Calls to relax about the cryptographic threat of quantum computing seem to set aside one important practical fact: that the real-world duty life of some classes of gear is measured in decades.
PQC work understands how long it can for take equipment in the field to be rotated out. They're effectively trying to make 2055 less of a security s--t show.
@tychotithonus I think the iimportant difference of opinion is whatever or not quantum computers will ever be practical.
@ekg I definitely understand the perspective. But as a security professional, I have to balance the likelihood of a future event with A) the magnitude of its impact, and B) the cost of future mitigation, vs C) the controlled burn of mitigating it in advance.
Even if the chances of practical QC in 30 years are one in a thousand, we know that the stickiness of existing deployments, vs difficulty to upgrade (magnified by the proliferation both of IoT and the degree and volume of sensitive activities adding cloud dependencies, making interception risk pervasive).
The chaos of all of that suddenly being interceptable would make Heartbleed look like a Sunday afternoon nap.
And since the interdependence of everything is only growing, interoperability inertia ("we can't upgrade because our dependency/partner hasn't yet, or can't") would make an emergency transition just as catastrophic.
Even if PQC takes 100 years, better to start eliminating it now than accumulating technical debt around that interdependency.
@tychotithonus I am more worried that people lacking the skill will just give up. If people with marginal understanding believes that quantum computers will make the mitigation they now how to do irelevant; they might be demotivated to do what they can.
Of course that is an argument for education, but everyone can't be an expert.
@tychotithonus when it comes to security; one of the most important questions to answer is: "how will people react to this?". People is almost always the weakest link in any security chain, that is why locks that are too good is bad.
Some cars are difficult enough to steal that robberies has been on the rise. If they can't break the lock, they will break the person.
@ekg security I see practically zero equivalence between PQC transition and car theft or robbery. For starters, current cryptography is not (known to be) broken, so moving to another strong scheme is unlikely to cause any attacker to switch to rubber-hose cryptography. Even if they did, though, that's a very different, and more defensible, threat model than mass-decryption of all previously captured encrypted traffic.
I wasn't suggesting any connection, only emphasizing the importance of considering how technology interact with humans.
If you make security unnecessarily burdensome; some will forgo it all together.
@ekg It's a fair point. Moving too soon or too quickly has its own risks! You don't want to trip and fall when you're trying to get out of the burning building. 😅