On Mon, Oct 20, 2025 at 7:32 AM Alicja Kario <[email protected]> wrote:
> > >> Basically, I think we should aim for a > >> situation > >> where all major TLS clients and libraries simply don't advertise > classical > >> crypto signatures as an option by default, in 10 years or so. > >> > > > > And so your preference is that in the intervening period, there's no way > > for servers to avoid exposure to CRQC-based attacks on authentication? > > that's client policy, what kind of attacks it is willing to be subject to > or > not... > In the version you propose, yes. The purpose of this kind of mechanism is to give the server some level of control. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
