Why does OpenSSL report google's certificate is "self-signed"?

[Michael Wojcik]

> From: Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu>
> Sent: Thursday, 1 April, 2021 10:09
> To: Michael Wojcik <Michael.Wojcik at microfocus.com>; openssl-users at openssl.org
> Subject: Re: Why does OpenSSL report google's certificate is "self-signed"?
>
> In general - I concur, but there are nuances: sending root CA cert is mostly
> harmless, but mostly useless - except when there's a human on the receiving
> end that can and is allowed to make a decision to accept and trust that CA
> cert.

Agreed. I tried to capture the summary of pros and cons in the document I'm writing for our customers.

> Re. PQC - even the "smallest" among them are much larger than what the
> Classic keys and signatures are. E.g., Falcon-1024 signature is 1330 bytes
> (or often less - say, 1200 bytes). Falcon-1024 public key is 1793 bytes.
> Compare to, e.g., ECC-384 sizes... NTRU public keys are "easier", but not by
> that much: 1230 bytes. Kyber public key is 1568 bytes. And I picked the
> *smallest* ones - those I'd consider using myself.
>
> There's also McEliece...

Yeah, if NIST standardizes on Classic McEliece for KEM, that's going to give us some *big* keys.

Certainly for resource-constrained applications, like embedded or high-volume, it makes sense to omit the root even with ECC. A few KB here and there will add up.

--
Michael Wojcik