Why does OpenSSL report google's certificate is "self-signed"?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Mar 31 18:42:31 UTC 2021
You are right - there’s no urgency in PQ signatures.
However, PQ KEM keys aren’t small. And, as I said, für austere links every unnecessary byte of crap hurts.
Also, sending root certs seems (marginally) useful only when the recipient is a Web browser. And even then I assume most of the IT people would want to block the ability of a “mere” user to add an “unblessed” trusted root.
Regards,
Uri
> On Mar 31, 2021, at 14:15, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>
>
>>
>> On Mar 31, 2021, at 2:01 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
>>
>> For a Web GUI with the user at the console (e.g., a Web browser), it might be OK.
>>
>> For my needs (devices talking to each other over austere links), sending the root CA very is both useless and wasteful. One you factor in the sizes of Post-Quantum keys and signatures - you’ll start disliking this idea even more.
>
> There's no urgency in post-quantum keys for CA signatures in TLS. Their
> future weakness does not compromise today's traffic. Until actual scalable
> QCs start cracking RSA and ECDSA in near real-time only the ephemeral key
> agreement algorithm needs to be PQ-resistant now to future-proof session
> confidentiality.
>
> So certificates can continue to use RSA and ECDSA for quite some time.
>
> --
> Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210331/7964b4f4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5819 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210331/7964b4f4/attachment-0001.bin>
More information about the openssl-users
mailing list