> On Mar 31, 2021, at 2:42 PM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> 
> wrote:
> You are right - there’s no urgency in PQ signatures. 
> However, PQ KEM keys aren’t small. And, as I said, für austere links every 
> unnecessary byte of crap hurts. 
> Also, sending root certs seems (marginally) useful only when the recipient is 
> a Web browser. And even then I  assume most of the IT people would want to 
> block the ability of a “mere” user to add an “unblessed” trusted root. 

I am not trying to suggest that including the root CA in the server's
chain is a best practice.  I am sticking with mostly harmless.

And even with DANE, my recommendation is to use an intermediate CA
with the DANE-TA(2) records, and not rely on the root CA being part
of the transmitted chain.


Reply via email to