On Wed, Jun 18, 2025, 3:19 PM Yaroslav Rosomakho <yrosomakho= [email protected]> wrote:
> Dear TLS WG, > > We have just submitted a new proposal, draft-yusef-tls-dual-certs-00, that > extends TLS 1.3 to support authentication using two certificate chains: one > using traditional algorithms and one using post-quantum (PQ) algorithms. > This approach, aimed at closed environments and staged post-quantum > migration, enables stronger session authentication by requiring both > signatures to validate. > > The proposal builds on existing TLS 1.3 mechanisms with minimal protocol > changes. It introduces a dual signature algorithm extension and defines how > dual certificate chains and signatures are structured, while preserving > compatibility with Exported Authenticators. > > This mechanism complements existing proposals such as composite > certificates (e.g., draft-reddy-tls-composite-mldsa), offering greater > deployment flexibility, especially for systems that require support for > independently validated classical and PQ credentials. It also helps with > phased migration strategies where TLS endpoints have to deal with a mix of > opinionated peers while limiting the need to create a zoo of PKI > hierarchies to satisfy classic, pure PQ as well as all possible > compositions of algorithms. > > We welcome your feedback and discussion on the proposal and the design > specifics. > Why is this needed given the existing signalling of client support for certificate signature algorithms? > Best Regards, > Hannes, Mike, Rifaat, Tiru, Yaron and Yaroslav > > > ---------- Forwarded message --------- > A new version of Internet-Draft draft-yusef-tls-pqt-dual-certs-00.txt has > been > successfully submitted by Yaroslav Rosomakho and posted to the > IETF repository. > > Name: draft-yusef-tls-pqt-dual-certs > Revision: 00 > Title: Post-Quantum Traditional (PQ/T) Hybrid Authentication with Dual > Certificates in TLS 1.3 > Date: 2025-06-18 > Group: Individual Submission > Pages: 27 > URL: > https://www.ietf.org/archive/id/draft-yusef-tls-pqt-dual-certs-00.txt > Status: https://datatracker.ietf.org/doc/draft-yusef-tls-pqt-dual-certs/ > HTML: > https://www.ietf.org/archive/id/draft-yusef-tls-pqt-dual-certs-00.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-yusef-tls-pqt-dual-certs > > > Abstract: > > This document extends the TLS 1.3 authentication mechanism to allow > the negotiation and use of two signature algorithms to enable dual- > algorithm hybrid authentication, ensuring that an attacker would need > to break both algorithms to compromise the session. The two > signature algorithms come from two independent certificates that > together produce a single Certificate and CertificateVerify message. > > > > The IETF Secretariat > > > > This communication (including any attachments) is intended for the sole > use of the intended recipient and may contain confidential, non-public, > and/or privileged material. Use, distribution, or reproduction of this > communication > by unintended recipients is not authorized. If you received this > communication in error, please immediately notify the sender and then delete > all copies of this communication from your system. > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
