On Wed, Aug 06, 2025 at 04:03:02PM +0000, Salz, Rich wrote:
> > If they do it on public facing HTTPs servers, accessed by a wide
> > variety of clients (not just browsers that don't enable support for
> > those algorithms) they should expect disappoitment
>
> Will they? Or won’t it be like RSA/ECDSA server certs?
Per Dmitry's original post, the issue is that with a "pure PQ" chain,
where even the issuer certs all the way to the trust anchor are (e.g.)
ML-DSA, it isn't like the RSA/ECDSA situation, because the PQ root CA
is (for now) unlikely to be in a "typical" client's trust store.
Of course, if the chain is anchored at an extant "classical" root, then
there's no issue, but also no meaningful security gain from the PQ cert,
beyond "gaining experience" as noted by ekr.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
