IETF list is seeing some action.
Daniel J. Bernstein (of curve25519 fame) has lodged a complaint about the transparency of their process:
https://cr.yp.to/2025/20251006-transparency.pdf
Following an earlier complaint which he filed about their rejection of so-called "hybrid encryption" (combining post-quantum encryption with classical encryption so that it is conjectured to be safe against quantum computers, but also it uses classical encryption so it is clearly no less safe than plain classical algorithms. It is implied that the NSA could have a hand in resisting hybrid encryption because it would (self-evidently) be quite a bit more secure than an unproven "post-quantum" algo.
https://cr.yp.to/2025/20250812-non-hybrid.pdf
A funny thing about encryption is that there isn't really a way to *prove* it's secure, you believe it's secure when after 10 or 20 years, no mathematicians have found any tricks to break it...
So I think Bernstein's position, at least in favor of hybrid encryption, is a fair one. I would upgrade SSL to use some fancy schmancy quantum computer resistant encryption algorithm IF it was also going to encrypt with regular old encryption at the same time.
Regarding the complaint about the complaint, no idea who is in the wrong here, but I can easily imagine the IETF acting like a cabal ¯\_(ツ)_/¯
Daniel J. Bernstein (of curve25519 fame) has lodged a complaint about the transparency of their process:
https://cr.yp.to/2025/20251006-transparency.pdf
Following an earlier complaint which he filed about their rejection of so-called "hybrid encryption" (combining post-quantum encryption with classical encryption so that it is conjectured to be safe against quantum computers, but also it uses classical encryption so it is clearly no less safe than plain classical algorithms. It is implied that the NSA could have a hand in resisting hybrid encryption because it would (self-evidently) be quite a bit more secure than an unproven "post-quantum" algo.
https://cr.yp.to/2025/20250812-non-hybrid.pdf
A funny thing about encryption is that there isn't really a way to *prove* it's secure, you believe it's secure when after 10 or 20 years, no mathematicians have found any tricks to break it...
So I think Bernstein's position, at least in favor of hybrid encryption, is a fair one. I would upgrade SSL to use some fancy schmancy quantum computer resistant encryption algorithm IF it was also going to encrypt with regular old encryption at the same time.
Regarding the complaint about the complaint, no idea who is in the wrong here, but I can easily imagine the IETF acting like a cabal ¯\_(ツ)_/¯
@cjd My understanding was the good old RSA was secure against quantum with sufficient key size. I.e. a 4096 bit key requires a 4096 qbit quantum computer to solve. 4095 qbits does not "mostly" solve it.
Big keys are helpful, but there are also algorithms which are conjectured to be entirely safe against quantum computers. But it'll take a few decades before we find out if they're safe at all...
@cjd @customdesigned We don't even know if "quantum" computing is possible.
There are some "quantum gadgets" like that factor the number 15, but we don't know if it's possible at a meaningful scale.
That's why bolting on an additional algo to your existing one makes sense, it's a little extra computation for future proofing...
But switching to a potentially insecure algo makes no sense at all...
That's why bolting on an additional algo to your existing one makes sense, it's a little extra computation for future proofing...
But switching to a potentially insecure algo makes no sense at all...
This is not an unreasonable perspective, but it opens a can of worms with no bottom. How can we know that they don't have ... anything?
How can we know they don't read your mind, or have microphones in your walls, etc...
But we might as well take this the opposite direction... Why would the NSA publicly admit that quantum computers are even theoretically possible? Why not keep the entire field of research classified?
So while seeing-is-believing might be a "bad policy", the only other option is to believe in things you can't see - which is a worse policy.
How can we know they don't read your mind, or have microphones in your walls, etc...
But we might as well take this the opposite direction... Why would the NSA publicly admit that quantum computers are even theoretically possible? Why not keep the entire field of research classified?
So while seeing-is-believing might be a "bad policy", the only other option is to believe in things you can't see - which is a worse policy.
