The LS was sent to TLS WG and TLS WG only. ITU-T SG13 have designed a system based on RFC 8446 and are asking for comments.
That this is explicitly permitted by RFC 8446 is a major part of the problem, and exactly why the TLS WG has a responsibility to respond. RFC 8446 allows a mode that is dangerously weak in practice: it allows people not only to shoot themselves in the foot by using low-entropy PSKs (e.g., passwords), but also creates a clear path for compromise, including SIGINT actors marketing hardware that magically produces “unbreakable" PSKs. Cheers, John Preuß Mattsson From: Eric Rescorla <[email protected]> Date: Sunday, 22 March 2026 at 06:00 To: Salz, Rich <[email protected]> Cc: John Mattsson <[email protected]>, Arnaud Taddei <[email protected]>, [email protected] <[email protected]> Subject: Re: [TLS] Re: LS on the work item related to QKD and TLS integration framework in SG13 I'm not particularly a fan of QKD, but I don't really understand why we have to weigh in on this LS. From the perspective of TLS, the integration proposed here is just an external PSK, and the security of the system depends entirely on how that PSK is established. It's possible (likely?) that it will be insecure in the fashion John suggests, but this design also seems compatible with stronger modes of operation, e.g., establishing a fresh key with each connection. ISTM that the security of the overall system depends primarily on the strength of the QKD and the key management practices used with it, both of which are largely outside of the scope of this WG. -Ekr -Ekr On Sat, Mar 21, 2026 at 1:00 PM Salz, Rich <[email protected]<mailto:[email protected]>> wrote: * This thread is the only public discussion I am aware of. I believe your assistance in formulating a reply in a more neutral tone, while still very clearly conveying the key technical and security issues, would be appreciated. The IRTF has a quantum computing research group. A search at the email archives[1] shows nearly 400 messages with “qkd” in them. [1] https://mailarchive.ietf.org/arch/browse/qirg/?q=qkd _______________________________________________ TLS mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
