Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-93769

Drop non-PQ KEX from FUTURE policy

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • rhel-10.1
    • crypto-policies
    • None
    • crypto-policies-20251126-1.git918f03d.el10
    • No
    • Low
    • 1
    • rhel-security-crypto-spades
    • ssg_security
    • 15
    • 17
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25-11
    • Hide
      • only hybrid PQC key exchanges with ML-KEM-768 or ML-KEM-1024 are allowed in FUTURE [Sanity/retention]
      • gnutls, openssl and nss should be able to connect to themselves in FUTURE
      • openssl DTLS doesn't work in FUTURE
      • if cdn.redhat.com is still broken in FUTURE, document it
      Show
      only hybrid PQC key exchanges with ML-KEM-768 or ML-KEM-1024 are allowed in FUTURE [Sanity/retention] gnutls, openssl and nss should be able to connect to themselves in FUTURE openssl DTLS doesn't work in FUTURE if cdn.redhat.com is still broken in FUTURE, document it
    • Pass
    • None
    • Removed Functionality
    • Hide
      As cryptographic landscape is changing with the introduction of Post-Quantum Cryptography, the future connections will need to use PQC exclusively.

      The RHEL-10.1 FUTURE policy now will allow only hybrid ML-KEM key exchanges. This might significantly impact interoperability with the wider internet, including, but not limited to downloading updates from Red Hat, making FUTURE policy best suited for controlled, isolated deployments for the time being.

      Note: future versions of RHEL-10 may further restrict the allowed signature algorithms in certificates and signatures to exclusively post-quantum algorithms in the FUTURE policy.
      Show
      As cryptographic landscape is changing with the introduction of Post-Quantum Cryptography, the future connections will need to use PQC exclusively. The RHEL-10.1 FUTURE policy now will allow only hybrid ML-KEM key exchanges. This might significantly impact interoperability with the wider internet, including, but not limited to downloading updates from Red Hat, making FUTURE policy best suited for controlled, isolated deployments for the time being. Note: future versions of RHEL-10 may further restrict the allowed signature algorithms in certificates and signatures to exclusively post-quantum algorithms in the FUTURE policy.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The FUTURE policy should actually reflect the future default behaviour.
      Soon we will need to use post-quantum crypto for the key exchanges at the very least (for collect now decrypt later attacks), and the PQC signatures will need to follow soon.

      Please change the FUTURE policy so that only hybrid PQC key exchanges with ML-KEM-768 or ML-KEM-1024 are allowed (and combined with P-256, P-384, or X25519 curves).

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: