Open rhardy613 opened 1 year ago
lilyanatia
commented
12 months ago The obvious next step was to figure out server support and do security scans. That last part appears to be missing at the moment.
you can use oqs-provider to add support for it to OpenSSL.
SagePtr
commented
1 month ago Please add, because X25519Kyber768Draft00 (0x6399) is widely supported in Chrome and Firefox
ghen2
commented
2 weeks ago At a minimum, the SSL Client Test should display key exchange group Unknown (0x6399) as X25519Kyber768Draft00, and already add support for the new standard ML-KEM based codepoints 0x11eb and 0x11ec as well (see IANA TLS supported groups), as Chrome and Firefox will soon switch to these instead.
(The test doesn't need actual PQC support to just "recognize" new key exchange and/or signature schemes)
nh-neteleven
commented
1 week ago https://test.openquantumsafe.org/ is a public test-page which can be used for the server-test.
Please add checks for quantum-resistant hybrid cryptography in browser and server scans. For many the Quantum encryption Apocalypse is like a big pink elephant no wants to admit exists. While many most are still under the impression this a distant future issue, it's already an active security issue now. We need to be doing what we can to allow movement to and detect support for NIST Post-Quantum Cryptography Standardization. Please reference pq.cloudflareresearch.com Google released first quantum-resilient FIDO2 key implementation and the more specifically relevant Protecting Chrome Traffic with Hybrid Kyber KEM . Both Chrome and Brave (and possibly other Chromium based browsers) support it. Firefox appears to be slowly moving towards implementation ETA unknown. The obvious next step was to figure out server support and do security scans. That last part appears to be missing at the moment.