> 1. Form a WG opinion on whether we need to do simultaneous  
>    PQ + T at all.
> 
> 2. Assuming the answer to (1) is yes then try to pick one  
>    approach for doing it.

That approach seems reasonable. Some more input to the "informal poll":

Considering that hybrids will likely be mandatory in some (mostly european) 
countries (unless you want only hash-based signatures there, which I doubt), my 
opinion on 1. is "yes, we do.", and for resons outlined before, we should.

Re question 2:
I have a slight preference towards not touching the protocol (i.e. the 
integration of the PKI and signatures) itself.
Composite signatures could be as easy as plugging in other certificates to a 
server and registering the code points with it, then "push down" all hybrid 
validation logic towards the crypto layers, which can be reused for other 
purposes.

-- TBB
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to