[ksk-rollover] Quantum Apocalypse

Michael StJohns msj at nthpermutation.com
Thu Mar 28 09:58:12 UTC 2019

Retransmitting the points I made at the microphone at the IETF.

1) We don't have a quantum safe signature algorithm that we've selected 
for DNSSEC and AFAICT, while there are a lot of candidates, even the 
crypto folks aren't to the point of saying "use this" for any of the 
candidate algorithms.

2) Once (1) is done, there's at least a few years to agree and produce 
an RFC.

3) Once (2) is done, there's at least a 5 year uptake period to get the 
new algorithm support into the resolvers.   (And there's the self-same 
problem that it's impossible for the root publisher to know whether or 
not a resolver actually supports the new algorithm.

It may make sense to actually do a PERT style "what has to happen when 
and before what" diagram to document the moving pieces and to help 
figure out if there are any tasks we can complete early (e.g. figuring 
out how to serve *really big signatures* even if we don't know what the 
signature mechanism might be).


More information about the ksk-rollover mailing list