Why does OpenSSL report google's certificate is "self-signed"?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Wed Mar 31 18:42:31 UTC 2021

You are right - there’s no urgency in PQ signatures. 

However, PQ KEM keys aren’t small. And, as I said, für austere links every unnecessary byte of crap hurts. 

Also, sending root certs seems (marginally) useful only when the recipient is a Web browser. And even then I  assume most of the IT people would want to block the ability of a “mere” user to add an “unblessed” trusted root. 


> On Mar 31, 2021, at 14:15, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
>> On Mar 31, 2021, at 2:01 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
>> For a Web GUI with the user at the console (e.g., a Web browser), it might be OK. 
>> For my needs (devices talking to each other over austere links), sending the root CA very is both useless and wasteful. One you factor in the sizes of Post-Quantum keys and signatures - you’ll start disliking this idea even more. 
> There's no urgency in post-quantum keys for CA signatures in TLS.  Their
> future weakness does not compromise today's traffic.  Until actual scalable
> QCs start cracking RSA and ECDSA in near real-time only the ephemeral key
> agreement algorithm needs to be PQ-resistant now to future-proof session
> confidentiality.
> So certificates can continue to use RSA and ECDSA for quite some time.
> -- 
>    Viktor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210331/7964b4f4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5819 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210331/7964b4f4/attachment-0001.bin>

More information about the openssl-users mailing list