On Mon, Feb 9, 2026 at 12:16 PM Yaroslav Rosomakho <[email protected]> wrote:
> On Mon, Feb 9, 2026 at 3:44 PM Eric Rescorla <[email protected]> wrote: > >> Without taking a position on the merits of this idea generally, I would >> like to observe >> that it's not generally the case that people are individually deciding >> whether to trust >> non-PQ credentials or not. Rather, their software provider--in the Web >> case, the >> browser vendor--makes a global policy decision for their product. In some >> cases, >> users can of course change their configurations, but they generally don't. >> >> > I don't think trust or lack thereof is strictly binary. There is a history > of web browsers using various UI elements to inform the users about levels > of "security" of the website. > There is some history of this, but increasingly they don't do this for the TLS connection, for two reasons: 1. It's very difficult for users to make sense of these indicators. 2. Web security is at the level of the origin, so compromise of a single connection compromises the entire origin. I suppose browsers could refuse to connect with non-PQ algorithms and allow users to override it [0], but if you just give the user an indicator in the URL bar or the like, it's too late because the origin is already compromised. -Ekr [0] Although browsers increasingly are discouraging this kind of override.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
