Google has devised a means for securing HTTPS certificates against quantum computing attacks without massive performance hits stemming from the considerably longer size of data required to be included.

dbelson@mastodon.social

@dangoodin PQ folks on Cloudflare's research team are: https://www.linkedin.com/posts/baswesterbaan_chrome-shares-their-plans-for-post-quantum-activity-7433210578799816704-lRl5

Keeping the Internet fast and secure- introducing Merkle Tree Certificates

Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.

The Cloudflare Blog (blog.cloudflare.com)

systemadminihater@cyberplace.social

@dangoodin They are probably the same assholes that decided that TLS certificates will expire every 47 days.

dangoodin@infosec.exchange

@andrei_chiffa

Great question . . . and one I don't know the answer to.

shuasha@infosec.exchange

@dangoodin Yeah, but I'm a weirdo who goes to IETF meetings and cares about this stuff. You can watch the PLANTS meeting from Novermber's IETF meeting here: https://www.youtube.com/watch?v=wBR_MIFc08I

agwa@follow.agwa.name

@dangoodin Yes, closely. There's a lot of momentum and Mozilla and Apple are interested as well.

agwa@follow.agwa.name

@andrei_chiffa @dangoodin The QR asymmetric handshake protects against passive attackers decrypting sniffed traffic, but not against active attackers presenting a forged certificate in a man-in-the-middle attack. Merkle Tree Certificates protect against the latter threat.

sophieschmieg@infosec.exchange

@dangoodin yes.

sophieschmieg@infosec.exchange

@andrei_chiffa @dangoodin the issue is the size of the handshake itself. You have to run the entire handshake before you can transmit data. With PQC, what used to be a 32 to 256 byte public key or signature now each becomes 1 to 3.5 KB in size. This is acceptable for the key agreement parts, since we really only need one artifact per party there, but becomes way too expensive when talking about the certificate, i.e. a chain of public keys signed by keys further up.
Merkle Tree Certificates are a proposal that significantly compresses this certificate chain, at the cost of a more complicated trust management story.

shuasha@infosec.exchange

@sophieschmieg @andrei_chiffa @dangoodin Dan: The scale of the problem is spelled out pretty clearly in this presentation from the last IETF: https://youtu.be/wBR_MIFc08I?si=85y_tlGfEdREkFRd&t=1027

spacelifeform@infosec.exchange

@dangoodin

Smells.

#EEE

spacelifeform@infosec.exchange

@dangoodin

Who cares about the certs if you are behind a defacto MITM like Cloudflare?

spacelifeform@infosec.exchange

@dangoodin

This is Security Threatre.

tknarr@mstdn.social

@dangoodin My question is, how close are we to hardware that can do quantum attacks on encryption?

vandorb12@infosec.exchange

@dangoodin seeing the cryptography nerds do their thing, and all I see is word salad, dreading the day I have to learn anything about certificates and cryptography beyond a Cæsar cypher in school.

thibaultmol@en.osm.town

@tknarr @dangoodin don't forget how slow certain technology adoption rates are.
You only need one person to have the capabilities to use quantum computer for this meanwhile every website needs to update which will take a while

icing@chaos.social

@sophieschmieg @dangoodin @filippo 82 pages of RFC…hmmm…must be secure then!

i@toot.pouyan.net

@SpaceLifeForm@infosec.exchange Firefox never really forced CT logged, but with this proposal it seems to me that you now have to trust that a CA can properly maintain a log and also trust the cosigners at the same time.

@dangoodin@infosec.exchange