In general - I concur, but there are nuances: sending root CA cert is mostly 
harmless, but mostly useless - except when there's a human on the receiving end 
that can and is allowed to make a decision to accept and trust that CA cert.

Re. PQC - even the "smallest" among them are much larger than what the Classic 
keys and signatures are. E.g., Falcon-1024 signature is 1330 bytes (or often 
less - say, 1200 bytes). Falcon-1024 public key is 1793 bytes. Compare to, 
e.g., ECC-384 sizes... NTRU public keys are "easier", but not by that much: 
1230 bytes. Kyber public key is 1568 bytes. And I picked the *smallest* ones - 
those I'd consider using myself.  

There's also McEliece... __
--
Regards,
Uri
 
There are two ways to design a system. One is to make is so simple there are 
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                
                                                     -  C. A. R. Hoare
 

´╗┐On 4/1/21, 10:23, "openssl-users on behalf of Michael Wojcik" 
<openssl-users-boun...@openssl.org on behalf of michael.woj...@microfocus.com> 
wrote:

    Thanks to everyone who responded. You've confirmed my impression:

    - There doesn't appear to be any applicable standard which requires or 
forbids including the root, or even endorses or discourages it).

    - It's harmless except for performance issues and possible low-severity 
flags from analyses like Qualys's. (I wouldn't be surprised to have a customer 
raise this -- many of our customers run various scanning tools -- but for the 
products I work with, customers configure certificate chains anyway, so it's 
not a product issue.)

    - Performance issues are likely negligible in many cases, where servers 
aren't dealing with huge workloads, but it's worth remembering that eventually 
people will be deploying PQC and most of the NIST finalists involve 
significantly larger keys or signatures. (They don't *all* have much larger 
keys/signatures; Falcon has a small combined public key and signature, if 
memory serves.)

    --
    Michael Wojcik

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to