This draft seems to have very little to do with PQC. The mechanisms it describes apply equally well to any algorithm migration, such as moving from RSA‑1024 to RSA‑2048, from RSA to ECDSA, from ECDSA to ML‑DSA‑44, or from ML‑DSA‑44 to ML‑DSA‑65.
If you disagree with Panos that this topic is already solved, I suggest resubmitting the draft without positioning it as a PQC‑specific document. Instead, mention PQC only as one example among others. Cheers, John From: Yaron Sheffer <[email protected]> Date: Sunday, 1 February 2026 at 18:04 To: TLS WG <[email protected]> Subject: [TLS] PQC Continuity draft Hi, A few months ago, Tiru and I published a draft [1] whose goal is to minimize rollback attacks while the Internet is slowly migrating from classic to PQC (or composite) certificates. It seems that the TLS WG is now ready to turn its attention to PQ resistant signatures, and we would like to present the draft at the upcoming IETF-125. If anybody has had a chance to read the draft in the meantime, we would appreciate your feedback. People might also want to refer to the earlier discussion on this list [2]. Thanks, Yaron [1] https://datatracker.ietf.org/doc/draft-sheffer-tls-pqc-continuity/ [2] https://mailarchive.ietf.org/arch/msg/tls/qfmTs0dFq-79aJOkKysIP_3KhEI/
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
