When you say "PQC", you need to be more specific. Do you mean one of
"ML-DSA-65", "ML-DSA-44" or "ML-DSA-87"? Or something else?
Those are presently the only PQC signature algorithms supported at
OpenSSL TLS layer, requiring OpenSSL 3.5 or later.
ack.
i'm on openssl v3.5.4 here.
currently using: ML-DSA-87.
ML-DSA-65 seems the more common choice. or at least the good-enough choice.
internally, PQC is now used for local-only/internal self-signed ssl.
ML-KEM key exchange? ML-DSA TLS server/client public keys? Or both?
it's in flux. currently back to just key exchange
e.g. client ssh_config
Ciphers [email protected],[email protected]
KexAlgorithms mlkem768x25519-sha256,[email protected]
'talking to' server side sshd_config
Ciphers
[email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms mlkem768x25519-sha256,[email protected]
on an nginx instance
ssl_ecdh_curve X25519MLKEM768;
ssl_conf_command Groups
"X25519MLKEM768:X25519:prime256v1:secp384r1:secp521r1:x448";
ssl_conf_command Ciphersuites
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256;
openssl.cnf with
Groups = *X25519MLKEM768 / *X25519:X448 /
P-256:P-384:P-521:ffdhe2048:ffdhe3072
the KEX bits were mostly straightforward, and problem free.
i've managed to very efficiently shut down access to my resources with my 'PQC
enabled' certs a couple of times.
hence the reading ... first.
Why are you bringing up DNSSEC? I thought you wanted PQC signatures in TLS?
the 'early days' was a reference to myself ...
i'm just reading up on what/where PQC will play a part, and if/when.
both are discussed.
i _do_ use 3 1 1 here. certainly easier to manage.
i understand they're different topics.
what part does/can PQC yet play 'in' Postfix?
ML-KEM key exchange works out of the box. When compiled against a
sufficiently recent OpenSSL (3.5 or later),
Postfix 3.11 defaults to:
snip bits of interesting discussion/examples
, unless you publish an MTA-STS policy
i don't atm.
what about internal use between non-public-facing/internal pfx
instances?
Your choice.
+1
See above, with MTA-STS best to be careful, otherwise you should be
fine (provided DANE TLSA records are absent or also match any ML-DSA
cert).
certainly further along than i'd understood.
some actual try-it-and-see certainly sounds doable -- now.
thanks for the comments.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
