[ksk-rollover] Quantum Apocalypse
Michael StJohns
msj at nthpermutation.com
Thu Mar 28 09:58:12 UTC 2019
Retransmitting the points I made at the microphone at the IETF.
1) We don't have a quantum safe signature algorithm that we've selected
for DNSSEC and AFAICT, while there are a lot of candidates, even the
crypto folks aren't to the point of saying "use this" for any of the
candidate algorithms.
2) Once (1) is done, there's at least a few years to agree and produce
an RFC.
3) Once (2) is done, there's at least a 5 year uptake period to get the
new algorithm support into the resolvers. (And there's the self-same
problem that it's impossible for the root publisher to know whether or
not a resolver actually supports the new algorithm.
It may make sense to actually do a PERT style "what has to happen when
and before what" diagram to document the moving pieces and to help
figure out if there are any tasks we can complete early (e.g. figuring
out how to serve *really big signatures* even if we don't know what the
signature mechanism might be).
Mike
More information about the ksk-rollover
mailing list