Aaron Rainbolt
2025-Jul-11 22:53 UTC
[EXT] Re: Plans for post-quantum-secure signature algorithms for host and public key authentication?
On Fri, 11 Jul 2025 22:31:18 +0000 "Blumenthal, Uri - 0553 - MITLL" <uri at ll.mit.edu> wrote:> ?While SLH-DSA may be more secure than ML-DSA, performance and > signature size would make it prohibitive for dynamic authentication > for many use cases. > > As to how much security you need ? for the vast majority of users > ML-DSA is plenty secure ?enough?. To the point that US and German > governments (probably, among others ? I didn?t bother to check) > decided to bet their security on it.There is a pretty significant community of users and developers (oftentimes people involved with projects like Kicksecure, Whonix, and Qubes OS, all of which I either contribute to or am paid to work on) where "secure enough for the government" is not secure enough. Many of those people work in situations where paranoid-level security mesures are warranted, and for those people I feel having SLH-DSA would be reasonable. Performance isn't a high priority in a lot of these situations. -- Aaron -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250711/9da333c9/attachment-0001.asc>
Blumenthal, Uri - 0553 - MITLL
2025-Jul-11 22:58 UTC
[EXT] Re: Plans for post-quantum-secure signature algorithms for host and public key authentication?
?> There is a pretty significant community of users and developers> (oftentimes people involved with projects like Kicksecure, Whonix, and> Qubes OS, all of which I either contribute to or am paid to work on)> where "secure enough for the government" is not secure enough.Based on my personal expertise and experience, they are usually coming from ignorance, rather than true understanding of cryptographic (and other!) risks and tradeoffs. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 7920 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250711/39027df8/attachment.bin>