypted in the future."
The phrasing "can be recorded decrypted" seems odd.
Perhaps
"can be recorded to be decrypted in the future."
Another quibble:
"allows for an active quantum attack that achieves
MITM,"
"achieving MITM" doesn't seem quite accurate. What's
accomplished is a quantum attack to decrypt the data
in transit, which, to me, anyway, is different from
posing successfully as a MitM and is more of a
successful eavesdrop. Mallory has powers Eve does
not, but a kex compromise only yields eavesdropping
capability, no?
Too pedantic?
-Jan
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
