| ▲ | jeroenhd 5 hours ago | |||||||
If any kind of proof about serious quantum computers comes to light, browsers can force most websites' hand by marking non-PQ ciphers as insecure. Maybe it'll require TLS 1.4/QUIC 2, with no changes but the cipher specifications, but it can happen in two or three years. Certificates themselves don't last longer than a year anyway. Corporations running ancient software that doesn't support PQ TLS will have the same configuration options to ignore the security warnings already present for TLS 1.0/plain HTTP connections. The biggest problem I can imagine is devices talking to the internet no longer receiving firmware updates. If the web host switches protocols, the old clients will start dying off en masses. | ||||||||
| ▲ | bwesterb 5 hours ago | parent | next [-] | |||||||
No need for a TLS 1.4. Leaf certificates don't last long, but root CAs do. An attacker can just mint new certs from a broken root key. Hopefully many devices can be upgraded to PQ security with a firmware update. Worse than not receiving updates, is receiving malicious firmware updates, which you can't really prevent without upgrading to something safe first. | ||||||||
| ▲ | PunchyHamster 3 hours ago | parent | prev [-] | |||||||
There is no reason to not support non quantum safe algorithms for foreseeable future in the first place | ||||||||
| ||||||||