Let's Encrypt charts Merkle Tree Certificate path for post-quantum TLS
Let's Encrypt has announced its migration roadmap to Post-Quantum TLS Certificates, specifically using Merkle Tree Certificates (MTCs), to prevent larger ML-DSA signatures from breaking web connections. They aim for a production rollout of MTCs by 2027, with the approach already backed by Chrome and tested by Cloudflare and Google. This move addresses the significant size increase of ML-DSA signatures which could cause 5% of connections to fail due to middlebox incompatibilities.
Key Takeaways
- ML-DSA-44 signatures are approximately 2,420 bytes, versus 64 bytes for current ECDSA-P256 signatures, causing TLS handshake overhead to exceed 10 kilobytes.
- Cloudflare's testing showed 5% of connections failed with larger post-quantum key exchanges due to middlebox limitations; others slowed due to additional network round trips.
- MTCs batch post-quantum signatures across many certificates, reducing per-connection authentication data to a single post-quantum signature, a public key, and a compact Merkle inclusion proof.
- Certificate Transparency becomes an intrinsic property of MTC issuance rather than a separate logging step with additional signatures.
- Let's Encrypt aims for MTCs in a staging environment by late 2026 and production by 2027, requiring updates to its issuance infrastructure and the ACME protocol.
Why It Matters
The streaming industry, reliant on secure, low-latency content delivery, faces a critical transition to post-quantum cryptography. Naive integration of larger post-quantum TLS signatures risks significant connection failures and slower handshakes, directly impacting user experience and operational efficiency for video delivery. Let's Encrypt's MTC strategy, supported by Google and Cloudflare, offers a path to maintain current performance while enhancing security. Companies should monitor IETF PLANTS and ACME working group developments and ensure their hybrid post-quantum key exchange (X25519MLKEM768) is enabled on internet-facing servers against harvest-now-decrypt-later threats.
Read full article at techtimes.com