Hi Arnaud, This thread is the only public discussion I am aware of. I believe your assistance in formulating a reply in a more neutral tone, while still very clearly conveying the key technical and security issues, would be appreciated.
The incoming LS from ITU-T to TLS WG can be found here https://datatracker.ietf.org/liaison/2141/ An example of a recent Reply LS can be found here. Outgoing LSs from the IETF are just a block of ASCII text. https://datatracker.ietf.org/liaison/2098/ Cheers, John Preuß Mattsson From: Arnaud Taddei <[email protected]> Date: Saturday, 21 March 2026 at 22:42 To: [email protected] <[email protected]> Subject: [TLS] Re: LS on the work item related to QKD and TLS integration framework in SG13 BTW it would help me to know where is the baseline text of the LS/o from IETF to SG13 on this one Just that I can start from somewhere Best Regards > On 21 Mar 2026, at 12:55, Viktor Dukhovni <[email protected]> wrote: > > On Sat, Mar 21, 2026 at 09:22:56AM +0000, John Mattsson wrote: >> Viktor Dukhovni wrote: >>> or some other less inflammatory formulation. >> >> It is a sad world if a straightforward fact is considered >> inflammatory. SIGINT agencies have sold "unbreakable" hardware in the >> past and will do so again. >> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.washingtonpost.com%2Fgraphics%2F2020%2Fworld%2Fnational-security%2Fcia-crypto-encryption-machines-espionage%2F%26source%3Dgmail-imap%26ust%3D1774698940000000%26usg%3DAOvVaw1kRGXjq_srDA24DHOvIGU7&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Cedc4c1f3523843150da608de87581c39%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C639097009655034398%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=KFt8WTZyUAppDsGtdAi4Ao%2BWv60wPDCHwFWIaHABrCM%3D&reserved=0<https://www.google.com/url?q=https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/&source=gmail-imap&ust=1774698940000000&usg=AOvVaw1kRGXjq_srDA24DHOvIGU7> > > It isn't the SIGINT agencies I am trying to shield here from being > offended. Rather, I think those being sold the QKD snake-oil might > take offense at the original text. Just overcoming the misleading > marketing should be the focus, regardless of who may or may not be > behind it. > >> People building, standardizing, and using QKD seem to have little to >> no knowledge of cryptography and security. The ITU-T Y.QKD-TL system >> would allow a dishonest QKD hardware manufacturer not only to >> passively eavesdrop on all communication, but also to impersonate >> endpoints and inject traffic. I think the IETF has a moral >> responsibility to inform ITU-T about these risks. > > I'd replace "moral" with "professional". And yes, it is correct to fend > off (especially stand-alone) QKD, and even as an additional input one > can make a solid case that it is rarely if ever worth the cost, if one > really wants to bust the myth. > > Bottom line, something that is less of knee-jerk reaction would I think > be more effective. > > -- > Viktor. 🇺🇦 Слава Україні! > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
