> And thinking about the decade+ WebPKI SHA-1 to SHA-2 transition, I do not > think the main factor was long approval timelines, need to do rigorous > analysis, or need for rigorous discussion.
So, the WebPKI SHA-1 to SHA-2 transition was a tiny little corner of the SHA-1 to SHA-2 transition. It happened embarrassingly slowly and late, but was otherwise pretty much a non-event, as WebPKI transitions are not that hard. Compared to other PKIs, at least. There's a fairly limited number of certificate consumers, and they update their software reasonably rapidly for the most part. As I'm sure you're aware, most of the problems with the SHA-2 WebPKI transition were due to mixing the WebPKI with other ecosystems, like banking and payments, which do indeed have the characteristics I noted. Now, the good news is that many of those ecosystems have learned from that experience, and have absolutely no desire to repeat it. Various groups have various efforts going on in this area, and are actively discussing their own plans, and looking to IETF for guidance, as they will NOT be waiting for the WebPKI and they will NOT be following the WebPKI's lead this time. And sorry for the vagueness, many of these private ecosystem discussions are not public and I have to be a little careful about what I say. Here's one of them, though, that was created as a direct result of the SHA-2 transition problems: https://x9.org/x9f-public-key-infrastructure-pki-study-group/ Over the next 6-12 months we'll probably see lots of announcements from various ecosystems, regions, stakeholders, verticals, etc as to what their draft PQC transition plans are. And most of those groups are following the discussions here very closely. Focusing most of our discussions on the WebPKI and its needs is part of what causes other PKIs to become entangled with the WebPKI. We constantly need to remind ourselves that there's also a world outside of the WebPKI, and it needs TLS, too. And this is from someone who is himself very heavily involved in the WebPKI. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
