| This conversation reminds me of discussions around cryptographic hash functions: https://slideplayer.com/slide/12035043/69/images/28/Reaction... Google clearly considered it an important enough issue to spend considerable resources on trying to mitigate Spectre and in the end only gave up because they didn't find a feasible way to do so. They emphatically didn't conclude that it's fine because attacks are impractical. This attitude was learned the hard way though: about a decade ago the PoC or gtfo attitude was prevalent among browser makers and large tech companies. Theoretical vulnerabilities were dismissed if no immediate proof of concept was provided. What changed this was a bunch of security/cryptographical vulnerabilities. MD5 was known to be theoretically week for years and years, but when researchers minted their "can break every SSL/TLS connection" intermediate certificate to finally make browser vendors move on the issue, it was too late. You see with systemic issues, in cryptography or hardware, by the time you actually demonstrate a PoC, things are way too late: it takes years if not half a decade (as in MD5's case, or with older TLS versions) to deprecate insecure things, if you look at the timelines. So for issues in fundamental building blocks, it's more or less irrelevant if there is a working PoC today or not: if we don't move to fix the underlying issue and start acting on a roadmap to move away from insecure things, people _will_ come up with a working exploit that allows practical attacks. If mitigation is only attempted at that point then we're being left vulnerable for years to come. |
By that logic, all current crypto is already broken and we should only use quantum safe crypto.
You guys threat model for your personal computers are way beyond most of the planet, so I will concede and agree that you should not use browsers or run untrusted code until new CPU's are released. That is pretty much the only thing that will match your threat model.