> 1. Form a WG opinion on whether we need to do simultaneous > PQ + T at all. > > 2. Assuming the answer to (1) is yes then try to pick one > approach for doing it.
That approach seems reasonable. Some more input to the "informal poll": Considering that hybrids will likely be mandatory in some (mostly european) countries (unless you want only hash-based signatures there, which I doubt), my opinion on 1. is "yes, we do.", and for resons outlined before, we should. Re question 2: I have a slight preference towards not touching the protocol (i.e. the integration of the PKI and signatures) itself. Composite signatures could be as easy as plugging in other certificates to a server and registering the code points with it, then "push down" all hybrid validation logic towards the crypto layers, which can be reused for other purposes. -- TBB _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
