open-quantum-safe / oqs-provider

OpenSSL 3 provider containing post-quantum algorithms
https://openquantumsafe.org
MIT License
229 stars 88 forks source link

Reliability #483

Open baentsch opened 2 months ago

baentsch commented 2 months ago

oqsprovider (and suitably limited liboqs configs) may be (are?) being used in settings considered "productive" despite a documented (standard) warning against this. Discussions as to how to reduce the risk of this have been started elsewhere (e.g., https://github.com/open-quantum-safe/tsc/issues/1 and https://github.com/PQCA/TAC/issues/44) but don't seem to garner much interest or concrete resolution proposals (or are even labelled only "enhancement").

Thus, this issue is to define a set of concrete features that this project should possess to be considered "reliable for everyday use" and sufficiently reducing the risks to its users deploying it -- and the risk to the code owners' reputation of having done the code.

Let me start by stating the obvious:

Further line items welcome (even if only adding already open issues).

baentsch commented 1 month ago

Here's a nice "operational" test checklist of an OQS alternative that may be worth while following.