On Thu, Oct 24, 2024 at 8:55 AM John Mattsson <john.matts...@ericsson.com> wrote:
> I have gotten the understanding, see e.g., [1-2], that the WebPKI might > wait for FN-DSA or wait even longer for something like MAYO, UOC, HAWK, and > SQISign. > >From a performance perspective MAYO looks really nice, but we'd be really pushing our luck on its security given its age. We must have a plan B. Using UOV for SCTs doesn't seem as risky, but that doesn't cut enough bytes. I would like us to consider more drastic directions to solve the post-quantum authentication problem, such as for instance https://datatracker.ietf.org/doc/draft-davidben-tls-merkle-tree-certs/ Best, Bas >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
