On Wed, Aug 06, 2025 at 03:50:25PM +0000, Salz, Rich wrote:
> *
> So PQ certs are primarily for in-house
> *
> > garden deployment
>
> I disagree. We’re seeing customers in the financial industry planning on
> deploying ML-DSA certs in the six to 12 month timeframe.
If they do it on public facing HTTPs servers, accessed by a wide variety
of clients (not just browsers that don't enable support for those
algorithms) they should expect disappoitment, since the problem reported
by Dmitry will maniest for a non-trivial fraction of the clients that
are PQ-algorithm-capable, but don't have PQ TAs in their trust stores.
I sure hope this issue has been considered as part of their deployment
plans.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
