On 2025-10-26 16:23:45 +0300 (+0300), Maksim Malchuk wrote: [...]
I'm trying to understand the urgency of the work Jean-Philippe is seeking for, and plan the infrastructure upgrade/support in the near future, not only Openstack code described in the wiki.
In my professional opinion, as well as that of the many long-time career cryptographers I interact with[*], "not very urgent." Actual usable quantum computers don't exist today, and when they'll exist depends on physicists making a number of unpredictable scientific breakthroughs. Separate from that, synthetic (emulated) quantum computers don't yet have any viable algorithms for factoring anything more than trivial prime products. Further, nobody knows what novel cryptanalitic attacks any real quantum computer will eventually enable. In short, designing a cryptographic defense against quantum computers is akin to designing an orbital defense against alien invaders. Anyone who claims to know *when* quantum computers will be more usable for cryptanalysis than conventional computers or *how* to thwart them is either selling something or has a working time machine. The market is flooded with PQC snakeoil vendors, so whenever you read their doomsday predictions just try to keep an open mind and don't get caught up in the panic-driven profiteering they're trying to create. There are real security threats *today* that we should be putting more effort into mitigating, which as a side effect can hopefully also make our software more robust against fictional (from the present perspective) quantum computers and space invaders.
If we are talking about infrastructure, are we waiting until 2029 when Ubuntu LTS versions will already have supported SSH versions with MLKEM ? If we are talking about the urgency of supporting MLKEM on current SSH versions, then we need to use backports. This means we need to add this now to the current deployment tools.
OpenSSH 10 is already in Ubuntu 25.10 (non-LTS), so should be included in Ubuntu 26.04 LTS which will be available for testing at the start of the OpenStack 2026.2 development cycle and therefore also a supported target platform for OpenStack 2027.1 (the next SLURP release). By 2029, any OpenStack releases not tested on platforms with OpenSSH 10 will be unmaintained/end of life even. But keep in mind that there are so-called PQC key exchange/agreement algorithms available back to OpenSSH 9.0[**] several years ago (available in the current Ubuntu 24.04 LTS). Don't get me wrong, I agree that we should be taking a close look at the highlighted parts of our codebase. If the quantum computing buzzword gives devs an excuse they can use to convince their managers to let them spend time on this, and makes operators more likely to keep their systems and software upgraded, then that's fine by me. Just don't buy into the industry scaremongering, and make sure to spend these precious resources in areas where they'll provide a tangible benefit whether or not quantum computing ever becomes viable. [*] https://www.metzdowd.com/pipermail/cryptography/2025-February/038625.html [**] https://www.openssh.com/pq.html -- Jeremy Stanley