> From: Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>
> Sent: Thursday, 1 April, 2021 10:09
> To: Michael Wojcik <michael.woj...@microfocus.com>; openssl-users@openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
> In general - I concur, but there are nuances: sending root CA cert is mostly
> harmless, but mostly useless - except when there's a human on the receiving
> end that can and is allowed to make a decision to accept and trust that CA
> cert.

Agreed. I tried to capture the summary of pros and cons in the document I'm 
writing for our customers.

> Re. PQC - even the "smallest" among them are much larger than what the
> Classic keys and signatures are. E.g., Falcon-1024 signature is 1330 bytes
> (or often less - say, 1200 bytes). Falcon-1024 public key is 1793 bytes.
> Compare to, e.g., ECC-384 sizes... NTRU public keys are "easier", but not by
> that much: 1230 bytes. Kyber public key is 1568 bytes. And I picked the
> *smallest* ones - those I'd consider using myself.
> There's also McEliece...

Yeah, if NIST standardizes on Classic McEliece for KEM, that's going to give us 
some *big* keys.

Certainly for resource-constrained applications, like embedded or high-volume, 
it makes sense to omit the root even with ECC. A few KB here and there will add 

Michael Wojcik

Reply via email to