Bas Westerbaan

1.2K posts

Bas Westerbaan banner
Bas Westerbaan

Bas Westerbaan

@bwesterb

Post-quantum @cloudflare

Nijmegen Katılım Kasım 2006
165 Takip Edilen1.9K Takipçiler
Bas Westerbaan retweetledi
Cloudflare
Cloudflare@Cloudflare·
When a broken DNSSEC rollover took down the .AL top-level domain, we deployed a Negative Trust Anchor on 1.1.1.1 to keep sites reachable. Now, clients do not have to guess if validation was skipped: 1.1.1.1 returns EDE 33, a new error code signaling that validation was temporarily skipped. cfl.re/4hd8nXa
English
3
14
94
13.5K
Bas Westerbaan
Bas Westerbaan@bwesterb·
@FutureDies Of course: TLS was built with extensibility in mind. That's why we can add ML-DSA today.
English
0
0
2
39
Dariia Porechna 🇺🇦
@bwesterb Or we don't put all eggs in one basket and design systems that can support multiple schemes! (mostly concerns blockchains)
English
1
0
1
64
Bas Westerbaan
Bas Westerbaan@bwesterb·
@iamspi_ If people can agree on the hybrid, yes, but if people can’t agree I think it’s better to go with plain MLDSA so that we at least have quantum security.
English
1
1
4
353
Yuvi Lightman | Quantus
Yuvi Lightman | Quantus@YuviLightman·
Great writeup on the zoo of post-quantum crypto schemes. CloudFlare’s conclusion: don’t overthink it, just use ML-DSA. Quantus agrees. If you’re worried about lattice cryptanalysis advancing, choose a higher security level. That’s why quantus uses ML-DSA-87.
Bas Westerbaan@bwesterb

Why we cannot wait for better post-quantum signature algorithms: ML-DSA will have to do. But searching for better is still important! blog.cloudflare.com/ml-dsa-will-ha…

English
3
0
9
1.1K
Chajo
Chajo@thechajo·
@Cloudflare I gotta learn this post quantum stuff, it’s the future
English
1
0
1
20
Bas Westerbaan retweetledi
Cloudflare
Cloudflare@Cloudflare·
NIST is advancing nine new post-quantum signature algorithms as potential candidates for future standardization. We take a closer look at all of them, and argue that while they are in the works and show great potential, we should use ML-DSA for now. cfl.re/4h1fIJh
English
13
16
108
17.8K
nic carter
nic carter@nic_carter·
@bwesterb Would you kindly tell the Bitcoin developers this. They seem to think that there is much to be gained by waiting.
English
4
1
12
1.5K
Bas Westerbaan
Bas Westerbaan@bwesterb·
@gojimmypi @Cloudflare @hashbreaker I prefer hybrid, but it's useless if we can't agree on *which* hybrid. As it stands, despite my best attempts, there is no agreement on which hybrid to use in the WebPKI. Other ecosystems have done better: SSH converged on a hybrid which is great.
English
1
0
2
30
Bas Westerbaan retweetledi
Craig Gidney
Craig Gidney@CraigGidney·
The US is now requiring high value / high impact information systems to be quantum-secure by ~2031 instead of 2035: whitehouse.gov/presidential-a… IMO this is an improvement. Security shouldn't be contingent on progress in quantum computers being slow.
Craig Gidney tweet media
English
4
16
85
8.6K
Bas Westerbaan
Bas Westerbaan@bwesterb·
New US executive order signed pulling ahead deadline for PQC migration from 2035 to 2031. No text online yet, but will add once it's out.
English
4
8
41
11.9K
Bas Westerbaan
Bas Westerbaan@bwesterb·
Also CMVP is going to be revised "(i)  the term “Cryptographic Module Validation Program” has the same meaning as it has in FIPS 140-3, “Security Requirements for Cryptographic Modules,” or any successor policy"
English
0
0
1
237