[Cryptography] Post Quantum Crypto
Viktor Dukhovni
cryptography at dukhovni.org
Thu Nov 12 04:51:01 EST 2015
On Thu, Nov 12, 2015 at 09:45:57AM +0100, Philipp Gühring wrote:
> So I started to think about how we can do a large-scale migration of the
> SSL universe.
>
> I believed that handling 2 different certificates will be too complex
> (errorprone) and therefore too costly for the users.
On the other hand, this works now, with existing code, and certificates
(at least DV) are free. While a hybrid certificate would require
new CA software, new PKIX extensions, new TLS standards and a new
SSL/TLS software stack. And what happens when NTRU is found wanting,
a certificate with 3 public keys (always rotated concurrently)?
Support for multiple certificates is considerably simpler to deploy.
> And for commercial CAs you would have to buy 2 certificates instead of one...
0 + 0 = 0
> And then we would have to have twice as many root certificates, ... and
> most root certificate list vendors already have limits on the number of
> root certificates per certificate authority (3 if I remember correctly).
There is no such limit.
For a while, we'll likely end up with fewer roots, that would
be a feature, not a bug.
> It´s already hard for users to generate 1 keypair, get a certificate for
> it, install the certificate correctly, asking them to do that twice will
> make it less likely for them to succeed.
I would assume that for web services LE would help automate
provisioning both algorithms. It should also be noted that
your 5 year estimate for scalable QC is rather more aggressive
than expert consensus.
--
Viktor.
More information about the cryptography
mailing list