BTW it would help me to know where is the baseline text of the LS/o from IETF to SG13 on this one
Just that I can start from somewhere Best Regards > On 21 Mar 2026, at 12:55, Viktor Dukhovni <[email protected]> wrote: > > On Sat, Mar 21, 2026 at 09:22:56AM +0000, John Mattsson wrote: >> Viktor Dukhovni wrote: >>> or some other less inflammatory formulation. >> >> It is a sad world if a straightforward fact is considered >> inflammatory. SIGINT agencies have sold "unbreakable" hardware in the >> past and will do so again. >> https://www.google.com/url?q=https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/&source=gmail-imap&ust=1774698940000000&usg=AOvVaw1kRGXjq_srDA24DHOvIGU7 > > It isn't the SIGINT agencies I am trying to shield here from being > offended. Rather, I think those being sold the QKD snake-oil might > take offense at the original text. Just overcoming the misleading > marketing should be the focus, regardless of who may or may not be > behind it. > >> People building, standardizing, and using QKD seem to have little to >> no knowledge of cryptography and security. The ITU-T Y.QKD-TL system >> would allow a dishonest QKD hardware manufacturer not only to >> passively eavesdrop on all communication, but also to impersonate >> endpoints and inject traffic. I think the IETF has a moral >> responsibility to inform ITU-T about these risks. > > I'd replace "moral" with "professional". And yes, it is correct to fend > off (especially stand-alone) QKD, and even as an additional input one > can make a solid case that it is rarely if ever worth the cost, if one > really wants to bust the myth. > > Bottom line, something that is less of knee-jerk reaction would I think > be more effective. > > -- > Viktor. 🇺🇦 Слава Україні! > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
