A Post-Quantum Future for Let's Encrypt
- Security
- Infrastructure
- Cryptography
- Open Source
Let's Encrypt's post lays out a plan for surviving post-quantum cryptography's ugly practical problem: signatures like ML-DSA are much bigger than RSA or elliptic-curve signatures, so naively swapping them into the web PKI would bloat TLS handshakes. The proposed answer is Merkle Tree Certificates, where certificates live inside a published Merkle tree and clients validate them with a short inclusion proof plus a small amount of cached state called landmarks. That folds certificate transparency into issuance itself instead of bolting it on afterward, and in the common case it can make a post-quantum handshake smaller than today's certificate path.
If you run internet-facing infrastructure, assume post-quantum migration is no longer just a research topic. Start by checking whether your TLS stack, certificate tooling, embedded clients, and code-signing path can handle larger artifacts, out-of-band trust updates, and a multi-year transition rather than a simple cipher swap.
-
letsencrypt.org
- Discuss on HN