On Wed, Jun 18, 2025 at 5:00 PM Yaroslav Rosomakho <[email protected]> wrote: > > Because it won’t require running a zoo of PKIs. Ideally just two - classic > and pure PQ with eventual convergence on the latter.
Why is it impossible to have a classical and pure PQ PKI, and then have clients signal support for which to show, to enable transition? This is what we already have, and already has worked. > > -yaroslav > > On 19 Jun 2025, at 01:51, Blumenthal, Uri - 0553 - MITLL <[email protected]> > wrote: > > And you want a composite signature in TLS - why? > — > Regards, > Uri > > Secure Resilient Systems and Technologies > MIT Lincoln Laboratory > > On Jun 18, 2025, at 19:48, Yaroslav Rosomakho <[email protected]> wrote: > > > On Thu, Jun 19, 2025 at 1: 33 AM Watson Ladd <watsonbladd@ gmail. com> wrote: > On Wed, Jun 18, 2025, 4: 30 PM Yaroslav Rosomakho <yrosomakho@ zscaler. com> > wrote: One of the key use cases is to simplify PKI architectures for closed > environments > ZjQcmQRYFpfptBannerStart > This Message Is From an External Sender > This message came from outside the Laboratory. > > ZjQcmQRYFpfptBannerEnd > On Thu, Jun 19, 2025 at 1:33 AM Watson Ladd <[email protected]> wrote: >> >> On Wed, Jun 18, 2025, 4:30 PM Yaroslav Rosomakho <[email protected]> >> wrote: >>> >>> One of the key use cases is to simplify PKI architectures for closed >>> environments that will have to deal with a mix of clients. >>> >>> Transition from RSA to ECDSA required two end-entity certificates and did >>> not have to touch the rest of the certificate chain. >> >> >> Why does this draft make that simpler? >> >> It envisions two separate chains. Same as with using the existing >> negotiating mechanisms. >> > > With a composite certificate approach two separate chains are sufficient only > if one serves classic-only clients and composite-only clients that are > compatible with a given choice of composites. PQ-only clients or clients with > other opinions about components of PQ/T will require an additional chain for > every variation. > > > -yaroslav > > > This communication (including any attachments) is intended for the sole use > of the intended recipient and may contain confidential, non-public, and/or > privileged material. Use, distribution, or reproduction of this communication > by unintended recipients is not authorized. If you received this > communication in error, please immediately notify the sender and then delete > all copies of this communication from your system. > > > > This communication (including any attachments) is intended for the sole use > of the intended recipient and may contain confidential, non-public, and/or > privileged material. Use, distribution, or reproduction of this communication > by unintended recipients is not authorized. If you received this > communication in error, please immediately notify the sender and then delete > all copies of this communication from your system. -- Astra mortemque praestare gradatim _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
