Context
In the current implementation some MLS (mostly MLS related) encryption are vulnerable to quantum harvest now-decrypt later attacks:
- MLS key exchange uses ECDH with X25519 or P-256 encryption
- MLS signatures use ED25519 or ECDSA
- Asymmetric JWT auth uses RS256, ES256, ES384, EdDSA
Proposed Solution
MlsSettings should contain parameters to set used cryptographic algorithms, including PQC solutions.
Where no reliable are available yet, design a workaround (e.g. PQC enforced TLS with hybrid key-exchanges).
Context
In the current implementation some MLS (mostly MLS related) encryption are vulnerable to quantum harvest now-decrypt later attacks:
Proposed Solution
MlsSettings should contain parameters to set used cryptographic algorithms, including PQC solutions.
Where no reliable are available yet, design a workaround (e.g. PQC enforced TLS with hybrid key-exchanges).