Correct. E.g., MSFT CA is planning to issue composite certs, for other-than-TLS uses, and will issue them for TLS as well (mostly for private PKI usage), if TLS registers code points to negotiate them. It's a bit of a chicken-and-egg situation: no reason for CA's to issue composite TLS certs when there is no way to use them in TLS deployments.
From: Salz, Rich <[email protected]> Sent: Thursday, June 25, 2026 1:42 PM To: Scott Fluhrer (sfluhrer) <[email protected]>; Stephen Farrell <[email protected]>; Eric Rescorla <[email protected]>; <[email protected]> <[email protected]> Subject: [EXTERNAL] [TLS] Re: Upleveling on PQ + T signatures for TLS An advantage of composite certs is that only minimal TLS changes are needed. Of course, that's only an advantage if composite certs will be generally available. Maybe we can ask some CA's their opinion?
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
