On Tue, Feb 25, 2020 at 08:32:48AM +0100, Rick van Rein wrote: > We have prepared the following draft, and request feedback on it. The > main points are > > * Introduction of (anonymous) Kerberos tickets as added entropy to mix > with ECDH, and thereby provide Quantum Relief; it generalises this idea > to allow for other ways of adding entropy
I don't believe that using Kerberos helps on the _entropy_ side as much as on the PQ side. Specifically, Needham-Schroeder is PQ provided you're using a PQ cipher, which AES-256 essentially is. Kerberos being based on Needhamr-Shcroeder... Now, the biggest problem with Kerberos is that with manually-keyed cross-realm trusts doesn't scale to Internet scale. But there's a way to fix that too: use PQ PK with PKINIT as a form of "PKCROSS", and now Kerberos can function as a way of amortizing PQ PK costs. > * Introduction of Kerberos Tickets for Certificate and > CertificateVerify messages Kerberos tickets and AP-REQs could be used as session resumption tickets. That only works for TLS 1.3, but I'm OK with that. Nico -- _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
