Thanks to everyone who responded. You've confirmed my impression:

- There doesn't appear to be any applicable standard which requires or forbids 
including the root, or even endorses or discourages it).

- It's harmless except for performance issues and possible low-severity flags 
from analyses like Qualys's. (I wouldn't be surprised to have a customer raise 
this -- many of our customers run various scanning tools -- but for the 
products I work with, customers configure certificate chains anyway, so it's 
not a product issue.)

- Performance issues are likely negligible in many cases, where servers aren't 
dealing with huge workloads, but it's worth remembering that eventually people 
will be deploying PQC and most of the NIST finalists involve significantly 
larger keys or signatures. (They don't *all* have much larger keys/signatures; 
Falcon has a small combined public key and signature, if memory serves.)

Michael Wojcik

Reply via email to