Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/sophieschmieg/statuses/114244188442222543">Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST</a><a href="https://infosec.exchange/@sophieschmieg" title="sophieschmieg@infosec.exchange"><img src="https://gnusocial.jp/avatar/41310-48-20241001225805.webp" width="48" height="48" alt="Sophie Schmieg" style="position: absolute; left: 0; top: 0;">Sophie Schmieg</a><div><a href="https://infosec.exchange/@sawaba/114243961564239502" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@sawaba">@sawaba</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> ugh, please don't. </p><p>Yes it's overhyped, and yes consultants give extremely cringe talks about it, but no, this is neither a purely theoretical threat that can be safely ignored, nor is it business as usual when it comes to upgrading. Unless of course you consider potentially having to rip out the entirety of WebPKI and replacing it with something different as business as usual.</p><p>You can see my talk about the practical challenge and the threat model here (about half way through) <a href="https://youtu.be/wsnHMvuxy5Q?si=yK6oObpptIQfyOs8" rel="nofollow">https://youtu.be/wsnHMvuxy5Q?si=yK6oObpptIQfyOs8</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4809477#notice-9426922">In conversation</a><time datetime="2025-03-29T23:35:39+09:00" title="Saturday, 29-Mar-2025 23:35:39 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@sophieschmieg/114244188442222543" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@sophieschmieg/114244188442222543">permalink</a><h4>Attachments</h4><ol><li><article><header><img height="128" width="128" src="https://gnusocial.jp/thumbnail/4383672?w=128&amp;h=128"><h5><a href="https://www.youtube.com/watch?si=yK6oObpptIQfyOs8&amp;v=wsnHMvuxy5Q&amp;feature=youtu.be">RWPQC 2024 Session 2: Making Signal Post Quantum and PQC Migration Updates Vol 1</a></h5><div> from <span>SandboxAQ</span></div></header><div>Want to learn more about  AI and quantum tech? Visit our Academy https://academy.sandboxaq.com/Want to get in touch? Write the Education team at  edu@sandbox...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JSTSophie Schmieg
in reply to
- Adrian Sanabria
- Kevin Beaumont
@sawaba @GossiTheDog ugh, please don't.
Yes it's overhyped, and yes consultants give extremely cringe talks about it, but no, this is neither a purely theoretical threat that can be safely ignored, nor is it business as usual when it comes to upgrading. Unless of course you consider potentially having to rip out the entirety of WebPKI and replacing it with something different as business as usual.
You can see my talk about the practical challenge and the threat model here (about half way through) https://youtu.be/wsnHMvuxy5Q?si=yK6oObpptIQfyOs8
In conversation2 months ago from infosec.exchangepermalink
Attachments
1. RWPQC 2024 Session 2: Making Signal Post Quantum and PQC Migration Updates Vol 1
  from SandboxAQ
  Want to learn more about AI and quantum tech? Visit our Academy https://academy.sandboxaq.com/Want to get in touch? Write the Education team at edu@sandbox...

Public

Embed Notice

HTML Code

Corresponding Notice