dstebila
commented
1 year ago We have not implemented post-quantum algorithms in DTLS.
Closed fwh-dc closed 1 year ago
dstebila
commented
1 year ago We have not implemented post-quantum algorithms in DTLS.
fwh-dc
commented
1 year ago Hi @dstebila
Is it a big task? I might be interested in contributing if you believe the task is not too big.
Regards, Frederik
baentsch
commented
1 year ago Is it a big task? I might be interested in contributing if you believe the task is not too big.
IMO it is a substantial undertaking. Also, FWIW it would be a complete waste of effort as OpenSSL111 (and with it, oqs-openssl111) has reached its end of life. You may want to consider looking at OpenSSL3 instead; oqs-provider gives you PQ logic completely separated from OpenSSL's/DTLS'.
fwh-dc
commented
1 year ago Fair point. So what you are saying is that OpenSSL 3 together with the oqs provider supports quantum key exchanges for DTLS? Or would such a feature also have to be added there?
baentsch
commented
1 year ago Or would such a feature also have to be added there?
I'd guess this is the best description. I have not looked into it, but think some work is required. From what I heard (not tried, so take with a grain of salt), DTLS1.2 cannot be used as-is for PQC (and may not use the provider API) and DTLS1.3 (which may support PQC) isn't yet implemented. Clearly some further "digging" required.
Hi,
I get the following error when trying to use a hybrid key exchange for a DTLS handshake:
And now I am wondering if the quantum key exchange algorithms are unsupported when using DTLS? Or maybe the error is something else..
Regards, Frederik