Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. Today Letsencrypt announced their plans for PQC migration and, oh boy, it's refreshing!

Today Letsencrypt announced their plans for PQC migration and, oh boy, it's refreshing!

Scheduled Pinned Locked Moved Uncategorized
cryptographycryptosecurityquantumpqc
1 Posts 1 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • tomgag@infosec.exchangeT This user is from outside of this forum
    tomgag@infosec.exchangeT This user is from outside of this forum
    tomgag@infosec.exchange
    wrote last edited by
    #1

    Today Letsencrypt announced their plans for PQC migration and, oh boy, it's refreshing! TL;DR, Letsencrypt considers migration to quantum-resistant certificates a priority, and lays down a reasonable path to migrate. In so doing, they take the time to explain how, so far, the security community has been mainly focused on the problem of quantum-resistant secrecy (encryption) rather than authentication (signatures/certificates), and they explain why the sentiment is changing now, and why it is particularly relevant for Letsencrypt.

    Link Preview Image
    A Post-Quantum Future for Let's Encrypt

    Let’s Encrypt is committed to a post-quantum-safe Web PKI. The path we’re planning to take is Merkle Tree Certificates (“MTCs”), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. This post is about these plans and why we believe MTCs are worth pursuing as a key to a post-quantum future. An increasingly urgent problem For much of the last several years, the conversation about post-quantum cryptography has been a conversation about encryption. The reasoning was straightforward: an attacker who records encrypted traffic today might be able to decrypt it years from now once quantum computers can break the underlying math. Authentication, the part of TLS that indicates a server is who it says it is, has been a less urgent problem. A quantum computer needs to forge a signature in real time, not retroactively, so threats to authentication hinge on the existence of a cryptographically relevant quantum computer (CRQC).

    favicon

    (letsencrypt.org)

    Not wanting to be the "told you so" guy, I've been saying this for at least 2 years now:

    Link Preview Image
    Tommaso Gagliardoni's Homepage

    favicon

    (gagliardoni.net)

    This is not to say that Harvest-Now-Decrypt-Later is a less urgent threat, but it's not as asymmetric as people have been believing so far. Glad to see things are changing!

    #cryptography #crypto #security #quantum #pqc #postquantum #quantumsecurity #letsencrypt #ai

    1 Reply Last reply
    1
    0
    • R relay@relay.infosec.exchange shared this topic
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups