Hi Viktor, I cannot respond for the working group of course, but as far as I can tell the community is committed to migrating TLS to a PQC world, and this draft addresses one potential problem (rollback attacks) with this migration.
Thanks, Yaron From: Viktor Dukhovni <[email protected]> Date: Wednesday, 4 February 2026 at 11:44 To: [email protected] <[email protected]> Subject: [TLS] Re: PQC Continuity draft (DANE chain déjà vu) On Mon, Feb 02, 2026 at 04:05:11PM +0000, Kampanakis, Panos wrote: > [1] https://datatracker.ietf.org/doc/draft-sheffer-tls-pqc-continuity/ The proposed "validity_period" component looks rather similar to what was proposed for the DANE chain extension some years back, which encountered fierce pushback from EKR and others and ultimately derailed that RFC. What's different this time? Why would it be OK for a server to commit to ongoing support for PQC certs when it wasn't OK for it to commit to ongoing support for DANE chains? -- Viktor. 🇺🇦 Слава Україні! _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
