[EXT] Re: Plans for post-quantum-secure signature algorithms for host and public key authentication?
Aaron Rainbolt
arraybolt3 at gmail.com
Sat Jul 12 09:13:55 AEST 2025
On Fri, 11 Jul 2025 22:58:41 +0000
"Blumenthal, Uri - 0553 - MITLL" <uri at ll.mit.edu> wrote:
> > There is a pretty significant community of users and developers
>
> > (oftentimes people involved with projects like Kicksecure, Whonix,
> > and
>
> > Qubes OS, all of which I either contribute to or am paid to work
> > on)
>
> > where "secure enough for the government" is not secure enough.
>
> Based on my personal expertise and experience, they are usually
> coming from ignorance, rather than true understanding of
> cryptographic (and other!) risks and tradeoffs.
*Some* of them, yes (I wouldn't venture to go as far as to say "many",
but definitely some). I firmly believe it is a dangerous generalization
to insinuate that all of them are ignorant though - people working for
organizations like Let's Encrypt, Freedom of the Press Foundation, the
EFF, and Mullvad have these kinds of extreme threat models and are
using software like Qubes for that reason. [1] Many of the people I
work with or around are cryptographers, pentesters, or developers of
critical software these organizations rely on.
Certainly there are people who think that every nation-state-level
threat actor in the world is after them for no particular reason, and
they may not even be all that rare, but their presence is no reason to
discount the value of implementing security measures that most people
would find unnecessarily strong.
[1] https://www.qubes-os.org/endorsements/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250711/3a7b8c74/attachment-0001.asc>
More information about the openssh-unix-dev
mailing list